Esprit09

Il y a peut-être un moyen de le récupérer ?

Le deuxième rapport il a supprimé quelques virus (5 ou 6 il me semble) mais j'ai fermé la fenêtre sans faire exprès :S (le pop des alertes persiste toujours)

Rapport de ZHPFix 1.12.3251 par Nicolas Coolman, Update du 07/02/2011 Fichier d'export Registre : Run by Pascal at 2/11/2011 9:14:00 PM Windows 7 Home Premium Edition, 64-bit (Build 7600) Web site : ZHPFix Fix de rapport Contact : nicolascoolman@yahoo.fr ========== Processus mémoire ========== C:\Users\Pascal\Desktop\Keygen Photoshop CS5 Extended.exe => Supprimé et mis en quarantaine ========== Clé(s) du Registre ========== O23 - Service: (McAfee SiteAdvisor Service) - Clé orpheline => Clé supprimée avec succès O23 - Service: (nvsvc) - Clé orpheline => Clé supprimée avec succès O23 - Service: (UNS) - Clé orpheline => Clé supprimée avec succès ========== Valeur(s) du Registre ========== O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe => Valeur supprimée avec succès O4 - HKLM\..\Run: [iAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe => Valeur supprimée avec succès O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe => Valeur supprimée avec succès O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe => Valeur supprimée avec succès O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe => Valeur supprimée avec succès O4 - HKCU\..\Run: [RGSC] . (.Take-Two Interactive Software, Inc. - RGSCLauncher.) -- C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [backupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [NortonOnlineBackupReminder] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [ArcadeDeluxeAgent] . (.CyberLink Corp. - Acer Arcade Deluxe Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [PlayMovie] . (.Acer Corp. - Acer Arcade Deluxe PlayMovie Resident Progr.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [switchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe => Valeur supprimée avec succès O4 - HKUS\S-1-5-21-421051368-675785460-3348532563-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe => Valeur absente O4 - HKUS\S-1-5-21-421051368-675785460-3348532563-1001\..\Run: [RGSC] . (.Take-Two Interactive Software, Inc. - RGSCLauncher.) -- C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe => Valeur absente FirewallRaz : Aucune valeur présente dans la clé de registre "Standard Profile" FirewallRaz : Aucune valeur présente dans la clé de registre "Domain Profile" FirewallRaz (Domain) : FPS-SpoolSvc-In-TCP-NoScope => Valeur supprimée avec succès FirewallRaz (Public) : FPS-SpoolSvc-In-TCP => Valeur supprimée avec succès FirewallRaz (Domain) : CoreNet-GP-LSASS-Out-TCP => Valeur supprimée avec succès FirewallRaz (Domain) : RemoteSvcAdmin-In-TCP-NoScope => Valeur supprimée avec succès FirewallRaz (Public) : RemoteSvcAdmin-In-TCP => Valeur supprimée avec succès FirewallRaz (Domain) : NetPres-In-TCP-NoScope => Valeur supprimée avec succès FirewallRaz (Domain) : NetPres-Out-TCP-NoScope => Valeur supprimée avec succès FirewallRaz (None) : NetPres-WSD-In-UDP => Valeur supprimée avec succès FirewallRaz (None) : NetPres-WSD-Out-UDP => Valeur supprimée avec succès FirewallRaz (Public) : NetPres-In-TCP => Valeur supprimée avec succès FirewallRaz (Public) : NetPres-Out-TCP => Valeur supprimée avec succès FirewallRaz (Public) : {04DA41C2-B8F3-4E87-9FF8-A3356482E836} => Valeur supprimée avec succès FirewallRaz (Public) : {5BAE5F40-20CD-4ECA-AFEE-DDD796160181} => Valeur supprimée avec succès FirewallRaz (Private) : {B5489BF0-78C8-4E71-8FDB-B364E552F6B8} => Valeur supprimée avec succès FirewallRaz (None) : {6A9F7322-6810-4E8D-988D-9C4A2BC3FDCF} => Valeur supprimée avec succès FirewallRaz (Private) : {31B8CEF7-1744-479E-ABA7-9A2D95CC47BC} => Valeur supprimée avec succès FirewallRaz (Private) : {0CD7DA0C-D6DC-4082-8971-50E682DD19EB} => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{68B0B600-E6AF-4DEF-9E8A-966B8F57A976}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{00860C45-FDE2-4245-8E50-FB4EDC306893}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{A305C086-380F-4265-80CD-20ECAE3003B1}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{67B55013-ABC2-4F5D-B704-DC2746229A4E}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{87C44E55-F6FB-41A7-9F03-E34AB4A214AA}C:\program files (x86)\dawn of war 2\dow2.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{DF6D29E2-641E-4599-B424-17252D22B6A2}C:\program files (x86)\dawn of war 2\dow2.exe => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{C981708A-C7EB-4148-8408-95547BD8EFD2}C:\gpotato.eu\street gears\streetgear.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{DD7A8ACB-F9B8-4B22-86AD-A035CBB5A7F8}C:\gpotato.eu\street gears\streetgear.exe => Valeur supprimée avec succès FirewallRaz (Private) : {4DD0F8AA-9416-4BEE-AD13-ED263E6DA84B} => Valeur supprimée avec succès FirewallRaz (Private) : {5D56BA92-6629-4551-9982-D8E3D4B86C17} => Valeur supprimée avec succès FirewallRaz (Private) : {E3B51A00-5B06-4205-8F72-83F3A88BB3D2} => Valeur supprimée avec succès FirewallRaz (Private) : {D06C042F-0B20-4599-89C8-D65B8C02E052} => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{FA4E52E3-3F37-447E-96EE-59B81E783823}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{E08BDDDE-FCBE-4966-AB45-6EC2EC04C3CE}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe => Valeur supprimée avec succès FirewallRaz (Public) : TCP Query User{AD20A7DD-836D-439A-86F1-F8B80DAB762B}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe => Valeur supprimée avec succès FirewallRaz (Public) : UDP Query User{FBE4400C-53FE-4D4D-A96B-2029FF64D5C4}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe => Valeur supprimée avec succès FirewallRaz (Private) : {56C20688-5394-4D14-B04F-03090D505B6A} => Valeur supprimée avec succès FirewallRaz (Private) : {6B02D238-D82A-4A27-BEB2-8FEB5FDDAFED} => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{0EB03683-E8DB-4823-8C96-62FF2CA82EA8}C:\program files (x86)\secondlifeviewer2\slvoice.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{89197624-D9DA-4C35-9911-0E79F139AF13}C:\program files (x86)\secondlifeviewer2\slvoice.exe => Valeur supprimée avec succès FirewallRaz (Private) : {3090DDA9-AB77-4F4A-BD38-E5591493838C} => Valeur supprimée avec succès FirewallRaz (Private) : {53B4F386-078E-4F42-9551-66E2D169775F} => Valeur supprimée avec succès FirewallRaz (Private) : {B0B16726-901E-40AC-B468-A688A02DC6DB} => Valeur supprimée avec succès FirewallRaz (Private) : {FB0141AC-8CDE-4869-9C11-8422F016B035} => Valeur supprimée avec succès FirewallRaz (Domain) : {74B9DB02-3CD9-4E27-B99C-4D90124236F6} => Valeur supprimée avec succès FirewallRaz (Domain) : {0594504F-30EE-4AAE-9E3B-B4CA7359FC33} => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{034F9CDB-760E-4113-97B2-9498CF7E5295}C:\gamescampus\driftcity\driftcity.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{970E412F-F804-4C72-A881-E9463A72A615}C:\gamescampus\driftcity\driftcity.exe => Valeur supprimée avec succès ========== Préférences navigateur ========== O69 - SBI: prefs.js [Pascal - j5kkcknm.default] user_pref("CT2438727.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1"); => Valeur supprimée avec succès O69 - SBI: prefs.js [Pascal - j5kkcknm.default] user_pref("CT2438727.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q="); => Valeur supprimée avec succès ========== Dossier(s) ========== Dossiers Flash Cookies supprimés : 5 ========== Fichier(s) ========== Fichiers Flash Cookies supprimés : 3 ========== Autre ========== EgisUpdate.exe => Format Non supporté ========== Récapitulatif ========== 1 : Processus mémoire 3 : Clé(s) du Registre 65 : Valeur(s) du Registre 1 : Dossier(s) 1 : Fichier(s) 2 : Préférences navigateur 1 : Autre End of the scan

Je ne trouve pas le bouton "H" :s

http://www.cijoint.fr/cj201102/cijqKxcYuX.txt Voilà tu avais donc raison. Merci encore du temps que tu me donne.

Merci bien Premier fichier OTL.log http://www.cijoint.fr/cj201102/cijZ9mNxsC.txt Deuxième : Cependant pour le ZHPDIAG il se bloque à 82% (j'ai bien lancé en administrateur)

OTL logfile created on: 2/11/2011 6:15:40 PM - Run OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE 64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86) Drive C: | 100.00 Mb Total Space | 74.36 Mb Free Space | 74.36% Space Free | Partition Type: NTFS Drive I: | 457.95 Gb Total Space | 278.01 Gb Free Space | 60.71% Space Free | Partition Type: NTFS Drive J: | 458.46 Gb Total Space | 431.80 Gb Free Space | 94.19% Space Free | Partition Type: NTFS Drive K: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive L: | 1.90 Gb Total Space | 0.47 Gb Free Space | 24.65% Space Free | Partition Type: FAT Drive X: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/08/13 07:46:22 | 000,342,016 | ---- | M] (CybelSoft) [On_Demand] -- I:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice) SRV:64bit: - [2009/08/06 16:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand] -- I:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- I:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2011/02/06 05:57:41 | 000,948,775 | ---- | M] (Crawler.com) [Auto] -- I:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv) SRV - [2010/12/16 18:58:18 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- I:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/12/06 02:47:54 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/12/06 02:47:41 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/10/15 18:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/07/09 09:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010/05/03 17:21:00 | 003,604,720 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- I:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 06:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () [Auto] -- I:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2009/09/23 07:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- I:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand] -- I:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- I:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009/08/12 18:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- I:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/12/06 02:48:06 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System] -- I:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010/12/06 02:48:06 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto] -- I:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010/09/28 09:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/08/26 23:23:22 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- I:\Windows\System32\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/07/07 05:26:46 | 000,050,696 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto] -- I:\Windows\System32\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2010/05/01 07:05:04 | 000,015,872 | ---- | M] (CybelSoft) [Kernel | On_Demand] -- I:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64) DRV:64bit: - [2009/10/29 03:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- I:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/09/23 04:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\e1k62x64.sys -- (e1kexpress) Intel® DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/08/06 16:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- I:\Windows\System32\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/06/19 17:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- I:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- I:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- I:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- I:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009/01/09 10:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2008/05/20 12:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009/11/12 21:30:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/17 04:33:32] [Kernel | Auto] -- I:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2004/12/30 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- I:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&m=aspire_m7811&r=17360710n506pe4g5v1k5w4531u978 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Pascal_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&m=aspire_m7811&r=17360710n506pe4g5v1k5w4531u978 IE - HKU\Pascal_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Pascal_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.ch/" FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=fr&q=" [2010/07/30 06:45:50 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Extensions [2011/02/10 11:48:45 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions [2011/01/18 14:14:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/12 12:07:34 | 000,000,000 | ---D | M] (Zynga Toolbar) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010/12/26 19:22:47 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010/10/23 12:45:52 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files (x86)\Mozilla Firefox\extensions [2010/07/30 15:55:37 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- I:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\PASCAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J5KKCKNM.DEFAULT\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2010/10/29 15:19:05 | 000,001,516 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml [2010/10/29 15:19:05 | 000,001,822 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/10/29 15:19:05 | 000,000,757 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml [2010/10/29 15:19:05 | 000,001,426 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/10/29 15:19:05 | 000,000,956 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2010/12/27 16:10:53 | 000,428,403 | R--- | M]) - I:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14747 more lines... O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\Pascal_ON_I\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\Pascal_ON_I\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] I:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [iAAnotif] I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] I:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] I:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5ServiceManager] I:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] I:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] I:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [backupManagerTray] I:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] I:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] I:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] I:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NortonOnlineBackupReminder] I:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] I:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [spywareTerminator] I:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [switchBoard] I:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\.DEFAULT..\Run: [spywareTerminatorUpdate] I:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKU\Pascal_ON_I..\Run: [RGSC] I:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKU\Pascal_ON_I..\Run: [spybotSD TeaTimer] I:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\Pascal_ON_I..\Run: [spywareTerminatorUpdate] I:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKU\Pascal_ON_I..\Run: [swg] I:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: I:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\LocalService_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\NetworkService_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\Pascal_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\Pascal_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\systemprofile_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Google Sidewiki... - I:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - I:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15:64bit: - Pascal_ON_I\..Trusted Domains: microsoft.com ([download.windowsupdate] http in Sites de confiance) O15:64bit: - Pascal_ON_I\..Trusted Domains: microsoft.com ([update] http in Sites de confiance) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/02/12 14:53:42 | 000,000,277 | R--- | M] () - K:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - I:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - I:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: aux - I:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - I:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - I:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - I:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - I:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - I:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - I:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - I:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - I:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32:64bit: vidc.i420 - I:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.iyuv - I:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - I:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - I:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32:64bit: vidc.uyvy - I:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yuy2 - I:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yvu9 - I:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yvyu - I:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - I:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - I:\Windows\System32\msacm32.drv (Microsoft Corporation) Drivers32: msacm.l3acm - I:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) ========== Files/Folders - Created Within 30 Days ========== [2011/02/11 06:00:20 | 000,000,000 | ---D | C] -- I:\Windows\temp [2011/02/11 05:56:14 | 000,000,000 | ---D | C] -- I:\$RECYCLE.BIN [2011/02/11 05:49:00 | 000,161,792 | ---- | C] (SteelWerX) -- I:\Windows\SWREG.exe [2011/02/11 05:49:00 | 000,031,232 | ---- | C] (NirSoft) -- I:\Windows\NIRCMD.exe [2011/02/11 05:48:59 | 000,136,704 | ---- | C] (SteelWerX) -- I:\Windows\SWSC.exe [2011/02/11 05:48:56 | 000,000,000 | ---D | C] -- I:\Windows\ERDNT [2011/02/11 05:48:31 | 000,000,000 | ---D | C] -- I:\Qoobox [2011/02/11 05:48:15 | 000,212,480 | ---- | C] (SteelWerX) -- I:\Windows\SWXCACLS.exe [2011/02/09 11:18:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeeds.dll [2011/02/09 11:18:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeeds.dll [2011/02/09 11:18:02 | 000,256,000 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iepeers.dll [2011/02/09 11:18:02 | 000,247,808 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll [2011/02/09 11:18:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll [2011/02/09 11:18:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\html.iec [2011/02/09 11:18:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\html.iec [2011/02/09 11:18:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\iepeers.dll [2011/02/09 11:18:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mshtmled.dll [2011/02/09 11:18:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mshtmled.dll [2011/02/09 11:18:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\licmgr10.dll [2011/02/09 11:18:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\licmgr10.dll [2011/02/09 11:18:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeedssync.exe [2011/02/09 11:18:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeedssync.exe [2011/02/09 11:16:19 | 000,852,480 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript.dll [2011/02/09 11:16:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript.dll [2011/02/09 11:16:19 | 000,612,352 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\vbscript.dll [2011/02/09 11:15:52 | 005,510,528 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ntoskrnl.exe [2011/02/09 11:15:51 | 003,901,824 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ntoskrnl.exe [2011/02/09 11:15:51 | 001,739,176 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ntdll.dll [2011/02/09 11:15:50 | 003,957,120 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ntkrnlpa.exe [2011/02/09 11:15:35 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- I:\Windows\System32\atmfd.dll [2011/02/09 11:15:35 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\atmfd.dll [2011/02/09 11:15:35 | 000,046,080 | ---- | C] (Adobe Systems) -- I:\Windows\System32\atmlib.dll [2011/02/09 11:15:35 | 000,034,304 | ---- | C] (Adobe Systems) -- I:\Windows\SysWow64\atmlib.dll [2011/02/09 02:30:06 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\WinClamAVShield [2011/02/06 06:24:49 | 000,000,000 | ---D | C] -- I:\Users\Pascal\AppData\Roaming\Avira [2011/02/06 06:22:13 | 000,116,568 | ---- | C] (Avira GmbH) -- I:\Windows\System32\drivers\avipbb.sys [2011/02/06 06:22:13 | 000,083,120 | ---- | C] (Avira GmbH) -- I:\Windows\System32\drivers\avgntflt.sys [2011/02/06 06:22:13 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Avira [2011/02/06 05:57:40 | 000,000,000 | ---D | C] -- I:\Users\Pascal\AppData\Roaming\Spyware Terminator [2011/02/06 05:57:39 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Spyware Terminator [2011/02/05 10:03:59 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Booba-0.9-FR-2008-OND [2011/02/05 10:00:47 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Booba-Ouest_Side-FR-2006-OGV [2011/02/02 16:41:53 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Nouveau dossier (2) [2011/01/30 07:46:30 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Green Money-Greenologie-2011-BY POPOF [2011/01/25 01:05:30 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Green_Money-Mixtape_Mp3_Vol.2-(WEB)-FR-2010-S0N0R [2011/01/22 15:57:06 | 000,237,168 | ---- | C] (AVAST Software) -- I:\Windows\System32\aswBoot.exe [2011/01/20 02:47:53 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Falcko-El_Gato_Negro-(WEB)-FR-2011-S0N0R [2010/08/28 19:45:48 | 485,657,200 | ---- | C] ( ) -- I:\Program Files (x86)\StreetGears_FullClient_Dec09_FR.exe ========== Files - Modified Within 30 Days ========== [2011/02/11 12:06:42 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat [2011/02/11 12:06:35 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/02/11 12:06:34 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/02/11 12:01:00 | 000,001,064 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/02/11 12:00:47 | 2115,289,087 | -HS- | M] () -- I:\hiberfil.sys [2011/02/11 09:56:02 | 000,001,068 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/02/10 02:28:46 | 004,911,368 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT [2011/02/09 11:30:19 | 000,014,110 | ---- | M] () -- I:\Users\Pascal\Desktop\Lettre Offre Spontanée.docx [2011/02/05 15:34:34 | 000,099,840 | ---- | M] () -- I:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe [2011/02/02 14:47:07 | 000,084,935 | ---- | M] () -- I:\Users\Pascal\Desktop\Sans-titre-1.jpg [2011/02/02 11:21:41 | 000,744,852 | ---- | M] () -- I:\Windows\System32\perfh00C.dat [2011/02/02 11:21:41 | 000,651,734 | ---- | M] () -- I:\Windows\System32\perfh009.dat [2011/02/02 11:21:41 | 000,148,370 | ---- | M] () -- I:\Windows\System32\perfc00C.dat [2011/02/02 11:21:41 | 000,120,666 | ---- | M] () -- I:\Windows\System32\perfc009.dat [2011/01/29 11:02:53 | 000,014,579 | ---- | M] () -- I:\Users\Pascal\Desktop\CV caissière.docx [2011/01/27 10:33:30 | 000,000,832 | ---- | M] () -- I:\Windows\wininit.ini [2011/01/22 15:57:06 | 000,000,000 | ---- | M] () -- I:\Windows\SysWow64\config.nt [2011/01/20 16:16:12 | 002,783,335 | ---- | M] () -- I:\Users\Pascal\Desktop\1.jpg [2011/01/20 15:56:59 | 016,062,633 | ---- | M] () -- I:\Users\Pascal\Desktop\4248412363_68508835e8_b_d1.psd [2011/01/20 15:51:46 | 003,155,680 | ---- | M] () -- I:\Users\Pascal\Desktop\201000618-fin_trims 145.jpg [2011/01/20 15:50:45 | 014,616,954 | ---- | M] () -- I:\Users\Pascal\Desktop\peinture_tutsps.rar [2011/01/20 15:33:44 | 000,393,910 | ---- | M] () -- I:\Users\Pascal\Desktop\drilon.jpg [2011/01/18 00:48:35 | 000,040,960 | ---- | M] () -- I:\Users\Pascal\Desktop\mmmmns titre.wps [2011/01/18 00:48:35 | 000,000,544 | ---- | M] () -- I:\Users\Pascal\AppData\Roaming\wklnhst.dat [2011/01/13 11:28:21 | 000,000,149 | ---- | M] () -- I:\Users\Pascal\AppData\Roaming\default.rss [2011/01/13 11:28:17 | 000,000,069 | ---- | M] () -- I:\Windows\NeroDigital.ini [2011/01/13 03:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- I:\Windows\System32\aswBoot.exe ========== Files Created - No Company Name ========== [2011/02/11 05:49:00 | 000,256,512 | ---- | C] () -- I:\Windows\PEV.exe [2011/02/11 05:49:00 | 000,098,816 | ---- | C] () -- I:\Windows\sed.exe [2011/02/11 05:49:00 | 000,089,088 | ---- | C] () -- I:\Windows\MBR.exe [2011/02/11 05:49:00 | 000,080,412 | ---- | C] () -- I:\Windows\grep.exe [2011/02/11 05:49:00 | 000,068,096 | ---- | C] () -- I:\Windows\zip.exe [2011/02/05 15:34:35 | 000,099,840 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe [2011/02/02 14:47:04 | 000,084,935 | ---- | C] () -- I:\Users\Pascal\Desktop\Sans-titre-1.jpg [2011/01/29 11:02:53 | 000,014,579 | ---- | C] () -- I:\Users\Pascal\Desktop\CV caissière.docx [2011/01/29 10:54:07 | 000,014,110 | ---- | C] () -- I:\Users\Pascal\Desktop\Lettre Offre Spontanée.docx [2011/01/20 16:16:10 | 002,783,335 | ---- | C] () -- I:\Users\Pascal\Desktop\1.jpg [2011/01/20 15:57:09 | 000,768,541 | ---- | C] () -- I:\Users\Pascal\Desktop\4248412363_68508835e8_b_d1.jpg [2011/01/20 15:56:57 | 016,062,633 | ---- | C] () -- I:\Users\Pascal\Desktop\4248412363_68508835e8_b_d1.psd [2011/01/20 15:50:22 | 014,616,954 | ---- | C] () -- I:\Users\Pascal\Desktop\peinture_tutsps.rar [2011/01/20 15:49:19 | 003,155,680 | ---- | C] () -- I:\Users\Pascal\Desktop\201000618-fin_trims 145.jpg [2011/01/20 15:33:43 | 000,393,910 | ---- | C] () -- I:\Users\Pascal\Desktop\drilon.jpg [2011/01/16 13:45:36 | 000,040,960 | ---- | C] () -- I:\Users\Pascal\Desktop\mmmmns titre.wps [2010/12/16 06:36:16 | 000,036,864 | ---- | C] () -- I:\Windows\SysWow64\EGameEncrypt.dll [2010/11/23 15:59:47 | 000,000,149 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\default.rss [2010/11/23 15:59:36 | 000,000,069 | ---- | C] () -- I:\Windows\NeroDigital.ini [2010/11/20 12:47:22 | 000,178,176 | ---- | C] () -- I:\Windows\SysWow64\unrar.dll [2010/11/20 12:47:22 | 000,000,038 | ---- | C] () -- I:\Windows\avisplitter.ini [2010/11/20 12:47:19 | 000,881,664 | ---- | C] () -- I:\Windows\SysWow64\xvidcore.dll [2010/11/20 12:47:19 | 000,205,824 | ---- | C] () -- I:\Windows\SysWow64\xvidvfw.dll [2010/11/20 12:47:19 | 000,085,504 | ---- | C] () -- I:\Windows\SysWow64\ff_vfw.dll [2010/11/15 11:27:28 | 000,000,308 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\Rim.Desktop.Exception.log [2010/11/15 11:27:11 | 000,000,807 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\Rim.Desktop.HttpServerSetup.log [2010/10/30 15:39:23 | 001,970,176 | ---- | C] () -- I:\Windows\SysWow64\d3dx9.dll [2010/10/30 12:34:35 | 000,001,456 | ---- | C] () -- I:\Users\Pascal\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs [2010/10/28 12:46:53 | 001,638,172 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI [2010/10/23 13:50:12 | 000,000,179 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\37198.bat [2010/09/06 14:02:18 | 000,000,832 | ---- | C] () -- I:\Windows\wininit.ini [2010/08/28 18:02:46 | 000,000,017 | ---- | C] () -- I:\Users\Pascal\AppData\Local\resmon.resmoncfg [2010/08/06 17:28:09 | 000,000,132 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\Adobe BMP Format CS5 Prefs [2010/07/30 14:22:59 | 000,000,544 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\wklnhst.dat [2009/11/18 16:39:50 | 000,192,484 | ---- | C] () -- I:\Program Files (x86)\Common Files\Acer GameZone online.ico [2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll [2008/10/28 10:40:48 | 000,173,552 | ---- | C] () -- I:\Windows\SysWow64\xlive.dll.cat [2002/10/06 13:37:26 | 000,053,760 | ---- | C] () -- I:\Windows\SysWow64\zlib.dll [1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- I:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2011/02/05 15:37:30 | 000,032,496 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*. Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*. Invalid Environment Variable: %APPDATA%\*.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ALG.EXE > [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=3290D6946B5E30E70414990574883DDB -- [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=3290D6946B5E30E70414990574883DDB -- I:\Windows\winsxs\amd64_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_04de43c774cf8fe3\alg.exe < MD5 for: ATAPI.SYS > [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\ERDNT\cache64\atapi.sys [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CDROM.SYS > [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- I:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys < MD5 for: CNGAUDIT.DLL > [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\ERDNT\cache86\cngaudit.dll [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\SysWOW64\cngaudit.dll [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\ERDNT\cache64\cngaudit.dll [2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\SysWOW64\cngaudit.dll [2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: CSRSS.EXE > [2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- [2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- I:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe < MD5 for: CTFMON.EXE > [2009/07/13 20:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- I:\Windows\ERDNT\cache64\ctfmon.exe [2009/07/13 20:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- I:\Windows\SysWOW64\ctfmon.exe [2009/07/13 20:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- I:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe [2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- I:\Windows\ERDNT\cache86\ctfmon.exe [2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- I:\Windows\SysWOW64\ctfmon.exe [2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- I:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe < MD5 for: DISK.SYS > [2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- [2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- [2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- I:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys < MD5 for: EVENTLOG.DLL > [2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- I:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\SysWOW64\explorer.exe [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\ERDNT\cache86\explorer.exe [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\explorer.exe [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: I8042PRT.SYS > [2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- [2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- [2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- [2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- I:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\i8042prt.sys [2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- I:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys < MD5 for: IASTOR.SYS > [2009/10/13 13:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: INTELIDE.SYS > [2009/07/13 20:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) MD5=F00F20E70C6EC3AA366910083A0518AA -- [2009/07/13 20:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) MD5=F00F20E70C6EC3AA366910083A0518AA -- [2009/07/13 20:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) MD5=F00F20E70C6EC3AA366910083A0518AA -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\intelide.sys < MD5 for: MOUNTMGR.SYS > [2009/07/13 20:48:27 | 000,094,784 | ---- | M] (Microsoft Corporation) MD5=791AF66C4D0E7C90A3646066386FB571 -- [2009/07/13 20:48:27 | 000,094,784 | ---- | M] (Microsoft Corporation) MD5=791AF66C4D0E7C90A3646066386FB571 -- I:\Windows\winsxs\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7600.16385_none_4e8d166d20b6ca3b\mountmgr.sys < MD5 for: MRXSMB.SYS > [2010/02/27 02:52:22 | 000,157,696 | ---- | M] (Microsoft Corporation) MD5=767A4C3BCF9410C286CED15A2DB17108 -- [2010/02/27 02:52:22 | 000,157,696 | ---- | M] (Microsoft Corporation) MD5=767A4C3BCF9410C286CED15A2DB17108 -- I:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16539_none_dbc0736c6aa249bf\mrxsmb.sys [2010/02/27 02:52:14 | 000,157,696 | ---- | M] (Microsoft Corporation) MD5=968613CC6C0F7427FAC62ACED6F7B8C5 -- I:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20655_none_dc306f3783d3bc0f\mrxsmb.sys [2009/07/13 18:24:00 | 000,157,184 | ---- | M] (Microsoft Corporation) MD5=CFDCD8CA87C2A657DEBC150AC35B5E08 -- I:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16385_none_db865edc6ace75ca\mrxsmb.sys < MD5 for: MRXSMB10.SYS > [2009/07/13 18:24:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1BEE517B220B7F024F411AEC1571DD5A -- I:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16385_none_e4997d30651fb42c\mrxsmb10.sys [2010/02/27 02:52:17 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=2DD6A56A8C7B58F3181C98E536A327B2 -- I:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20655_none_e5438d8b7e24fa71\mrxsmb10.sys [2010/02/27 02:52:29 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=920EE0FF995FCFDEB08C41605A959E1C -- [2010/02/27 02:52:29 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=920EE0FF995FCFDEB08C41605A959E1C -- I:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16539_none_e4d391c064f38821\mrxsmb10.sys < MD5 for: MRXSMB20.SYS > [2010/02/27 02:52:12 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=00716986E11C4F6A53E1177683D1DB20 -- I:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.20655_none_e779f79dbc7c2de2\mrxsmb20.sys [2009/07/13 18:24:06 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=6B2D5FEF385828B6E485C1C90AFB8195 -- I:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16385_none_e6cfe742a376e79d\mrxsmb20.sys [2010/02/27 02:52:28 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=740D7EA9D72C981510A5292CF6ADC941 -- [2010/02/27 02:52:28 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=740D7EA9D72C981510A5292CF6ADC941 -- I:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16539_none_e709fbd2a34abb92\mrxsmb20.sys < MD5 for: NDIS.SYS > [2009/07/13 20:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- [2009/07/13 20:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- I:\Windows\ERDNT\cache64\ndis.sys [2009/07/13 20:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- I:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys < MD5 for: NETLOGON.DLL > [2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\ERDNT\cache64\netlogon.dll [2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\SysWOW64\netlogon.dll [2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\ERDNT\cache86\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\SysWOW64\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: RASACD.SYS > [2009/07/13 19:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- [2009/07/13 19:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- I:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys < MD5 for: RDPCDD.SYS > [2009/07/13 19:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=CEA6CC257FC9B7715F1C2B4849286D24 -- [2009/07/13 19:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=CEA6CC257FC9B7715F1C2B4849286D24 -- I:\Windows\winsxs\amd64_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7600.16385_none_30d015c257effe8b\RDPCDD.sys < MD5 for: SCECLI.DLL > [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\ERDNT\cache86\scecli.dll [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\SysWOW64\scecli.dll [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\ERDNT\cache64\scecli.dll [2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\SysWOW64\scecli.dll [2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: SERVICES.EXE > [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- I:\Windows\ERDNT\cache64\services.exe [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- I:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe < MD5 for: SMSS.EXE > [2009/07/13 20:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- [2009/07/13 20:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- I:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe < MD5 for: SPOOLSV.EXE > [2010/08/20 00:38:12 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=8547491BE7086EE317163365D83A37D2 -- I:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe [2009/07/13 20:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=89E8550C5862999FCF482EA562B0E98E -- I:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe [2010/08/21 01:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- [2010/08/21 01:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- I:\Windows\ERDNT\cache64\spoolsv.exe [2010/08/21 01:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- I:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe < MD5 for: STORPORT.SYS > [2009/07/13 20:45:55 | 000,185,936 | ---- | M] (Microsoft Corporation) MD5=141E6F0B54DA421B8DE146F5AD947760 -- [2009/07/13 20:45:55 | 000,185,936 | ---- | M] (Microsoft Corporation) MD5=141E6F0B54DA421B8DE146F5AD947760 -- I:\Windows\winsxs\amd64_microsoft-windows-storport_31bf3856ad364e35_6.1.7600.16385_none_8371405049dfec7a\storport.sys < MD5 for: SVCHOST.EXE > [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\ERDNT\cache86\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\SysWOW64\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\ERDNT\cache64\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\SysWOW64\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: TCPIP.SYS > [2010/06/14 01:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- I:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys [2010/06/14 01:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- [2010/06/14 01:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- I:\Windows\ERDNT\cache64\tcpip.sys [2010/06/14 01:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- I:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys [2009/07/13 20:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- I:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys < MD5 for: TERMDD.SYS > [2009/07/13 20:45:55 | 000,062,544 | ---- | M] (Microsoft Corporation) MD5=C448651339196C0E869A355171875522 -- [2009/07/13 20:45:55 | 000,062,544 | ---- | M] (Microsoft Corporation) MD5=C448651339196C0E869A355171875522 -- [2009/07/13 20:45:55 | 000,062,544 | ---- | M] (Microsoft Corporation) MD5=C448651339196C0E869A355171875522 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\termdd.sys < MD5 for: USERINIT.EXE > [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\ERDNT\cache86\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\SysWOW64\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\ERDNT\cache64\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\SysWOW64\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WIN32K.SYS > [2010/05/01 10:04:07 | 003,124,224 | ---- | M] (Microsoft Corporation) MD5=333F53E52C29577D65D7328D4A95FFF1 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20704_none_15c78cf4cd156ec7\win32k.sys [2011/01/04 23:00:16 | 003,127,808 | ---- | M] (Microsoft Corporation) MD5=33DD4577B4BA2CF6BD1D1096DCBB0A49 -- [2011/01/04 23:00:16 | 003,127,808 | ---- | M] (Microsoft Corporation) MD5=33DD4577B4BA2CF6BD1D1096DCBB0A49 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16732_none_151b81b7b411ed49\win32k.sys [2011/01/04 22:57:31 | 003,129,344 | ---- | M] (Microsoft Corporation) MD5=643E6764B18CB3266357FD0AB649F7A8 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21634_none_178d7c1cca542bad\win32k.sys [2010/05/01 10:07:05 | 003,122,176 | ---- | M] (Microsoft Corporation) MD5=718F3491CF541569956BAA4C6E7B351E -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16585_none_14e86f2db437cab5\win32k.sys [2010/06/18 23:24:19 | 003,124,224 | ---- | M] (Microsoft Corporation) MD5=799A5411338E2F3D2A3710B3D209D8B3 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20738_none_15ab1e58cd2a27f6\win32k.sys [2010/10/19 22:25:10 | 003,126,272 | ---- | M] (Microsoft Corporation) MD5=7E5E9C8FC212ABBF72D87AF3370D8D35 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20821_none_15aeee24cd2857cb\win32k.sys [2010/08/31 21:58:34 | 003,123,712 | ---- | M] (Microsoft Corporation) MD5=8549DC7684CBC0A0AA542051B7EF5A23 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16667_none_1500117fb425c2a8\win32k.sys [2011/01/04 22:59:01 | 003,129,344 | ---- | M] (Microsoft Corporation) MD5=9F9B2A0552CD7FCD1B6A29B94A6AABE1 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20873_none_157adf1ccd4f162e\win32k.sys [2010/08/31 21:55:20 | 003,125,248 | ---- | M] (Microsoft Corporation) MD5=A671682E193BD7D39CE8DD33ABD4FC71 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20792_none_15643d14cd603792\win32k.sys [2010/10/19 22:09:15 | 003,124,224 | ---- | M] (Microsoft Corporation) MD5=A94AAAE340658B6C29091B9FD74D2317 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16691_none_14d99fffb4437e71\win32k.sys [2009/07/13 18:40:40 | 003,122,176 | ---- | M] (Microsoft Corporation) MD5=CBEF2EB83438ED9FC39411CC8378B0E7 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16385_none_14e86b61b437d067\win32k.sys [2010/06/18 23:32:34 | 003,122,688 | ---- | M] (Microsoft Corporation) MD5=E04C151CA3D6C1D968AA066B2C67DF24 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16617_none_1536211bb3fd36f3\win32k.sys [2011/01/05 01:56:24 | 003,129,344 | ---- | M] (Microsoft Corporation) MD5=F7755E762C67E2AFF6087AB5D2CE7A7A -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17535_none_1704df9bb135a53a\win32k.sys < MD5 for: WININIT.EXE > [2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- I:\Windows\ERDNT\cache64\wininit.exe [2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- I:\Windows\SysWOW64\wininit.exe [2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- I:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- I:\Windows\ERDNT\cache86\wininit.exe [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- I:\Windows\SysWOW64\wininit.exe [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- I:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\ERDNT\cache64\winlogon.exe [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < CREATERESTOREPOINT > < End of report > Par simple curiosité, vous faites comment pour trouver un truc précis dans ce charabia ?

La connexion internet ne fonctionne pas. J'essai de copier le texte sur fichier bloc note via une clé USB.

Merci infiniment, je serais libre aux alentours de 17h00 donc je te ferais ca.

Bonjour, alors depuis quelques temps j'ai mon antivirus (Antivir) qui m'affiche souvent des infections (W32/Ramnit.C et autres). J'ai des messages d'alertes toutes les ~2 minutes quand je surf sur le web. J'ai lu la FAQ de ce forum et j'ai vu qu'il fallait que je post un rapport du logiciel ComboFix. Le voici donc : ComboFix 11-02-09.05 - Pascal 11.02.2011 11:50:23.1.8 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.41.1036.18.8151.5857 [GMT 1:00] Lancé depuis: c:\users\Pascal\Downloads\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files (x86)\Blender c:\users\Pascal\AppData\Roaming\install c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Low c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Low\HDD Low.lnk c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Low\Uninstall HDD Low.lnk D:\install.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-11 au 2011-02-11 )))))))))))))))))))))))))))))))))))) . 2011-02-09 16:17 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll 2011-02-09 16:17 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2011-02-09 16:16 . 2011-01-05 04:00 3127808 ----a-w- c:\windows\system32\win32k.sys 2011-02-09 16:16 . 2011-01-05 06:20 612352 ----a-w- c:\windows\system32\vbscript.dll 2011-02-09 16:16 . 2011-01-05 05:37 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-02-09 16:15 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-02-09 16:15 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll 2011-02-09 16:15 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-02-09 16:15 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll 2011-02-09 16:15 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-02-09 16:15 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-02-09 16:15 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-02-09 16:15 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 16:15 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-02-09 07:38 . 2011-02-09 08:29 -------- d-----w- c:\users\Pascal\DoctorWeb 2011-02-09 07:30 . 2011-02-09 07:30 -------- d-----w- c:\program files (x86)\WinClamAVShield 2011-02-08 16:19 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F81C890-D130-4872-86A7-2C25486EA735}\mpengine.dll 2011-02-06 11:24 . 2011-02-06 11:24 -------- d-----w- c:\users\Pascal\AppData\Roaming\Avira 2011-02-06 11:22 . 2011-02-06 11:22 -------- d-----w- c:\programdata\Avira 2011-02-06 11:22 . 2011-02-06 11:22 -------- d-----w- c:\program files (x86)\Avira 2011-02-06 11:22 . 2010-12-06 07:48 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-06 11:22 . 2010-12-06 07:48 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-02-06 10:57 . 2011-02-11 09:59 -------- d-----w- c:\programdata\Spyware Terminator 2011-02-06 10:57 . 2011-02-06 21:09 -------- d-----w- c:\users\Pascal\AppData\Roaming\Spyware Terminator 2011-02-06 10:57 . 2011-02-06 20:56 -------- d-----w- c:\program files (x86)\Spyware Terminator 2011-02-05 20:34 . 2011-02-05 20:34 -------- d-----w- c:\users\Pascal\oguexvlc 2011-02-05 20:34 . 2011-02-05 20:34 99840 ------w- c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe 2011-01-22 20:57 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe 2011-01-14 09:44 . 2011-01-14 09:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-24 10:36 . 2010-12-24 10:36 2052928 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2010-11-14 20:01 . 2010-11-14 20:01 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2010-11-14 20:01 . 2010-11-14 20:01 1753920 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-08-29 10:38 . 2010-08-29 00:45 485657200 ----a-w- c:\program files (x86)\StreetGears_FullClient_Dec09_FR.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:41 120104 ------w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-18 39408] "RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-06 3318784] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888] "Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-16 128296] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-10 421160] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-06 281768] "SpywareTerminator"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-02-06 2557440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-06 3318784] c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ wmmqiyus.exe [2011-2-5 99840] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2010-4-17 319488] SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2010-4-17 53760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 135664] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-05-01 15872] R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\DriftCity\GameGuard\dump_wmimmc.sys [x] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-08-13 342016] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-30 1255736] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-27 834544] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/04/17 04:33];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-11-13 02:30 146928] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-06 135336] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208] S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2010-07-07 50696] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-19 712704] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . Contenu du dossier 'Tâches planifiées' 2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 11:46] 2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 11:46] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:44 137512 ------w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Examen supplémentaire ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&m=aspire_m7811&r=17360710n506pe4g5v1k5w4531u978 uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&m=aspire_m7811&r=17360710n506pe4g5v1k5w4531u978 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html Trusted Zone: microsoft.com\download.windowsupdate Trusted Zone: microsoft.com\update FF - ProfilePath - c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-421051368-675785460-3348532563-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" [HKEY_USERS\S-1-5-21-421051368-675785460-3348532563-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Mozilla Firefox\firefox.exe . ************************************************************************** . Heure de fin: 2011-02-11 12:00:17 - La machine a redémarré ComboFix-quarantined-files.txt 2011-02-11 11:00 Avant-CF: 297'740'959'744 octets libres Après-CF: 297'730'908'160 octets libres - - End Of File - - 4552955457DBF2042617ABA144C79363 En vous remerciant d'avance, Esprit09. EDIT : Je précise que je suis allé sur d'autres sites pour trouver une solution à mon problème et je n'ai rien trouvé hormis certaines solutions qui sont faite pour un cas particulier.