

Esprit09
Membres-
Compteur de contenus
10 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Esprit09
-
Ramnit.. ca commence à m'énerver
Esprit09 a répondu à un(e) sujet de Esprit09 dans Analyses et éradication malwares
Il y a peut-être un moyen de le récupérer ? -
Ramnit.. ca commence à m'énerver
Esprit09 a répondu à un(e) sujet de Esprit09 dans Analyses et éradication malwares
Le deuxième rapport il a supprimé quelques virus (5 ou 6 il me semble) mais j'ai fermé la fenêtre sans faire exprès :S (le pop des alertes persiste toujours) -
Ramnit.. ca commence à m'énerver
Esprit09 a répondu à un(e) sujet de Esprit09 dans Analyses et éradication malwares
Rapport de ZHPFix 1.12.3251 par Nicolas Coolman, Update du 07/02/2011 Fichier d'export Registre : Run by Pascal at 2/11/2011 9:14:00 PM Windows 7 Home Premium Edition, 64-bit (Build 7600) Web site : ZHPFix Fix de rapport Contact : nicolascoolman@yahoo.fr ========== Processus mémoire ========== C:\Users\Pascal\Desktop\Keygen Photoshop CS5 Extended.exe => Supprimé et mis en quarantaine ========== Clé(s) du Registre ========== O23 - Service: (McAfee SiteAdvisor Service) - Clé orpheline => Clé supprimée avec succès O23 - Service: (nvsvc) - Clé orpheline => Clé supprimée avec succès O23 - Service: (UNS) - Clé orpheline => Clé supprimée avec succès ========== Valeur(s) du Registre ========== O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe => Valeur supprimée avec succès O4 - HKLM\..\Run: [iAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe => Valeur supprimée avec succès O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe => Valeur supprimée avec succès O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe => Valeur supprimée avec succès O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe => Valeur supprimée avec succès O4 - HKCU\..\Run: [RGSC] . (.Take-Two Interactive Software, Inc. - RGSCLauncher.) -- C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [backupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [NortonOnlineBackupReminder] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [ArcadeDeluxeAgent] . (.CyberLink Corp. - Acer Arcade Deluxe Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [PlayMovie] . (.Acer Corp. - Acer Arcade Deluxe PlayMovie Resident Progr.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [switchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe => Valeur supprimée avec succès O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe => Valeur supprimée avec succès O4 - HKUS\S-1-5-21-421051368-675785460-3348532563-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe => Valeur absente O4 - HKUS\S-1-5-21-421051368-675785460-3348532563-1001\..\Run: [RGSC] . (.Take-Two Interactive Software, Inc. - RGSCLauncher.) -- C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe => Valeur absente FirewallRaz : Aucune valeur présente dans la clé de registre "Standard Profile" FirewallRaz : Aucune valeur présente dans la clé de registre "Domain Profile" FirewallRaz (Domain) : FPS-SpoolSvc-In-TCP-NoScope => Valeur supprimée avec succès FirewallRaz (Public) : FPS-SpoolSvc-In-TCP => Valeur supprimée avec succès FirewallRaz (Domain) : CoreNet-GP-LSASS-Out-TCP => Valeur supprimée avec succès FirewallRaz (Domain) : RemoteSvcAdmin-In-TCP-NoScope => Valeur supprimée avec succès FirewallRaz (Public) : RemoteSvcAdmin-In-TCP => Valeur supprimée avec succès FirewallRaz (Domain) : NetPres-In-TCP-NoScope => Valeur supprimée avec succès FirewallRaz (Domain) : NetPres-Out-TCP-NoScope => Valeur supprimée avec succès FirewallRaz (None) : NetPres-WSD-In-UDP => Valeur supprimée avec succès FirewallRaz (None) : NetPres-WSD-Out-UDP => Valeur supprimée avec succès FirewallRaz (Public) : NetPres-In-TCP => Valeur supprimée avec succès FirewallRaz (Public) : NetPres-Out-TCP => Valeur supprimée avec succès FirewallRaz (Public) : {04DA41C2-B8F3-4E87-9FF8-A3356482E836} => Valeur supprimée avec succès FirewallRaz (Public) : {5BAE5F40-20CD-4ECA-AFEE-DDD796160181} => Valeur supprimée avec succès FirewallRaz (Private) : {B5489BF0-78C8-4E71-8FDB-B364E552F6B8} => Valeur supprimée avec succès FirewallRaz (None) : {6A9F7322-6810-4E8D-988D-9C4A2BC3FDCF} => Valeur supprimée avec succès FirewallRaz (Private) : {31B8CEF7-1744-479E-ABA7-9A2D95CC47BC} => Valeur supprimée avec succès FirewallRaz (Private) : {0CD7DA0C-D6DC-4082-8971-50E682DD19EB} => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{68B0B600-E6AF-4DEF-9E8A-966B8F57A976}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{00860C45-FDE2-4245-8E50-FB4EDC306893}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{A305C086-380F-4265-80CD-20ECAE3003B1}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{67B55013-ABC2-4F5D-B704-DC2746229A4E}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{87C44E55-F6FB-41A7-9F03-E34AB4A214AA}C:\program files (x86)\dawn of war 2\dow2.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{DF6D29E2-641E-4599-B424-17252D22B6A2}C:\program files (x86)\dawn of war 2\dow2.exe => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{C981708A-C7EB-4148-8408-95547BD8EFD2}C:\gpotato.eu\street gears\streetgear.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{DD7A8ACB-F9B8-4B22-86AD-A035CBB5A7F8}C:\gpotato.eu\street gears\streetgear.exe => Valeur supprimée avec succès FirewallRaz (Private) : {4DD0F8AA-9416-4BEE-AD13-ED263E6DA84B} => Valeur supprimée avec succès FirewallRaz (Private) : {5D56BA92-6629-4551-9982-D8E3D4B86C17} => Valeur supprimée avec succès FirewallRaz (Private) : {E3B51A00-5B06-4205-8F72-83F3A88BB3D2} => Valeur supprimée avec succès FirewallRaz (Private) : {D06C042F-0B20-4599-89C8-D65B8C02E052} => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{FA4E52E3-3F37-447E-96EE-59B81E783823}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{E08BDDDE-FCBE-4966-AB45-6EC2EC04C3CE}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe => Valeur supprimée avec succès FirewallRaz (Public) : TCP Query User{AD20A7DD-836D-439A-86F1-F8B80DAB762B}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe => Valeur supprimée avec succès FirewallRaz (Public) : UDP Query User{FBE4400C-53FE-4D4D-A96B-2029FF64D5C4}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe => Valeur supprimée avec succès FirewallRaz (Private) : {56C20688-5394-4D14-B04F-03090D505B6A} => Valeur supprimée avec succès FirewallRaz (Private) : {6B02D238-D82A-4A27-BEB2-8FEB5FDDAFED} => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{0EB03683-E8DB-4823-8C96-62FF2CA82EA8}C:\program files (x86)\secondlifeviewer2\slvoice.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{89197624-D9DA-4C35-9911-0E79F139AF13}C:\program files (x86)\secondlifeviewer2\slvoice.exe => Valeur supprimée avec succès FirewallRaz (Private) : {3090DDA9-AB77-4F4A-BD38-E5591493838C} => Valeur supprimée avec succès FirewallRaz (Private) : {53B4F386-078E-4F42-9551-66E2D169775F} => Valeur supprimée avec succès FirewallRaz (Private) : {B0B16726-901E-40AC-B468-A688A02DC6DB} => Valeur supprimée avec succès FirewallRaz (Private) : {FB0141AC-8CDE-4869-9C11-8422F016B035} => Valeur supprimée avec succès FirewallRaz (Domain) : {74B9DB02-3CD9-4E27-B99C-4D90124236F6} => Valeur supprimée avec succès FirewallRaz (Domain) : {0594504F-30EE-4AAE-9E3B-B4CA7359FC33} => Valeur supprimée avec succès FirewallRaz (Private) : TCP Query User{034F9CDB-760E-4113-97B2-9498CF7E5295}C:\gamescampus\driftcity\driftcity.exe => Valeur supprimée avec succès FirewallRaz (Private) : UDP Query User{970E412F-F804-4C72-A881-E9463A72A615}C:\gamescampus\driftcity\driftcity.exe => Valeur supprimée avec succès ========== Préférences navigateur ========== O69 - SBI: prefs.js [Pascal - j5kkcknm.default] user_pref("CT2438727.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1"); => Valeur supprimée avec succès O69 - SBI: prefs.js [Pascal - j5kkcknm.default] user_pref("CT2438727.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q="); => Valeur supprimée avec succès ========== Dossier(s) ========== Dossiers Flash Cookies supprimés : 5 ========== Fichier(s) ========== Fichiers Flash Cookies supprimés : 3 ========== Autre ========== EgisUpdate.exe => Format Non supporté ========== Récapitulatif ========== 1 : Processus mémoire 3 : Clé(s) du Registre 65 : Valeur(s) du Registre 1 : Dossier(s) 1 : Fichier(s) 2 : Préférences navigateur 1 : Autre End of the scan -
Ramnit.. ca commence à m'énerver
Esprit09 a répondu à un(e) sujet de Esprit09 dans Analyses et éradication malwares
Je ne trouve pas le bouton "H" :s -
Ramnit.. ca commence à m'énerver
Esprit09 a répondu à un(e) sujet de Esprit09 dans Analyses et éradication malwares
http://www.cijoint.fr/cj201102/cijqKxcYuX.txt Voilà tu avais donc raison. Merci encore du temps que tu me donne. -
Ramnit.. ca commence à m'énerver
Esprit09 a répondu à un(e) sujet de Esprit09 dans Analyses et éradication malwares
Merci bien Premier fichier OTL.log http://www.cijoint.fr/cj201102/cijZ9mNxsC.txt Deuxième : Cependant pour le ZHPDIAG il se bloque à 82% (j'ai bien lancé en administrateur) -
Ramnit.. ca commence à m'énerver
Esprit09 a répondu à un(e) sujet de Esprit09 dans Analyses et éradication malwares
OTL logfile created on: 2/11/2011 6:15:40 PM - Run OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE 64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86) Drive C: | 100.00 Mb Total Space | 74.36 Mb Free Space | 74.36% Space Free | Partition Type: NTFS Drive I: | 457.95 Gb Total Space | 278.01 Gb Free Space | 60.71% Space Free | Partition Type: NTFS Drive J: | 458.46 Gb Total Space | 431.80 Gb Free Space | 94.19% Space Free | Partition Type: NTFS Drive K: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive L: | 1.90 Gb Total Space | 0.47 Gb Free Space | 24.65% Space Free | Partition Type: FAT Drive X: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/08/13 07:46:22 | 000,342,016 | ---- | M] (CybelSoft) [On_Demand] -- I:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice) SRV:64bit: - [2009/08/06 16:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand] -- I:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- I:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2011/02/06 05:57:41 | 000,948,775 | ---- | M] (Crawler.com) [Auto] -- I:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv) SRV - [2010/12/16 18:58:18 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- I:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/12/06 02:47:54 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010/12/06 02:47:41 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/10/15 18:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/07/09 09:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010/05/03 17:21:00 | 003,604,720 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- I:\Windows\SysWow64\GameMon.des -- (npggsvc) SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 06:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () [Auto] -- I:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2009/09/23 07:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- I:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand] -- I:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- I:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009/08/12 18:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- I:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/12/06 02:48:06 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System] -- I:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010/12/06 02:48:06 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto] -- I:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010/09/28 09:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/08/26 23:23:22 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- I:\Windows\System32\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/07/07 05:26:46 | 000,050,696 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto] -- I:\Windows\System32\drivers\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2010/05/01 07:05:04 | 000,015,872 | ---- | M] (CybelSoft) [Kernel | On_Demand] -- I:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64) DRV:64bit: - [2009/10/29 03:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- I:\Windows\System32\drivers\jraid.sys -- (JRAID) DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/09/23 04:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\e1k62x64.sys -- (e1kexpress) Intel® DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/08/06 16:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- I:\Windows\System32\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/06/19 17:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- I:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- I:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- I:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- I:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009/01/09 10:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2008/05/20 12:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009/11/12 21:30:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/17 04:33:32] [Kernel | Auto] -- I:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2004/12/30 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- I:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&m=aspire_m7811&r=17360710n506pe4g5v1k5w4531u978 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Pascal_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&m=aspire_m7811&r=17360710n506pe4g5v1k5w4531u978 IE - HKU\Pascal_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Pascal_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "http://www.google.ch/" FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=fr&q=" [2010/07/30 06:45:50 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Extensions [2011/02/10 11:48:45 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions [2011/01/18 14:14:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/12 12:07:34 | 000,000,000 | ---D | M] (Zynga Toolbar) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010/12/26 19:22:47 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010/10/23 12:45:52 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files (x86)\Mozilla Firefox\extensions [2010/07/30 15:55:37 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- I:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} File not found (No name found) -- C:\USERS\PASCAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J5KKCKNM.DEFAULT\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2010/10/29 15:19:05 | 000,001,516 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml [2010/10/29 15:19:05 | 000,001,822 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/10/29 15:19:05 | 000,000,757 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml [2010/10/29 15:19:05 | 000,001,426 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/10/29 15:19:05 | 000,000,956 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2010/12/27 16:10:53 | 000,428,403 | R--- | M]) - I:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 14747 more lines... O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\Pascal_ON_I\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\Pascal_ON_I\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] I:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [iAAnotif] I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] I:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] I:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS5ServiceManager] I:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcadeDeluxeAgent] I:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] I:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [backupManagerTray] I:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecLiveUpdate] I:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Hotkey Utility] I:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe () O4 - HKLM..\Run: [JMB36X IDE Setup] I:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\Run: [NortonOnlineBackupReminder] I:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] I:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [spywareTerminator] I:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [switchBoard] I:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\.DEFAULT..\Run: [spywareTerminatorUpdate] I:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKU\Pascal_ON_I..\Run: [RGSC] I:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKU\Pascal_ON_I..\Run: [spybotSD TeaTimer] I:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\Pascal_ON_I..\Run: [spywareTerminatorUpdate] I:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKU\Pascal_ON_I..\Run: [swg] I:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: I:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\LocalService_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\NetworkService_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\Pascal_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\Pascal_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\systemprofile_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8:64bit: - Extra context menu item: Google Sidewiki... - I:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - I:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15:64bit: - Pascal_ON_I\..Trusted Domains: microsoft.com ([download.windowsupdate] http in Sites de confiance) O15:64bit: - Pascal_ON_I\..Trusted Domains: microsoft.com ([update] http in Sites de confiance) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/02/12 14:53:42 | 000,000,277 | R--- | M] () - K:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - I:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - I:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: aux - I:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - I:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - I:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - I:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - I:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - I:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - I:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - I:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - I:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32:64bit: vidc.i420 - I:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.iyuv - I:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - I:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - I:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32:64bit: vidc.uyvy - I:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yuy2 - I:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yvu9 - I:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: vidc.yvyu - I:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - I:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - I:\Windows\System32\msacm32.drv (Microsoft Corporation) Drivers32: msacm.l3acm - I:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) ========== Files/Folders - Created Within 30 Days ========== [2011/02/11 06:00:20 | 000,000,000 | ---D | C] -- I:\Windows\temp [2011/02/11 05:56:14 | 000,000,000 | ---D | C] -- I:\$RECYCLE.BIN [2011/02/11 05:49:00 | 000,161,792 | ---- | C] (SteelWerX) -- I:\Windows\SWREG.exe [2011/02/11 05:49:00 | 000,031,232 | ---- | C] (NirSoft) -- I:\Windows\NIRCMD.exe [2011/02/11 05:48:59 | 000,136,704 | ---- | C] (SteelWerX) -- I:\Windows\SWSC.exe [2011/02/11 05:48:56 | 000,000,000 | ---D | C] -- I:\Windows\ERDNT [2011/02/11 05:48:31 | 000,000,000 | ---D | C] -- I:\Qoobox [2011/02/11 05:48:15 | 000,212,480 | ---- | C] (SteelWerX) -- I:\Windows\SWXCACLS.exe [2011/02/09 11:18:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeeds.dll [2011/02/09 11:18:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeeds.dll [2011/02/09 11:18:02 | 000,256,000 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iepeers.dll [2011/02/09 11:18:02 | 000,247,808 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll [2011/02/09 11:18:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll [2011/02/09 11:18:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\html.iec [2011/02/09 11:18:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\html.iec [2011/02/09 11:18:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\iepeers.dll [2011/02/09 11:18:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mshtmled.dll [2011/02/09 11:18:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mshtmled.dll [2011/02/09 11:18:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\licmgr10.dll [2011/02/09 11:18:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\licmgr10.dll [2011/02/09 11:18:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeedssync.exe [2011/02/09 11:18:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeedssync.exe [2011/02/09 11:16:19 | 000,852,480 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript.dll [2011/02/09 11:16:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript.dll [2011/02/09 11:16:19 | 000,612,352 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\vbscript.dll [2011/02/09 11:15:52 | 005,510,528 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ntoskrnl.exe [2011/02/09 11:15:51 | 003,901,824 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ntoskrnl.exe [2011/02/09 11:15:51 | 001,739,176 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ntdll.dll [2011/02/09 11:15:50 | 003,957,120 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ntkrnlpa.exe [2011/02/09 11:15:35 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- I:\Windows\System32\atmfd.dll [2011/02/09 11:15:35 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\atmfd.dll [2011/02/09 11:15:35 | 000,046,080 | ---- | C] (Adobe Systems) -- I:\Windows\System32\atmlib.dll [2011/02/09 11:15:35 | 000,034,304 | ---- | C] (Adobe Systems) -- I:\Windows\SysWow64\atmlib.dll [2011/02/09 02:30:06 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\WinClamAVShield [2011/02/06 06:24:49 | 000,000,000 | ---D | C] -- I:\Users\Pascal\AppData\Roaming\Avira [2011/02/06 06:22:13 | 000,116,568 | ---- | C] (Avira GmbH) -- I:\Windows\System32\drivers\avipbb.sys [2011/02/06 06:22:13 | 000,083,120 | ---- | C] (Avira GmbH) -- I:\Windows\System32\drivers\avgntflt.sys [2011/02/06 06:22:13 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Avira [2011/02/06 05:57:40 | 000,000,000 | ---D | C] -- I:\Users\Pascal\AppData\Roaming\Spyware Terminator [2011/02/06 05:57:39 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Spyware Terminator [2011/02/05 10:03:59 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Booba-0.9-FR-2008-OND [2011/02/05 10:00:47 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Booba-Ouest_Side-FR-2006-OGV [2011/02/02 16:41:53 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Nouveau dossier (2) [2011/01/30 07:46:30 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Green Money-Greenologie-2011-BY POPOF [2011/01/25 01:05:30 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Green_Money-Mixtape_Mp3_Vol.2-(WEB)-FR-2010-S0N0R [2011/01/22 15:57:06 | 000,237,168 | ---- | C] (AVAST Software) -- I:\Windows\System32\aswBoot.exe [2011/01/20 02:47:53 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Falcko-El_Gato_Negro-(WEB)-FR-2011-S0N0R [2010/08/28 19:45:48 | 485,657,200 | ---- | C] ( ) -- I:\Program Files (x86)\StreetGears_FullClient_Dec09_FR.exe ========== Files - Modified Within 30 Days ========== [2011/02/11 12:06:42 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat [2011/02/11 12:06:35 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/02/11 12:06:34 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/02/11 12:01:00 | 000,001,064 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/02/11 12:00:47 | 2115,289,087 | -HS- | M] () -- I:\hiberfil.sys [2011/02/11 09:56:02 | 000,001,068 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/02/10 02:28:46 | 004,911,368 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT [2011/02/09 11:30:19 | 000,014,110 | ---- | M] () -- I:\Users\Pascal\Desktop\Lettre Offre Spontanée.docx [2011/02/05 15:34:34 | 000,099,840 | ---- | M] () -- I:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe [2011/02/02 14:47:07 | 000,084,935 | ---- | M] () -- I:\Users\Pascal\Desktop\Sans-titre-1.jpg [2011/02/02 11:21:41 | 000,744,852 | ---- | M] () -- I:\Windows\System32\perfh00C.dat [2011/02/02 11:21:41 | 000,651,734 | ---- | M] () -- I:\Windows\System32\perfh009.dat [2011/02/02 11:21:41 | 000,148,370 | ---- | M] () -- I:\Windows\System32\perfc00C.dat [2011/02/02 11:21:41 | 000,120,666 | ---- | M] () -- I:\Windows\System32\perfc009.dat [2011/01/29 11:02:53 | 000,014,579 | ---- | M] () -- I:\Users\Pascal\Desktop\CV caissière.docx [2011/01/27 10:33:30 | 000,000,832 | ---- | M] () -- I:\Windows\wininit.ini [2011/01/22 15:57:06 | 000,000,000 | ---- | M] () -- I:\Windows\SysWow64\config.nt [2011/01/20 16:16:12 | 002,783,335 | ---- | M] () -- I:\Users\Pascal\Desktop\1.jpg [2011/01/20 15:56:59 | 016,062,633 | ---- | M] () -- I:\Users\Pascal\Desktop\4248412363_68508835e8_b_d1.psd [2011/01/20 15:51:46 | 003,155,680 | ---- | M] () -- I:\Users\Pascal\Desktop\201000618-fin_trims 145.jpg [2011/01/20 15:50:45 | 014,616,954 | ---- | M] () -- I:\Users\Pascal\Desktop\peinture_tutsps.rar [2011/01/20 15:33:44 | 000,393,910 | ---- | M] () -- I:\Users\Pascal\Desktop\drilon.jpg [2011/01/18 00:48:35 | 000,040,960 | ---- | M] () -- I:\Users\Pascal\Desktop\mmmmns titre.wps [2011/01/18 00:48:35 | 000,000,544 | ---- | M] () -- I:\Users\Pascal\AppData\Roaming\wklnhst.dat [2011/01/13 11:28:21 | 000,000,149 | ---- | M] () -- I:\Users\Pascal\AppData\Roaming\default.rss [2011/01/13 11:28:17 | 000,000,069 | ---- | M] () -- I:\Windows\NeroDigital.ini [2011/01/13 03:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- I:\Windows\System32\aswBoot.exe ========== Files Created - No Company Name ========== [2011/02/11 05:49:00 | 000,256,512 | ---- | C] () -- I:\Windows\PEV.exe [2011/02/11 05:49:00 | 000,098,816 | ---- | C] () -- I:\Windows\sed.exe [2011/02/11 05:49:00 | 000,089,088 | ---- | C] () -- I:\Windows\MBR.exe [2011/02/11 05:49:00 | 000,080,412 | ---- | C] () -- I:\Windows\grep.exe [2011/02/11 05:49:00 | 000,068,096 | ---- | C] () -- I:\Windows\zip.exe [2011/02/05 15:34:35 | 000,099,840 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe [2011/02/02 14:47:04 | 000,084,935 | ---- | C] () -- I:\Users\Pascal\Desktop\Sans-titre-1.jpg [2011/01/29 11:02:53 | 000,014,579 | ---- | C] () -- I:\Users\Pascal\Desktop\CV caissière.docx [2011/01/29 10:54:07 | 000,014,110 | ---- | C] () -- I:\Users\Pascal\Desktop\Lettre Offre Spontanée.docx [2011/01/20 16:16:10 | 002,783,335 | ---- | C] () -- I:\Users\Pascal\Desktop\1.jpg [2011/01/20 15:57:09 | 000,768,541 | ---- | C] () -- I:\Users\Pascal\Desktop\4248412363_68508835e8_b_d1.jpg [2011/01/20 15:56:57 | 016,062,633 | ---- | C] () -- I:\Users\Pascal\Desktop\4248412363_68508835e8_b_d1.psd [2011/01/20 15:50:22 | 014,616,954 | ---- | C] () -- I:\Users\Pascal\Desktop\peinture_tutsps.rar [2011/01/20 15:49:19 | 003,155,680 | ---- | C] () -- I:\Users\Pascal\Desktop\201000618-fin_trims 145.jpg [2011/01/20 15:33:43 | 000,393,910 | ---- | C] () -- I:\Users\Pascal\Desktop\drilon.jpg [2011/01/16 13:45:36 | 000,040,960 | ---- | C] () -- I:\Users\Pascal\Desktop\mmmmns titre.wps [2010/12/16 06:36:16 | 000,036,864 | ---- | C] () -- I:\Windows\SysWow64\EGameEncrypt.dll [2010/11/23 15:59:47 | 000,000,149 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\default.rss [2010/11/23 15:59:36 | 000,000,069 | ---- | C] () -- I:\Windows\NeroDigital.ini [2010/11/20 12:47:22 | 000,178,176 | ---- | C] () -- I:\Windows\SysWow64\unrar.dll [2010/11/20 12:47:22 | 000,000,038 | ---- | C] () -- I:\Windows\avisplitter.ini [2010/11/20 12:47:19 | 000,881,664 | ---- | C] () -- I:\Windows\SysWow64\xvidcore.dll [2010/11/20 12:47:19 | 000,205,824 | ---- | C] () -- I:\Windows\SysWow64\xvidvfw.dll [2010/11/20 12:47:19 | 000,085,504 | ---- | C] () -- I:\Windows\SysWow64\ff_vfw.dll [2010/11/15 11:27:28 | 000,000,308 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\Rim.Desktop.Exception.log [2010/11/15 11:27:11 | 000,000,807 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\Rim.Desktop.HttpServerSetup.log [2010/10/30 15:39:23 | 001,970,176 | ---- | C] () -- I:\Windows\SysWow64\d3dx9.dll [2010/10/30 12:34:35 | 000,001,456 | ---- | C] () -- I:\Users\Pascal\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs [2010/10/28 12:46:53 | 001,638,172 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI [2010/10/23 13:50:12 | 000,000,179 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\37198.bat [2010/09/06 14:02:18 | 000,000,832 | ---- | C] () -- I:\Windows\wininit.ini [2010/08/28 18:02:46 | 000,000,017 | ---- | C] () -- I:\Users\Pascal\AppData\Local\resmon.resmoncfg [2010/08/06 17:28:09 | 000,000,132 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\Adobe BMP Format CS5 Prefs [2010/07/30 14:22:59 | 000,000,544 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\wklnhst.dat [2009/11/18 16:39:50 | 000,192,484 | ---- | C] () -- I:\Program Files (x86)\Common Files\Acer GameZone online.ico [2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll [2008/10/28 10:40:48 | 000,173,552 | ---- | C] () -- I:\Windows\SysWow64\xlive.dll.cat [2002/10/06 13:37:26 | 000,053,760 | ---- | C] () -- I:\Windows\SysWow64\zlib.dll [1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- I:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2011/02/05 15:37:30 | 000,032,496 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*. Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*. Invalid Environment Variable: %APPDATA%\*.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ALG.EXE > [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=3290D6946B5E30E70414990574883DDB -- [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=3290D6946B5E30E70414990574883DDB -- I:\Windows\winsxs\amd64_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_04de43c774cf8fe3\alg.exe < MD5 for: ATAPI.SYS > [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\ERDNT\cache64\atapi.sys [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CDROM.SYS > [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- [2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- I:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys < MD5 for: CNGAUDIT.DLL > [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\ERDNT\cache86\cngaudit.dll [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\SysWOW64\cngaudit.dll [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\ERDNT\cache64\cngaudit.dll [2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\SysWOW64\cngaudit.dll [2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: CSRSS.EXE > [2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- [2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- I:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe < MD5 for: CTFMON.EXE > [2009/07/13 20:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- I:\Windows\ERDNT\cache64\ctfmon.exe [2009/07/13 20:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- I:\Windows\SysWOW64\ctfmon.exe [2009/07/13 20:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- I:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe [2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- I:\Windows\ERDNT\cache86\ctfmon.exe [2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- I:\Windows\SysWOW64\ctfmon.exe [2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- I:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe < MD5 for: DISK.SYS > [2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- [2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- [2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- I:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys < MD5 for: EVENTLOG.DLL > [2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- I:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\SysWOW64\explorer.exe [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\ERDNT\cache86\explorer.exe [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\explorer.exe [2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: I8042PRT.SYS > [2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- [2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- [2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- [2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- I:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\i8042prt.sys [2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- I:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys < MD5 for: IASTOR.SYS > [2009/10/13 13:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys < MD5 for: IASTORV.SYS > [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- [2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: INTELIDE.SYS > [2009/07/13 20:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) MD5=F00F20E70C6EC3AA366910083A0518AA -- [2009/07/13 20:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) MD5=F00F20E70C6EC3AA366910083A0518AA -- [2009/07/13 20:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) MD5=F00F20E70C6EC3AA366910083A0518AA -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\intelide.sys < MD5 for: MOUNTMGR.SYS > [2009/07/13 20:48:27 | 000,094,784 | ---- | M] (Microsoft Corporation) MD5=791AF66C4D0E7C90A3646066386FB571 -- [2009/07/13 20:48:27 | 000,094,784 | ---- | M] (Microsoft Corporation) MD5=791AF66C4D0E7C90A3646066386FB571 -- I:\Windows\winsxs\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7600.16385_none_4e8d166d20b6ca3b\mountmgr.sys < MD5 for: MRXSMB.SYS > [2010/02/27 02:52:22 | 000,157,696 | ---- | M] (Microsoft Corporation) MD5=767A4C3BCF9410C286CED15A2DB17108 -- [2010/02/27 02:52:22 | 000,157,696 | ---- | M] (Microsoft Corporation) MD5=767A4C3BCF9410C286CED15A2DB17108 -- I:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16539_none_dbc0736c6aa249bf\mrxsmb.sys [2010/02/27 02:52:14 | 000,157,696 | ---- | M] (Microsoft Corporation) MD5=968613CC6C0F7427FAC62ACED6F7B8C5 -- I:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20655_none_dc306f3783d3bc0f\mrxsmb.sys [2009/07/13 18:24:00 | 000,157,184 | ---- | M] (Microsoft Corporation) MD5=CFDCD8CA87C2A657DEBC150AC35B5E08 -- I:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16385_none_db865edc6ace75ca\mrxsmb.sys < MD5 for: MRXSMB10.SYS > [2009/07/13 18:24:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1BEE517B220B7F024F411AEC1571DD5A -- I:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16385_none_e4997d30651fb42c\mrxsmb10.sys [2010/02/27 02:52:17 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=2DD6A56A8C7B58F3181C98E536A327B2 -- I:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20655_none_e5438d8b7e24fa71\mrxsmb10.sys [2010/02/27 02:52:29 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=920EE0FF995FCFDEB08C41605A959E1C -- [2010/02/27 02:52:29 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=920EE0FF995FCFDEB08C41605A959E1C -- I:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16539_none_e4d391c064f38821\mrxsmb10.sys < MD5 for: MRXSMB20.SYS > [2010/02/27 02:52:12 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=00716986E11C4F6A53E1177683D1DB20 -- I:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.20655_none_e779f79dbc7c2de2\mrxsmb20.sys [2009/07/13 18:24:06 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=6B2D5FEF385828B6E485C1C90AFB8195 -- I:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16385_none_e6cfe742a376e79d\mrxsmb20.sys [2010/02/27 02:52:28 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=740D7EA9D72C981510A5292CF6ADC941 -- [2010/02/27 02:52:28 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=740D7EA9D72C981510A5292CF6ADC941 -- I:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16539_none_e709fbd2a34abb92\mrxsmb20.sys < MD5 for: NDIS.SYS > [2009/07/13 20:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- [2009/07/13 20:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- I:\Windows\ERDNT\cache64\ndis.sys [2009/07/13 20:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- I:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys < MD5 for: NETLOGON.DLL > [2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\ERDNT\cache64\netlogon.dll [2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\SysWOW64\netlogon.dll [2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\ERDNT\cache86\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\SysWOW64\netlogon.dll [2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- [2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: RASACD.SYS > [2009/07/13 19:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- [2009/07/13 19:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- I:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys < MD5 for: RDPCDD.SYS > [2009/07/13 19:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=CEA6CC257FC9B7715F1C2B4849286D24 -- [2009/07/13 19:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=CEA6CC257FC9B7715F1C2B4849286D24 -- I:\Windows\winsxs\amd64_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7600.16385_none_30d015c257effe8b\RDPCDD.sys < MD5 for: SCECLI.DLL > [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\ERDNT\cache86\scecli.dll [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\SysWOW64\scecli.dll [2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\ERDNT\cache64\scecli.dll [2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\SysWOW64\scecli.dll [2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: SERVICES.EXE > [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- I:\Windows\ERDNT\cache64\services.exe [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- I:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe < MD5 for: SMSS.EXE > [2009/07/13 20:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- [2009/07/13 20:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- I:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe < MD5 for: SPOOLSV.EXE > [2010/08/20 00:38:12 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=8547491BE7086EE317163365D83A37D2 -- I:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe [2009/07/13 20:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=89E8550C5862999FCF482EA562B0E98E -- I:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe [2010/08/21 01:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- [2010/08/21 01:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- I:\Windows\ERDNT\cache64\spoolsv.exe [2010/08/21 01:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- I:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe < MD5 for: STORPORT.SYS > [2009/07/13 20:45:55 | 000,185,936 | ---- | M] (Microsoft Corporation) MD5=141E6F0B54DA421B8DE146F5AD947760 -- [2009/07/13 20:45:55 | 000,185,936 | ---- | M] (Microsoft Corporation) MD5=141E6F0B54DA421B8DE146F5AD947760 -- I:\Windows\winsxs\amd64_microsoft-windows-storport_31bf3856ad364e35_6.1.7600.16385_none_8371405049dfec7a\storport.sys < MD5 for: SVCHOST.EXE > [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\ERDNT\cache86\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\SysWOW64\svchost.exe [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\ERDNT\cache64\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\SysWOW64\svchost.exe [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe < MD5 for: TCPIP.SYS > [2010/06/14 01:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- I:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys [2010/06/14 01:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- [2010/06/14 01:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- I:\Windows\ERDNT\cache64\tcpip.sys [2010/06/14 01:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- I:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys [2009/07/13 20:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- I:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys < MD5 for: TERMDD.SYS > [2009/07/13 20:45:55 | 000,062,544 | ---- | M] (Microsoft Corporation) MD5=C448651339196C0E869A355171875522 -- [2009/07/13 20:45:55 | 000,062,544 | ---- | M] (Microsoft Corporation) MD5=C448651339196C0E869A355171875522 -- [2009/07/13 20:45:55 | 000,062,544 | ---- | M] (Microsoft Corporation) MD5=C448651339196C0E869A355171875522 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\termdd.sys < MD5 for: USERINIT.EXE > [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\ERDNT\cache86\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\SysWOW64\userinit.exe [2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\ERDNT\cache64\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\SysWOW64\userinit.exe [2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WIN32K.SYS > [2010/05/01 10:04:07 | 003,124,224 | ---- | M] (Microsoft Corporation) MD5=333F53E52C29577D65D7328D4A95FFF1 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20704_none_15c78cf4cd156ec7\win32k.sys [2011/01/04 23:00:16 | 003,127,808 | ---- | M] (Microsoft Corporation) MD5=33DD4577B4BA2CF6BD1D1096DCBB0A49 -- [2011/01/04 23:00:16 | 003,127,808 | ---- | M] (Microsoft Corporation) MD5=33DD4577B4BA2CF6BD1D1096DCBB0A49 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16732_none_151b81b7b411ed49\win32k.sys [2011/01/04 22:57:31 | 003,129,344 | ---- | M] (Microsoft Corporation) MD5=643E6764B18CB3266357FD0AB649F7A8 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21634_none_178d7c1cca542bad\win32k.sys [2010/05/01 10:07:05 | 003,122,176 | ---- | M] (Microsoft Corporation) MD5=718F3491CF541569956BAA4C6E7B351E -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16585_none_14e86f2db437cab5\win32k.sys [2010/06/18 23:24:19 | 003,124,224 | ---- | M] (Microsoft Corporation) MD5=799A5411338E2F3D2A3710B3D209D8B3 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20738_none_15ab1e58cd2a27f6\win32k.sys [2010/10/19 22:25:10 | 003,126,272 | ---- | M] (Microsoft Corporation) MD5=7E5E9C8FC212ABBF72D87AF3370D8D35 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20821_none_15aeee24cd2857cb\win32k.sys [2010/08/31 21:58:34 | 003,123,712 | ---- | M] (Microsoft Corporation) MD5=8549DC7684CBC0A0AA542051B7EF5A23 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16667_none_1500117fb425c2a8\win32k.sys [2011/01/04 22:59:01 | 003,129,344 | ---- | M] (Microsoft Corporation) MD5=9F9B2A0552CD7FCD1B6A29B94A6AABE1 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20873_none_157adf1ccd4f162e\win32k.sys [2010/08/31 21:55:20 | 003,125,248 | ---- | M] (Microsoft Corporation) MD5=A671682E193BD7D39CE8DD33ABD4FC71 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20792_none_15643d14cd603792\win32k.sys [2010/10/19 22:09:15 | 003,124,224 | ---- | M] (Microsoft Corporation) MD5=A94AAAE340658B6C29091B9FD74D2317 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16691_none_14d99fffb4437e71\win32k.sys [2009/07/13 18:40:40 | 003,122,176 | ---- | M] (Microsoft Corporation) MD5=CBEF2EB83438ED9FC39411CC8378B0E7 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16385_none_14e86b61b437d067\win32k.sys [2010/06/18 23:32:34 | 003,122,688 | ---- | M] (Microsoft Corporation) MD5=E04C151CA3D6C1D968AA066B2C67DF24 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16617_none_1536211bb3fd36f3\win32k.sys [2011/01/05 01:56:24 | 003,129,344 | ---- | M] (Microsoft Corporation) MD5=F7755E762C67E2AFF6087AB5D2CE7A7A -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17535_none_1704df9bb135a53a\win32k.sys < MD5 for: WININIT.EXE > [2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- I:\Windows\ERDNT\cache64\wininit.exe [2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- I:\Windows\SysWOW64\wininit.exe [2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- I:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- I:\Windows\ERDNT\cache86\wininit.exe [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- I:\Windows\SysWOW64\wininit.exe [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- I:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\ERDNT\cache64\winlogon.exe [2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < CREATERESTOREPOINT > < End of report > Par simple curiosité, vous faites comment pour trouver un truc précis dans ce charabia ? -
Ramnit.. ca commence à m'énerver
Esprit09 a répondu à un(e) sujet de Esprit09 dans Analyses et éradication malwares
La connexion internet ne fonctionne pas. J'essai de copier le texte sur fichier bloc note via une clé USB. -
Ramnit.. ca commence à m'énerver
Esprit09 a répondu à un(e) sujet de Esprit09 dans Analyses et éradication malwares
Merci infiniment, je serais libre aux alentours de 17h00 donc je te ferais ca. -
Bonjour, alors depuis quelques temps j'ai mon antivirus (Antivir) qui m'affiche souvent des infections (W32/Ramnit.C et autres). J'ai des messages d'alertes toutes les ~2 minutes quand je surf sur le web. J'ai lu la FAQ de ce forum et j'ai vu qu'il fallait que je post un rapport du logiciel ComboFix. Le voici donc : ComboFix 11-02-09.05 - Pascal 11.02.2011 11:50:23.1.8 - x64 Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.41.1036.18.8151.5857 [GMT 1:00] Lancé depuis: c:\users\Pascal\Downloads\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files (x86)\Blender c:\users\Pascal\AppData\Roaming\install c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Low c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Low\HDD Low.lnk c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Low\Uninstall HDD Low.lnk D:\install.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-11 au 2011-02-11 )))))))))))))))))))))))))))))))))))) . 2011-02-09 16:17 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll 2011-02-09 16:17 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2011-02-09 16:16 . 2011-01-05 04:00 3127808 ----a-w- c:\windows\system32\win32k.sys 2011-02-09 16:16 . 2011-01-05 06:20 612352 ----a-w- c:\windows\system32\vbscript.dll 2011-02-09 16:16 . 2011-01-05 05:37 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-02-09 16:15 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-02-09 16:15 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll 2011-02-09 16:15 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-02-09 16:15 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll 2011-02-09 16:15 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-02-09 16:15 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-02-09 16:15 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-02-09 16:15 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll 2011-02-09 16:15 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-02-09 07:38 . 2011-02-09 08:29 -------- d-----w- c:\users\Pascal\DoctorWeb 2011-02-09 07:30 . 2011-02-09 07:30 -------- d-----w- c:\program files (x86)\WinClamAVShield 2011-02-08 16:19 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F81C890-D130-4872-86A7-2C25486EA735}\mpengine.dll 2011-02-06 11:24 . 2011-02-06 11:24 -------- d-----w- c:\users\Pascal\AppData\Roaming\Avira 2011-02-06 11:22 . 2011-02-06 11:22 -------- d-----w- c:\programdata\Avira 2011-02-06 11:22 . 2011-02-06 11:22 -------- d-----w- c:\program files (x86)\Avira 2011-02-06 11:22 . 2010-12-06 07:48 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-02-06 11:22 . 2010-12-06 07:48 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-02-06 10:57 . 2011-02-11 09:59 -------- d-----w- c:\programdata\Spyware Terminator 2011-02-06 10:57 . 2011-02-06 21:09 -------- d-----w- c:\users\Pascal\AppData\Roaming\Spyware Terminator 2011-02-06 10:57 . 2011-02-06 20:56 -------- d-----w- c:\program files (x86)\Spyware Terminator 2011-02-05 20:34 . 2011-02-05 20:34 -------- d-----w- c:\users\Pascal\oguexvlc 2011-02-05 20:34 . 2011-02-05 20:34 99840 ------w- c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe 2011-01-22 20:57 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe 2011-01-14 09:44 . 2011-01-14 09:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-24 10:36 . 2010-12-24 10:36 2052928 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2010-11-14 20:01 . 2010-11-14 20:01 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2010-11-14 20:01 . 2010-11-14 20:01 1753920 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2010-08-29 10:38 . 2010-08-29 00:45 485657200 ----a-w- c:\program files (x86)\StreetGears_FullClient_Dec09_FR.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:41 120104 ------w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-18 39408] "RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-06 3318784] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888] "Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-16 128296] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-10 421160] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-06 281768] "SpywareTerminator"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-02-06 2557440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-06 3318784] c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ wmmqiyus.exe [2011-2-5 99840] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2010-4-17 319488] SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2010-4-17 53760] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 135664] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-05-01 15872] R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\DriftCity\GameGuard\dump_wmimmc.sys [x] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-08-13 342016] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712] R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-30 1255736] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-27 834544] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/04/17 04:33];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-11-13 02:30 146928] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-06 135336] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208] S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2010-07-07 50696] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-19 712704] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . Contenu du dossier 'Tâches planifiées' 2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 11:46] 2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 11:46] . --------- x86-64 ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-10 13:44 137512 ------w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Examen supplémentaire ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&m=aspire_m7811&r=17360710n506pe4g5v1k5w4531u978 uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&m=aspire_m7811&r=17360710n506pe4g5v1k5w4531u978 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html Trusted Zone: microsoft.com\download.windowsupdate Trusted Zone: microsoft.com\update FF - ProfilePath - c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-421051368-675785460-3348532563-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" [HKEY_USERS\S-1-5-21-421051368-675785460-3348532563-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Autres processus actifs ------------------------ . c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Mozilla Firefox\firefox.exe . ************************************************************************** . Heure de fin: 2011-02-11 12:00:17 - La machine a redémarré ComboFix-quarantined-files.txt 2011-02-11 11:00 Avant-CF: 297'740'959'744 octets libres Après-CF: 297'730'908'160 octets libres - - End Of File - - 4552955457DBF2042617ABA144C79363 En vous remerciant d'avance, Esprit09. EDIT : Je précise que je suis allé sur d'autres sites pour trouver une solution à mon problème et je n'ai rien trouvé hormis certaines solutions qui sont faite pour un cas particulier.