Ramnit.. ca commence à m'énerver

Esprit09 · le 11 février 2011

Bonjour, alors depuis quelques temps j'ai mon antivirus (Antivir) qui m'affiche souvent des infections (W32/Ramnit.C et autres). J'ai des messages d'alertes toutes les ~2 minutes quand je surf sur le web.

J'ai lu la FAQ de ce forum et j'ai vu qu'il fallait que je post un rapport du logiciel ComboFix. Le voici donc :

ComboFix 11-02-09.05 - Pascal 11.02.2011 11:50:23.1.8 - x64

Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.41.1036.18.8151.5857 [GMT 1:00]

Lancé depuis: c:\users\Pascal\Downloads\ComboFix.exe

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Un nouveau point de restauration a été créé

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Blender

c:\users\Pascal\AppData\Roaming\install

c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Low

c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Low\HDD Low.lnk

c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDD Low\Uninstall HDD Low.lnk

D:\install.exe

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-01-11 au 2011-02-11 ))))))))))))))))))))))))))))))))))))

.

2011-02-09 16:17 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll

2011-02-09 16:17 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll

2011-02-09 16:16 . 2011-01-05 04:00 3127808 ----a-w- c:\windows\system32\win32k.sys

2011-02-09 16:16 . 2011-01-05 06:20 612352 ----a-w- c:\windows\system32\vbscript.dll

2011-02-09 16:16 . 2011-01-05 05:37 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-02-09 16:15 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-02-09 16:15 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll

2011-02-09 16:15 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-02-09 16:15 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll

2011-02-09 16:15 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-02-09 16:15 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-02-09 16:15 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-02-09 16:15 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 16:15 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-02-09 07:38 . 2011-02-09 08:29 -------- d-----w- c:\users\Pascal\DoctorWeb

2011-02-09 07:30 . 2011-02-09 07:30 -------- d-----w- c:\program files (x86)\WinClamAVShield

2011-02-08 16:19 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F81C890-D130-4872-86A7-2C25486EA735}\mpengine.dll

2011-02-06 11:24 . 2011-02-06 11:24 -------- d-----w- c:\users\Pascal\AppData\Roaming\Avira

2011-02-06 11:22 . 2011-02-06 11:22 -------- d-----w- c:\programdata\Avira

2011-02-06 11:22 . 2011-02-06 11:22 -------- d-----w- c:\program files (x86)\Avira

2011-02-06 11:22 . 2010-12-06 07:48 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-02-06 11:22 . 2010-12-06 07:48 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-02-06 10:57 . 2011-02-11 09:59 -------- d-----w- c:\programdata\Spyware Terminator

2011-02-06 10:57 . 2011-02-06 21:09 -------- d-----w- c:\users\Pascal\AppData\Roaming\Spyware Terminator

2011-02-06 10:57 . 2011-02-06 20:56 -------- d-----w- c:\program files (x86)\Spyware Terminator

2011-02-05 20:34 . 2011-02-05 20:34 -------- d-----w- c:\users\Pascal\oguexvlc

2011-02-05 20:34 . 2011-02-05 20:34 99840 ------w- c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe

2011-01-22 20:57 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe

2011-01-14 09:44 . 2011-01-14 09:44 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-24 10:36 . 2010-12-24 10:36 2052928 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2010-11-14 20:01 . 2010-11-14 20:01 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2010-11-14 20:01 . 2010-11-14 20:01 1753920 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2010-08-29 10:38 . 2010-08-29 00:45 485657200 ----a-w- c:\program files (x86)\StreetGears_FullClient_Dec09_FR.exe

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:41 120104 ------w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-18 39408]

"RGSC"="c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-06 3318784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]

"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648]

"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-11-16 128296]

"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-11-13 181480]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-10 421160]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-06 281768]

"SpywareTerminator"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-02-06 2557440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminatorUpdate"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-02-06 3318784]

c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

wmmqiyus.exe [2011-2-5 99840]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2010-4-17 319488]

SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2010-4-17 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 135664]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-05-01 15872]

R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\DriftCity\GameGuard\dump_wmimmc.sys [x]

R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-08-13 342016]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-30 1255736]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-27 834544]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/04/17 04:33];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-11-13 02:30 146928]

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-06 135336]

S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]

S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2010-07-07 50696]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-19 712704]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

Contenu du dossier 'Tâches planifiées'

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 11:46]

2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 11:46]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:44 137512 ------w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&m=aspire_m7811&r=17360710n506pe4g5v1k5w4531u978

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&m=aspire_m7811&r=17360710n506pe4g5v1k5w4531u978

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

Trusted Zone: microsoft.com\download.windowsupdate

Trusted Zone: microsoft.com\update

FF - ProfilePath - c:\users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=fr&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

.

- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-Locked - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

Toolbar-Locked - (no file)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-421051368-675785460-3348532563-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-421051368-675785460-3348532563-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Autres processus actifs ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Mozilla Firefox\firefox.exe

.

**************************************************************************

.

Heure de fin: 2011-02-11 12:00:17 - La machine a redémarré

ComboFix-quarantined-files.txt 2011-02-11 11:00

Avant-CF: 297'740'959'744 octets libres

Après-CF: 297'730'908'160 octets libres

- - End Of File - - 4552955457DBF2042617ABA144C79363

En vous remerciant d'avance, Esprit09.

EDIT : Je précise que je suis allé sur d'autres sites pour trouver une solution à mon problème et je n'ai rien trouvé hormis certaines solutions qui sont faite pour un cas particulier.

Modifié le 11 février 2011 par Esprit09

bernard53 · le 11 février 2011

Bonjour Esprit09

fait ceci s.t.p car Combofix ne suffit pas pour cette infection.

Sauvegarde des données perso avant de débuter quoique ce soit, au cas où un formatage non anticipé devrait être effectué. On ne sauvegarde pas les .exe et .scr (incluant tout programme), ni les .zip ou .rar téléchargés, ni les fichiers .htm, .html ou .php

Graver et Démarrer OTLPE depuis un CD

► Télécharge OTLPEnet :: http://oldtimer.gee k s togo.com/OTLPENet.exe sur ton Bureau ou http://www.itxa s s ociate s .com/OT-Tool s /OTLPENet.exe

* Quand le téléchargement sera fini, Double Clic sur OTLPENet.exe(clic droit executer en tant qu'administrateur sous vista|seven) et assures-toi d'avoir insérer un CDR vierge dans ton graveur CD/DVD. Une fenêtre va s'ouvrir pour te demander si tu souhaites graver Le CD, clique sur le bouton Oui.

* Patiente le temps de la décompression et de la gravure du CD.

* demarrer sur le cdrom crée de Reatogo , voir exemple: booter-sur-dvd-t9447.html

* Ton système doit montrer un bureau REATOGO-X-PE

* En fonction de votre type de connexion Internet, tu dois être en mesure d'accèder au Net, si bien que tu peux accéder à ce sujet plus facilement.

* Double-click sur l'icone OTLPE

» à ceci valider par ok:

» à ceci selectionner sa session:

** si le systeme d'exploitation est Vista ou Seven tu peux avoir ce message : "RunScanner Error - Target is not windows 2000 or later", il faut donc aller et sélectionner jusqu'au dossier c:\windows dans l'arborescence en dessous de local disk (c:)

* verifier que "Automatically Load All Remaining Users" est sélectionné et press OK

» OTLPE se lançe alors

o sous Custom Scan box copie_colle le contenu du cadre ci dessous:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

csrss.exe

smss.exe

svchost.exe

services.exe

spoolsv.exe

alg.exe

ctfmon.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

i8042prt.sys

cdrom.sys

disk.sys

ndis.sys

tcpip.sys

imapi.sys

RDPCDD.sys

mountmgr.sys

aec.sys

rasacd.sys

redbook.sys

intelide.sys

mrxsmb10.sys

mrxsmb20.sys

termdd.sys

mrxsmb.sys

win32k.sys

storport.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

CREATERESTOREPOINT

* clic Run Scan pour demarrer le scan.

* une fois terminé , le fichier se trouve là C:\OTL.txt

* copie_colle le contenu dans ta prochaine reponse

Si ton rapport est trop long, utilise le site Cijoint.fr - Service gratuit de dépôt de fichiers pour envoyer ton rapport, et mets le lien dans ta prochaine réponse.

Je regarde ton rapport ce soir.

A+

Modifié le 11 février 2011 par bernard53

Esprit09 · le 11 février 2011

Merci infiniment, je serais libre aux alentours de 17h00 donc je te ferais ca.

Esprit09 · le 11 février 2011

La connexion internet ne fonctionne pas. J'essai de copier le texte sur fichier bloc note via une clé USB.

bernard53 · le 11 février 2011

normal c'est ce qu'il faut faire

Esprit09 · le 11 février 2011

OTL logfile created on: 2/11/2011 6:15:40 PM - Run

OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE

64bit-Windows 7 Home Premium (Version = 6.1.7600) - Type = System

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files (x86)

Drive C: | 100.00 Mb Total Space | 74.36 Mb Free Space | 74.36% Space Free | Partition Type: NTFS

Drive I: | 457.95 Gb Total Space | 278.01 Gb Free Space | 60.71% Space Free | Partition Type: NTFS

Drive J: | 458.46 Gb Total Space | 431.80 Gb Free Space | 94.19% Space Free | Partition Type: NTFS

Drive K: | 5.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive L: | 1.90 Gb Total Space | 0.47 Gb Free Space | 24.65% Space Free | Partition Type: FAT

Drive X: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/13 07:46:22 | 000,342,016 | ---- | M] (CybelSoft) [On_Demand] -- I:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)

SRV:64bit: - [2009/08/06 16:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand] -- I:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto] -- I:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV - [2011/02/06 05:57:41 | 000,948,775 | ---- | M] (Crawler.com) [Auto] -- I:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)

SRV - [2010/12/16 18:58:18 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand] -- I:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2010/12/06 02:47:54 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/12/06 02:47:41 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- I:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/10/15 18:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- I:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/07/09 09:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto] -- I:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/05/03 17:21:00 | 003,604,720 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- I:\Windows\SysWow64\GameMon.des -- (npggsvc)

SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- I:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 06:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () [Auto] -- I:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)

SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto] -- I:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/09/23 07:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto] -- I:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand] -- I:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto] -- I:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/08/12 18:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto] -- I:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/12/06 02:48:06 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System] -- I:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV:64bit: - [2010/12/06 02:48:06 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto] -- I:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2010/09/28 09:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/08/26 23:23:22 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- I:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV:64bit: - [2010/07/07 05:26:46 | 000,050,696 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto] -- I:\Windows\System32\drivers\stflt.sys -- (sp_rsdrv2)

DRV:64bit: - [2010/05/01 07:05:04 | 000,015,872 | ---- | M] (CybelSoft) [Kernel | On_Demand] -- I:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64)

DRV:64bit: - [2009/10/29 03:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- I:\Windows\System32\drivers\jraid.sys -- (JRAID)

DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/09/23 04:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\e1k62x64.sys -- (e1kexpress) Intel®

DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/08/06 16:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot] -- I:\Windows\System32\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/06/19 17:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- I:\Windows\System32\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- I:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/02 06:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- I:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009/06/02 06:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System] -- I:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009/06/02 06:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System] -- I:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand] -- I:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2009/01/09 10:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2008/05/20 12:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV - [2009/11/12 21:30:30 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/04/17 04:33:32] [Kernel | Auto] -- I:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})

DRV - [2004/12/30 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- I:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&m=aspire_m7811&r=17360710n506pe4g5v1k5w4531u978

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Pascal_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=100c&m=aspire_m7811&r=17360710n506pe4g5v1k5w4531u978

IE - HKU\Pascal_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Pascal_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.ch/"

FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=fr&q="

[2010/07/30 06:45:50 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Extensions

[2011/02/10 11:48:45 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions

[2011/01/18 14:14:38 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011/01/12 12:07:34 | 000,000,000 | ---D | M] (Zynga Toolbar) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

[2010/12/26 19:22:47 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2010/10/23 12:45:52 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files (x86)\Mozilla Firefox\extensions

[2010/07/30 15:55:37 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- I:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

File not found (No name found) -- C:\USERS\PASCAL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\J5KKCKNM.DEFAULT\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}

[2010/10/29 15:19:05 | 000,001,516 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/10/29 15:19:05 | 000,001,822 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/10/29 15:19:05 | 000,000,757 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/10/29 15:19:05 | 000,001,426 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/10/29 15:19:05 | 000,000,956 | ---- | M] () -- I:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/12/27 16:10:53 | 000,428,403 | R--- | M]) - I:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 14747 more lines...

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\Pascal_ON_I\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKU\Pascal_ON_I\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - I:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] I:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [iAAnotif] I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [mwlDaemon] I:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] I:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] I:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ArcadeDeluxeAgent] I:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [avgnt] I:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [backupManagerTray] I:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [EgisTecLiveUpdate] I:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [Hotkey Utility] I:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()

O4 - HKLM..\Run: [JMB36X IDE Setup] I:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [NortonOnlineBackupReminder] I:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKLM..\Run: [PlayMovie] I:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)

O4 - HKLM..\Run: [spywareTerminator] I:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)

O4 - HKLM..\Run: [switchBoard] I:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKU\.DEFAULT..\Run: [spywareTerminatorUpdate] I:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)

O4 - HKU\Pascal_ON_I..\Run: [RGSC] I:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)

O4 - HKU\Pascal_ON_I..\Run: [spybotSD TeaTimer] I:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\Pascal_ON_I..\Run: [spywareTerminatorUpdate] I:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)

O4 - HKU\Pascal_ON_I..\Run: [swg] I:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: I:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\LocalService_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\NetworkService_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Pascal_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Pascal_ON_I\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\systemprofile_ON_I\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: Google Sidewiki... - I:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - I:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - I:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - I:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15:64bit: - Pascal_ON_I\..Trusted Domains: microsoft.com ([download.windowsupdate] http in Sites de confiance)

O15:64bit: - Pascal_ON_I\..Trusted Domains: microsoft.com ([update] http in Sites de confiance)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/02/12 14:53:42 | 000,000,277 | R--- | M] () - K:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found

64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - I:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: MpfService - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - I:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: aux - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midi - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: midimapper - I:\Windows\System32\midimap.dll (Microsoft Corporation)

Drivers32:64bit: mixer - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: msacm.imaadpcm - I:\Windows\System32\imaadp32.acm (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - I:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: msacm.msadpcm - I:\Windows\System32\msadp32.acm (Microsoft Corporation)

Drivers32:64bit: msacm.msg711 - I:\Windows\System32\msg711.acm (Microsoft Corporation)

Drivers32:64bit: msacm.msgsm610 - I:\Windows\System32\msgsm32.acm (Microsoft Corporation)

Drivers32:64bit: vidc.i420 - I:\Windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.iyuv - I:\Windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.mrle - I:\Windows\System32\msrle32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.msvc - I:\Windows\System32\msvidc32.dll (Microsoft Corporation)

Drivers32:64bit: vidc.uyvy - I:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32:64bit: vidc.yuy2 - I:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32:64bit: vidc.yvu9 - I:\Windows\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32:64bit: vidc.yvyu - I:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32:64bit: wave - I:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32:64bit: wavemapper - I:\Windows\System32\msacm32.drv (Microsoft Corporation)

Drivers32: msacm.l3acm - I:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/11 06:00:20 | 000,000,000 | ---D | C] -- I:\Windows\temp

[2011/02/11 05:56:14 | 000,000,000 | ---D | C] -- I:\$RECYCLE.BIN

[2011/02/11 05:49:00 | 000,161,792 | ---- | C] (SteelWerX) -- I:\Windows\SWREG.exe

[2011/02/11 05:49:00 | 000,031,232 | ---- | C] (NirSoft) -- I:\Windows\NIRCMD.exe

[2011/02/11 05:48:59 | 000,136,704 | ---- | C] (SteelWerX) -- I:\Windows\SWSC.exe

[2011/02/11 05:48:56 | 000,000,000 | ---D | C] -- I:\Windows\ERDNT

[2011/02/11 05:48:31 | 000,000,000 | ---D | C] -- I:\Qoobox

[2011/02/11 05:48:15 | 000,212,480 | ---- | C] (SteelWerX) -- I:\Windows\SWXCACLS.exe

[2011/02/09 11:18:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeeds.dll

[2011/02/09 11:18:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeeds.dll

[2011/02/09 11:18:02 | 000,256,000 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\iepeers.dll

[2011/02/09 11:18:02 | 000,247,808 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ieui.dll

[2011/02/09 11:18:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ieui.dll

[2011/02/09 11:18:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\html.iec

[2011/02/09 11:18:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\html.iec

[2011/02/09 11:18:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\iepeers.dll

[2011/02/09 11:18:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\mshtmled.dll

[2011/02/09 11:18:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\mshtmled.dll

[2011/02/09 11:18:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\licmgr10.dll

[2011/02/09 11:18:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\licmgr10.dll

[2011/02/09 11:18:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\msfeedssync.exe

[2011/02/09 11:18:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\msfeedssync.exe

[2011/02/09 11:16:19 | 000,852,480 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\jscript.dll

[2011/02/09 11:16:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\jscript.dll

[2011/02/09 11:16:19 | 000,612,352 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\vbscript.dll

[2011/02/09 11:15:52 | 005,510,528 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ntoskrnl.exe

[2011/02/09 11:15:51 | 003,901,824 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ntoskrnl.exe

[2011/02/09 11:15:51 | 001,739,176 | ---- | C] (Microsoft Corporation) -- I:\Windows\System32\ntdll.dll

[2011/02/09 11:15:50 | 003,957,120 | ---- | C] (Microsoft Corporation) -- I:\Windows\SysWow64\ntkrnlpa.exe

[2011/02/09 11:15:35 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- I:\Windows\System32\atmfd.dll

[2011/02/09 11:15:35 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- I:\Windows\SysWow64\atmfd.dll

[2011/02/09 11:15:35 | 000,046,080 | ---- | C] (Adobe Systems) -- I:\Windows\System32\atmlib.dll

[2011/02/09 11:15:35 | 000,034,304 | ---- | C] (Adobe Systems) -- I:\Windows\SysWow64\atmlib.dll

[2011/02/09 02:30:06 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\WinClamAVShield

[2011/02/06 06:24:49 | 000,000,000 | ---D | C] -- I:\Users\Pascal\AppData\Roaming\Avira

[2011/02/06 06:22:13 | 000,116,568 | ---- | C] (Avira GmbH) -- I:\Windows\System32\drivers\avipbb.sys

[2011/02/06 06:22:13 | 000,083,120 | ---- | C] (Avira GmbH) -- I:\Windows\System32\drivers\avgntflt.sys

[2011/02/06 06:22:13 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Avira

[2011/02/06 05:57:40 | 000,000,000 | ---D | C] -- I:\Users\Pascal\AppData\Roaming\Spyware Terminator

[2011/02/06 05:57:39 | 000,000,000 | ---D | C] -- I:\Program Files (x86)\Spyware Terminator

[2011/02/05 10:03:59 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Booba-0.9-FR-2008-OND

[2011/02/05 10:00:47 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Booba-Ouest_Side-FR-2006-OGV

[2011/02/02 16:41:53 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Nouveau dossier (2)

[2011/01/30 07:46:30 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Green Money-Greenologie-2011-BY POPOF

[2011/01/25 01:05:30 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Green_Money-Mixtape_Mp3_Vol.2-(WEB)-FR-2010-S0N0R

[2011/01/22 15:57:06 | 000,237,168 | ---- | C] (AVAST Software) -- I:\Windows\System32\aswBoot.exe

[2011/01/20 02:47:53 | 000,000,000 | ---D | C] -- I:\Users\Pascal\Desktop\Falcko-El_Gato_Negro-(WEB)-FR-2011-S0N0R

[2010/08/28 19:45:48 | 485,657,200 | ---- | C] ( ) -- I:\Program Files (x86)\StreetGears_FullClient_Dec09_FR.exe

========== Files - Modified Within 30 Days ==========

[2011/02/11 12:06:42 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat

[2011/02/11 12:06:35 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/02/11 12:06:34 | 000,009,920 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/02/11 12:01:00 | 000,001,064 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/02/11 12:00:47 | 2115,289,087 | -HS- | M] () -- I:\hiberfil.sys

[2011/02/11 09:56:02 | 000,001,068 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/02/10 02:28:46 | 004,911,368 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT

[2011/02/09 11:30:19 | 000,014,110 | ---- | M] () -- I:\Users\Pascal\Desktop\Lettre Offre Spontanée.docx

[2011/02/05 15:34:34 | 000,099,840 | ---- | M] () -- I:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe

[2011/02/02 14:47:07 | 000,084,935 | ---- | M] () -- I:\Users\Pascal\Desktop\Sans-titre-1.jpg

[2011/02/02 11:21:41 | 000,744,852 | ---- | M] () -- I:\Windows\System32\perfh00C.dat

[2011/02/02 11:21:41 | 000,651,734 | ---- | M] () -- I:\Windows\System32\perfh009.dat

[2011/02/02 11:21:41 | 000,148,370 | ---- | M] () -- I:\Windows\System32\perfc00C.dat

[2011/02/02 11:21:41 | 000,120,666 | ---- | M] () -- I:\Windows\System32\perfc009.dat

[2011/01/29 11:02:53 | 000,014,579 | ---- | M] () -- I:\Users\Pascal\Desktop\CV caissière.docx

[2011/01/27 10:33:30 | 000,000,832 | ---- | M] () -- I:\Windows\wininit.ini

[2011/01/22 15:57:06 | 000,000,000 | ---- | M] () -- I:\Windows\SysWow64\config.nt

[2011/01/20 16:16:12 | 002,783,335 | ---- | M] () -- I:\Users\Pascal\Desktop\1.jpg

[2011/01/20 15:56:59 | 016,062,633 | ---- | M] () -- I:\Users\Pascal\Desktop\4248412363_68508835e8_b_d1.psd

[2011/01/20 15:51:46 | 003,155,680 | ---- | M] () -- I:\Users\Pascal\Desktop\201000618-fin_trims 145.jpg

[2011/01/20 15:50:45 | 014,616,954 | ---- | M] () -- I:\Users\Pascal\Desktop\peinture_tutsps.rar

[2011/01/20 15:33:44 | 000,393,910 | ---- | M] () -- I:\Users\Pascal\Desktop\drilon.jpg

[2011/01/18 00:48:35 | 000,040,960 | ---- | M] () -- I:\Users\Pascal\Desktop\mmmmns titre.wps

[2011/01/18 00:48:35 | 000,000,544 | ---- | M] () -- I:\Users\Pascal\AppData\Roaming\wklnhst.dat

[2011/01/13 11:28:21 | 000,000,149 | ---- | M] () -- I:\Users\Pascal\AppData\Roaming\default.rss

[2011/01/13 11:28:17 | 000,000,069 | ---- | M] () -- I:\Windows\NeroDigital.ini

[2011/01/13 03:47:23 | 000,237,168 | ---- | M] (AVAST Software) -- I:\Windows\System32\aswBoot.exe

========== Files Created - No Company Name ==========

[2011/02/11 05:49:00 | 000,256,512 | ---- | C] () -- I:\Windows\PEV.exe

[2011/02/11 05:49:00 | 000,098,816 | ---- | C] () -- I:\Windows\sed.exe

[2011/02/11 05:49:00 | 000,089,088 | ---- | C] () -- I:\Windows\MBR.exe

[2011/02/11 05:49:00 | 000,080,412 | ---- | C] () -- I:\Windows\grep.exe

[2011/02/11 05:49:00 | 000,068,096 | ---- | C] () -- I:\Windows\zip.exe

[2011/02/05 15:34:35 | 000,099,840 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe

[2011/02/02 14:47:04 | 000,084,935 | ---- | C] () -- I:\Users\Pascal\Desktop\Sans-titre-1.jpg

[2011/01/29 11:02:53 | 000,014,579 | ---- | C] () -- I:\Users\Pascal\Desktop\CV caissière.docx

[2011/01/29 10:54:07 | 000,014,110 | ---- | C] () -- I:\Users\Pascal\Desktop\Lettre Offre Spontanée.docx

[2011/01/20 16:16:10 | 002,783,335 | ---- | C] () -- I:\Users\Pascal\Desktop\1.jpg

[2011/01/20 15:57:09 | 000,768,541 | ---- | C] () -- I:\Users\Pascal\Desktop\4248412363_68508835e8_b_d1.jpg

[2011/01/20 15:56:57 | 016,062,633 | ---- | C] () -- I:\Users\Pascal\Desktop\4248412363_68508835e8_b_d1.psd

[2011/01/20 15:50:22 | 014,616,954 | ---- | C] () -- I:\Users\Pascal\Desktop\peinture_tutsps.rar

[2011/01/20 15:49:19 | 003,155,680 | ---- | C] () -- I:\Users\Pascal\Desktop\201000618-fin_trims 145.jpg

[2011/01/20 15:33:43 | 000,393,910 | ---- | C] () -- I:\Users\Pascal\Desktop\drilon.jpg

[2011/01/16 13:45:36 | 000,040,960 | ---- | C] () -- I:\Users\Pascal\Desktop\mmmmns titre.wps

[2010/12/16 06:36:16 | 000,036,864 | ---- | C] () -- I:\Windows\SysWow64\EGameEncrypt.dll

[2010/11/23 15:59:47 | 000,000,149 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\default.rss

[2010/11/23 15:59:36 | 000,000,069 | ---- | C] () -- I:\Windows\NeroDigital.ini

[2010/11/20 12:47:22 | 000,178,176 | ---- | C] () -- I:\Windows\SysWow64\unrar.dll

[2010/11/20 12:47:22 | 000,000,038 | ---- | C] () -- I:\Windows\avisplitter.ini

[2010/11/20 12:47:19 | 000,881,664 | ---- | C] () -- I:\Windows\SysWow64\xvidcore.dll

[2010/11/20 12:47:19 | 000,205,824 | ---- | C] () -- I:\Windows\SysWow64\xvidvfw.dll

[2010/11/20 12:47:19 | 000,085,504 | ---- | C] () -- I:\Windows\SysWow64\ff_vfw.dll

[2010/11/15 11:27:28 | 000,000,308 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\Rim.Desktop.Exception.log

[2010/11/15 11:27:11 | 000,000,807 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

[2010/10/30 15:39:23 | 001,970,176 | ---- | C] () -- I:\Windows\SysWow64\d3dx9.dll

[2010/10/30 12:34:35 | 000,001,456 | ---- | C] () -- I:\Users\Pascal\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs

[2010/10/28 12:46:53 | 001,638,172 | ---- | C] () -- I:\Windows\SysWow64\PerfStringBackup.INI

[2010/10/23 13:50:12 | 000,000,179 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\37198.bat

[2010/09/06 14:02:18 | 000,000,832 | ---- | C] () -- I:\Windows\wininit.ini

[2010/08/28 18:02:46 | 000,000,017 | ---- | C] () -- I:\Users\Pascal\AppData\Local\resmon.resmoncfg

[2010/08/06 17:28:09 | 000,000,132 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2010/07/30 14:22:59 | 000,000,544 | ---- | C] () -- I:\Users\Pascal\AppData\Roaming\wklnhst.dat

[2009/11/18 16:39:50 | 000,192,484 | ---- | C] () -- I:\Program Files (x86)\Common Files\Acer GameZone online.ico

[2009/07/13 19:02:54 | 000,245,248 | ---- | C] () -- I:\Windows\SysWow64\DShowRdpFilter.dll

[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- I:\Windows\SysWow64\ir32_32.dll

[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- I:\Windows\SysWow64\msjetoledb40.dll

[2008/10/28 10:40:48 | 000,173,552 | ---- | C] () -- I:\Windows\SysWow64\xlive.dll.cat

[2002/10/06 13:37:26 | 000,053,760 | ---- | C] () -- I:\Windows\SysWow64\zlib.dll

[1997/06/14 03:56:08 | 000,056,832 | ---- | C] () -- I:\Windows\SysWow64\iyvu9_32.dll

========== LOP Check ==========

[2011/02/05 15:37:30 | 000,032,496 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 --

[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ALG.EXE >

[2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=3290D6946B5E30E70414990574883DDB --

[2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=3290D6946B5E30E70414990574883DDB -- I:\Windows\winsxs\amd64_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_04de43c774cf8fe3\alg.exe

< MD5 for: ATAPI.SYS >

[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C --

[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\ERDNT\cache64\atapi.sys

[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CDROM.SYS >

[2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB --

[2009/07/13 18:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- I:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\ERDNT\cache86\cngaudit.dll

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\SysWOW64\cngaudit.dll

[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\ERDNT\cache64\cngaudit.dll

[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\SysWOW64\cngaudit.dll

[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- I:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CSRSS.EXE >

[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 --

[2009/07/13 20:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- I:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe

< MD5 for: CTFMON.EXE >

[2009/07/13 20:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- I:\Windows\ERDNT\cache64\ctfmon.exe

[2009/07/13 20:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- I:\Windows\SysWOW64\ctfmon.exe

[2009/07/13 20:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- I:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe

[2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- I:\Windows\ERDNT\cache86\ctfmon.exe

[2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- I:\Windows\SysWOW64\ctfmon.exe

[2009/07/13 20:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- I:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: DISK.SYS >

[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C --

[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- I:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: EVENTLOG.DLL >

[2007/05/17 23:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- I:\Program Files (x86)\Cyberlink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >

[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\SysWOW64\explorer.exe

[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\ERDNT\cache86\explorer.exe

[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\explorer.exe

[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- I:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: I8042PRT.SYS >

[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 --

[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- I:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\i8042prt.sys

[2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- I:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys

< MD5 for: IASTOR.SYS >

[2009/10/13 13:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 --

[2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- I:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

< MD5 for: IASTORV.SYS >

[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 --

[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- I:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: INTELIDE.SYS >

[2009/07/13 20:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) MD5=F00F20E70C6EC3AA366910083A0518AA --

[2009/07/13 20:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) MD5=F00F20E70C6EC3AA366910083A0518AA -- I:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\intelide.sys

< MD5 for: MOUNTMGR.SYS >

[2009/07/13 20:48:27 | 000,094,784 | ---- | M] (Microsoft Corporation) MD5=791AF66C4D0E7C90A3646066386FB571 --

[2009/07/13 20:48:27 | 000,094,784 | ---- | M] (Microsoft Corporation) MD5=791AF66C4D0E7C90A3646066386FB571 -- I:\Windows\winsxs\amd64_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7600.16385_none_4e8d166d20b6ca3b\mountmgr.sys

< MD5 for: MRXSMB.SYS >

[2010/02/27 02:52:22 | 000,157,696 | ---- | M] (Microsoft Corporation) MD5=767A4C3BCF9410C286CED15A2DB17108 --

[2010/02/27 02:52:22 | 000,157,696 | ---- | M] (Microsoft Corporation) MD5=767A4C3BCF9410C286CED15A2DB17108 -- I:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16539_none_dbc0736c6aa249bf\mrxsmb.sys

[2010/02/27 02:52:14 | 000,157,696 | ---- | M] (Microsoft Corporation) MD5=968613CC6C0F7427FAC62ACED6F7B8C5 -- I:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.20655_none_dc306f3783d3bc0f\mrxsmb.sys

[2009/07/13 18:24:00 | 000,157,184 | ---- | M] (Microsoft Corporation) MD5=CFDCD8CA87C2A657DEBC150AC35B5E08 -- I:\Windows\winsxs\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7600.16385_none_db865edc6ace75ca\mrxsmb.sys

< MD5 for: MRXSMB10.SYS >

[2009/07/13 18:24:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1BEE517B220B7F024F411AEC1571DD5A -- I:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16385_none_e4997d30651fb42c\mrxsmb10.sys

[2010/02/27 02:52:17 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=2DD6A56A8C7B58F3181C98E536A327B2 -- I:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.20655_none_e5438d8b7e24fa71\mrxsmb10.sys

[2010/02/27 02:52:29 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=920EE0FF995FCFDEB08C41605A959E1C --

[2010/02/27 02:52:29 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=920EE0FF995FCFDEB08C41605A959E1C -- I:\Windows\winsxs\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.1.7600.16539_none_e4d391c064f38821\mrxsmb10.sys

< MD5 for: MRXSMB20.SYS >

[2010/02/27 02:52:12 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=00716986E11C4F6A53E1177683D1DB20 -- I:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.20655_none_e779f79dbc7c2de2\mrxsmb20.sys

[2009/07/13 18:24:06 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=6B2D5FEF385828B6E485C1C90AFB8195 -- I:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16385_none_e6cfe742a376e79d\mrxsmb20.sys

[2010/02/27 02:52:28 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=740D7EA9D72C981510A5292CF6ADC941 --

[2010/02/27 02:52:28 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=740D7EA9D72C981510A5292CF6ADC941 -- I:\Windows\winsxs\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.1.7600.16539_none_e709fbd2a34abb92\mrxsmb20.sys

< MD5 for: NDIS.SYS >

[2009/07/13 20:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C --

[2009/07/13 20:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- I:\Windows\ERDNT\cache64\ndis.sys

[2009/07/13 20:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- I:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >

[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\ERDNT\cache64\netlogon.dll

[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\SysWOW64\netlogon.dll

[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- I:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\ERDNT\cache86\netlogon.dll

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\SysWOW64\netlogon.dll

[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 --

[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- I:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: RASACD.SYS >

[2009/07/13 19:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 --

[2009/07/13 19:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=5A0DA8AD5762FA2D91678A8A01311704 -- I:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasacd.sys

< MD5 for: RDPCDD.SYS >

[2009/07/13 19:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=CEA6CC257FC9B7715F1C2B4849286D24 --

[2009/07/13 19:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=CEA6CC257FC9B7715F1C2B4849286D24 -- I:\Windows\winsxs\amd64_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7600.16385_none_30d015c257effe8b\RDPCDD.sys

< MD5 for: SCECLI.DLL >

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\ERDNT\cache86\scecli.dll

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\SysWOW64\scecli.dll

[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\ERDNT\cache64\scecli.dll

[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\SysWOW64\scecli.dll

[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- I:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SERVICES.EXE >

[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB --

[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- I:\Windows\ERDNT\cache64\services.exe

[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- I:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SMSS.EXE >

[2009/07/13 20:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A --

[2009/07/13 20:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- I:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SPOOLSV.EXE >

[2010/08/20 00:38:12 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=8547491BE7086EE317163365D83A37D2 -- I:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_32ca3745f45762fc\spoolsv.exe

[2009/07/13 20:39:44 | 000,558,080 | ---- | M] (Microsoft Corporation) MD5=89E8550C5862999FCF482EA562B0E98E -- I:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_324094c8db39cbbd\spoolsv.exe

[2010/08/21 01:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B --

[2010/08/21 01:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- I:\Windows\ERDNT\cache64\spoolsv.exe

[2010/08/21 01:29:47 | 000,558,592 | ---- | M] (Microsoft Corporation) MD5=F8E1FA03CB70D54A9892AC88B91D1E7B -- I:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_3252392adb2d25f4\spoolsv.exe

< MD5 for: STORPORT.SYS >

[2009/07/13 20:45:55 | 000,185,936 | ---- | M] (Microsoft Corporation) MD5=141E6F0B54DA421B8DE146F5AD947760 --

[2009/07/13 20:45:55 | 000,185,936 | ---- | M] (Microsoft Corporation) MD5=141E6F0B54DA421B8DE146F5AD947760 -- I:\Windows\winsxs\amd64_microsoft-windows-storport_31bf3856ad364e35_6.1.7600.16385_none_8371405049dfec7a\storport.sys

< MD5 for: SVCHOST.EXE >

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\ERDNT\cache86\svchost.exe

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\SysWOW64\svchost.exe

[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- I:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\ERDNT\cache64\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\SysWOW64\svchost.exe

[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- I:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >

[2010/06/14 01:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- I:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys

[2010/06/14 01:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D --

[2010/06/14 01:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- I:\Windows\ERDNT\cache64\tcpip.sys

[2010/06/14 01:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- I:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys

[2009/07/13 20:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- I:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: TERMDD.SYS >

[2009/07/13 20:45:55 | 000,062,544 | ---- | M] (Microsoft Corporation) MD5=C448651339196C0E869A355171875522 --

[2009/07/13 20:45:55 | 000,062,544 | ---- | M] (Microsoft Corporation) MD5=C448651339196C0E869A355171875522 -- I:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\termdd.sys

< MD5 for: USERINIT.EXE >

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\ERDNT\cache86\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\SysWOW64\userinit.exe

[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\ERDNT\cache64\userinit.exe

[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\SysWOW64\userinit.exe

[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- I:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WIN32K.SYS >

[2010/05/01 10:04:07 | 003,124,224 | ---- | M] (Microsoft Corporation) MD5=333F53E52C29577D65D7328D4A95FFF1 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20704_none_15c78cf4cd156ec7\win32k.sys

[2011/01/04 23:00:16 | 003,127,808 | ---- | M] (Microsoft Corporation) MD5=33DD4577B4BA2CF6BD1D1096DCBB0A49 --

[2011/01/04 23:00:16 | 003,127,808 | ---- | M] (Microsoft Corporation) MD5=33DD4577B4BA2CF6BD1D1096DCBB0A49 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16732_none_151b81b7b411ed49\win32k.sys

[2011/01/04 22:57:31 | 003,129,344 | ---- | M] (Microsoft Corporation) MD5=643E6764B18CB3266357FD0AB649F7A8 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21634_none_178d7c1cca542bad\win32k.sys

[2010/05/01 10:07:05 | 003,122,176 | ---- | M] (Microsoft Corporation) MD5=718F3491CF541569956BAA4C6E7B351E -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16585_none_14e86f2db437cab5\win32k.sys

[2010/06/18 23:24:19 | 003,124,224 | ---- | M] (Microsoft Corporation) MD5=799A5411338E2F3D2A3710B3D209D8B3 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20738_none_15ab1e58cd2a27f6\win32k.sys

[2010/10/19 22:25:10 | 003,126,272 | ---- | M] (Microsoft Corporation) MD5=7E5E9C8FC212ABBF72D87AF3370D8D35 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20821_none_15aeee24cd2857cb\win32k.sys

[2010/08/31 21:58:34 | 003,123,712 | ---- | M] (Microsoft Corporation) MD5=8549DC7684CBC0A0AA542051B7EF5A23 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16667_none_1500117fb425c2a8\win32k.sys

[2011/01/04 22:59:01 | 003,129,344 | ---- | M] (Microsoft Corporation) MD5=9F9B2A0552CD7FCD1B6A29B94A6AABE1 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20873_none_157adf1ccd4f162e\win32k.sys

[2010/08/31 21:55:20 | 003,125,248 | ---- | M] (Microsoft Corporation) MD5=A671682E193BD7D39CE8DD33ABD4FC71 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.20792_none_15643d14cd603792\win32k.sys

[2010/10/19 22:09:15 | 003,124,224 | ---- | M] (Microsoft Corporation) MD5=A94AAAE340658B6C29091B9FD74D2317 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16691_none_14d99fffb4437e71\win32k.sys

[2009/07/13 18:40:40 | 003,122,176 | ---- | M] (Microsoft Corporation) MD5=CBEF2EB83438ED9FC39411CC8378B0E7 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16385_none_14e86b61b437d067\win32k.sys

[2010/06/18 23:32:34 | 003,122,688 | ---- | M] (Microsoft Corporation) MD5=E04C151CA3D6C1D968AA066B2C67DF24 -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16617_none_1536211bb3fd36f3\win32k.sys

[2011/01/05 01:56:24 | 003,129,344 | ---- | M] (Microsoft Corporation) MD5=F7755E762C67E2AFF6087AB5D2CE7A7A -- I:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17535_none_1704df9bb135a53a\win32k.sys

< MD5 for: WININIT.EXE >

[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- I:\Windows\ERDNT\cache64\wininit.exe

[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- I:\Windows\SysWOW64\wininit.exe

[2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- I:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- I:\Windows\ERDNT\cache86\wininit.exe

[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- I:\Windows\SysWOW64\wininit.exe

[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- I:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >

[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A --

[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\ERDNT\cache64\winlogon.exe

[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- I:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< CREATERESTOREPOINT >

< End of report >

Par simple curiosité, vous faites comment pour trouver un truc précis dans ce charabia ?

bernard53 · le 11 février 2011

ok on y va

Relance donc le cd que tu viens de graver puis relance OTLPE et dans cette fenêtre.

Sous Custom Scan box copie_colle le contenu du cadre ci dessous:

:OTL

[2011/01/12 12:07:34 | 000,000,000 | ---D | M] (Zynga Toolbar) -- I:\Users\Pascal\AppData\Roaming\Mozilla\Firefox\Profiles\j5kkcknm.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - Startup: I:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe ()

:Files

I:\Users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wmmqiyus.exe

:Commands

[emptytemp]

* Cliques sur l'icône RUNFIX (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.log"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

ensuite ceci par précaution en démarrage normal.

* Télécharge sur le bureau RogueKiller (par tigzy)

* Lance le puis valide choix 2.

* Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse

puis cela pour contrôle.

Télécharges << ZHPDiag>> (de Nicolas Coolman)

dezzipes le fichier sur ton bureau...

Fais un clic-droit sur l'icône ZHPDiag .exe et choisis "exécuter en tant qu'administrateur".

L'installation va créer raccourcis (ZHPDiag et ZHPFix et MBRchek) sur ton bureau

A la fin de l'installation ZHPDiag va se lancer....

Cliques sur l'icône "Options" (image du tournevis) et coches toutes les options.

Cliques sur "Lancer le diagnostique" (image de la loupe) et patiente...

A la fin du scan cliques sur l'icône "sauvegarder le fichier sous" (image de la disquette bleu) et enregistre le rapport sur ton bureau.

Mets le rapport ici car il prend bien de la place.

Cijoint.fr - Service gratuit de dépôt de fichiers

Esprit09 · le 11 février 2011

Merci bien

Premier fichier OTL.log

http://www.cijoint.fr/cj201102/cijZ9mNxsC.txt

Deuxième :

RogueKiller V3.9.0 by Tigzy
contact at Forum Sciences / Forum Informatique - Sur la Toile (SLT)

mail: tigzyRK<at>gmail<dot>com

Feedback: [RogueKiller] Remontées (1/9)

Operating System: Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User: Pascal [Admin rights]

Mode: Remove -- Time : 11/02/2011 20:01:20

Bad processes:

Deregistred:

HOSTS File:

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

Finished

Cependant pour le ZHPDIAG il se bloque à 82% (j'ai bien lancé en administrateur)

bernard53 · le 11 février 2011

ZHPDIAG peux rester quelques minutes bloqué a un certain pourcentage laisse le encore un peu.

Esprit09 · le 11 février 2011

http://www.cijoint.fr/cj201102/cijqKxcYuX.txt

Voilà tu avais donc raison.

Merci encore du temps que tu me donne.

Connexion

Pas encore inscrit ?

Ramnit.. ca commence à m'énerver

Messages recommandés

Esprit09

bernard53

Esprit09

Esprit09

bernard53

Esprit09

bernard53

Esprit09

bernard53

Esprit09

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer