[Résolu] Demande d'analyse de mon PC, suite suspicion d'infection

[yves13]

Bonsoir à tous,

 

J'ai fait l'acquisation d'un Pc Samsung R730.

 

Pour la 1er fois je me suis servi du logiciel ZHPDiac téléchargé sur ce Forum.

Je ne suis pas capable d'interprêter le résultat du rapport : si tout est OK. ou non.? le rapport HTJ ne montre aucune anomalie depuis que j'ai supprimé Partner.dll.

 

Merci à celle ou à celui qui peut me répondre.

 

Bonne soirée.

Yves 13.

 

Rapport de ZHPDiag v1.27.1421 par Nicolas Coolman, Update du 16/12/2010

Run by Yves at 3/14/2011 9:13:34 PM

Web site : ZHPDiag Outil de diagnostic

Contact : nicolascoolman@yahoo.fr

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.7601.17514 (Defaut)

 

---\\ System Information

Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)

Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel

Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3004.6 MB (70% free)

System drive C: has 220 GB (91%) free of 241 GB

 

---\\ Logged in mode

Computer Name: YVES-PC

User Name: Yves

All Users Names: Yves, HomeGroupUser$, Administrateur,

Unselected Option: O1,O45,O61,O62,O65,O82

Logged in as Administrator

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 220 Go of 241 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 42 Go of 42 Go)

E:\ CD-ROM drive (Not Inserted)

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Explorateur Windows.) (.11/20/2010 1:17:09 PM.) -- C:\Windows\Explorer.exe [2616320]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.7/14/2009 2:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256]

[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/20/2010 1:17:54 PM.) -- C:\Windows\System32\Winlogon.exe [286720]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 2:26:15 AM.) -- C:\Windows\System32\drivers\atapi.sys [21584]

[MD5.33C3093D09017CFE2E219F2472BFF6EB] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/20/2010 1:30:06 PM.) -- C:\Windows\System32\drivers\ntfs.sys [1211264]

 

 

---\\ Processus lancés

[MD5.091A0924AC02AE0A04F3D03BCCDE2712] - (.SEC - Samsung Recovery Solution 4.) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2246144]

[MD5.06F7D67EC4D15F11A2923268BAA937D3] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe [300912]

[MD5.E3735DC796E5183D63F35921B058934C] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [716800]

[MD5.A46796CCF032D35720347262998D1F90] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [835072]

[MD5.8A0B0E4102C2CCA25DA3134FE12FCC3E] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe [91136]

[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\rundll32.exe [44544]

[MD5.F2F3617C63B87AA2DE139DC9E37420B5] - (.Intel Corporation - igfxext Module.) -- C:\windows\system32\igfxext.exe [179224]

[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]

[MD5.B9AA850CDA55097EB13E03698C8F5828] - (.Intel Corporation - igfxsrvc Module.) -- C:\windows\system32\igfxsrvc.exe [266776]

[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408]

[MD5.1FC324874D391F8CBF51AE8321B9D141] - (.Microsoft Corporation - Gestionnaire Microsoft Office.) -- C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [340480]

[MD5.11CABF7B4139F7A1D757689A7D69C5FB] - (.Microsoft Corporation - Microsoft Recherche accélérée.) -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [111376]

[MD5.C613E69C3B191BB02C7A191741A1D024] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [673040]

[MD5.88C44CA9A052AEAEC0C91A57CE5AB41A] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe [304304]

[MD5.5ABE08EEB790D2322565DBD11BF70A19] - (.Adobe Systems, Inc. - Adobe Flash Player Helper 9.0 r124.) -- C:\windows\system32\Macromed\Flash\FlashUtil9f.exe [218496]

[MD5.A80C173AC5C75706BB74AE4D78F2A53D] - (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe [164864]

[MD5.806A8E35707BEA615B209001E544F0F0] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [620544]

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2)

P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 3.0.40624.0.) -- C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll

P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Microsoft Corp. - Office Live Update v1.3.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll

P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

 

 

---\\ Internet Explorer, Démarrage,Recherche,URSearchHook (R0,R1,R3)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll

 

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe

F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

 

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-21-1871111397-3539990770-1974983793-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gestionnaire Microsoft Office.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Recherche accélérée.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

 

 

---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Documents And Settings\Yves\Desktop\Snipping Tool.lnk . (.Microsoft Corporation.) -- C:\windows\system32\SnippingTool.exe

O4 - Global Startup: C:\Users\Yves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Yves\Desktop\Snipping Tool.lnk . (.Microsoft Corporation.) -- C:\windows\system32\SnippingTool.exe

O4 - Global Startup: C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk . (.Nero AG.) -- C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe

O4 - Global Startup: C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SecurDisc Viewer.lnk . (.Nero AG.) -- C:\Program Files\Nero\Nero 7\SecurDisc Viewer\SecurDisc Viewer.exe

O4 - Global Startup: C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - Clé orpheline

O4 - Global Startup: C:\Users\Yves\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Clé orpheline

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\windows\system32\mswsock.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\windows\system32\winrnr.dll

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{F18BB94D-1015-4890-8990-CF43D822CB83}: DhcpNameServer = 192.168.1.1 0.0.0.0

O17 - HKLM\System\CS1\Services\Tcpip\..\{F18BB94D-1015-4890-8990-CF43D822CB83}: DhcpNameServer = 192.168.1.1 0.0.0.0

O17 - HKLM\System\CS2\Services\Tcpip\..\{F18BB94D-1015-4890-8990-CF43D822CB83}: DhcpNameServer = 192.168.1.1 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.exe

O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: (OberonGameConsoleService) . (.Pas de propriétaire - OberonGameConsoleService.) - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

O23 - Service: (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files\CyberLink\Shared files\RichVideo.exe

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

[MD5.091A0924AC02AE0A04F3D03BCCDE2712] [APT] [advSRS4] (.SEC.) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

[MD5.081DBA7C93F21B61DF1C5CE9E8AD0522] [APT] [APSchedulerC] (.DoctorSoft.) -- C:\Program Files\AnyPC Client\APLanMgrC.exe

[MD5.21E26DC6538C0C255467312559BEB107] [APT] [batteryLifeExtender] (.Samsung Electronics. Co. Ltd..) -- C:\Program Files\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe

[MD5.A46796CCF032D35720347262998D1F90] [APT] [EasyDisplayMgr] (.Samsung Electronics Co., Ltd..) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe

[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe

 

 

---\\ Composants installés (ActiveSetup Installed Components) (O40)

O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\Windows Mail\WinMail.exe

O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 9.0 r124.) -- C:\windows\system32\Macromed\Flash\Flash9f.ocx

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: C:\windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\windows\system32\drivers\afd.sys

O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\windows\system32\drivers\cdrom.sys

O41 - Driver: C:\windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys

O41 - Driver: C:\windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\windows\system32\drivers\mssmbios.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: C:\windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys

O41 - Driver: C:\windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys

O41 - Driver: C:\windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: C:\windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys

O41 - Driver: C:\windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys

O41 - Driver: (SABI) . (.SAMSUNG ELECTRONICS - SAMSUNG Kernel Driver.) - C:\windows\system32\Drivers\SABI.sys

O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys

O41 - Driver: C:\windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\windows\system32\drivers\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\windows\system32\drivers\vga.sys

O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys

O41 - Driver: C:\windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: ABBYY FineReader 6.0 Sprint - (.ABBYY Software House.) [HKLM] -- {ACF60000-22B9-4CE9-98D6-2CCF359BAC07}

O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Reader 9.1 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A91000000001}

O42 - Logiciel: Alice Greenfingers - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}

O42 - Logiciel: AnyPC Client - (.Doctorsoft.) [HKLM] -- {1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}

O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {EE6097DD-05F4-4178-9719-D3170BF098E8}

O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {308B6AEA-DE50-4666-996D-0FA461719D6B}

O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {C41300B9-185D-475E-BFEC-39EF732F19B1}

O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

O42 - Logiciel: Atheros Client Installation Program - (.Atheros.) [HKLM] -- {D1434266-0486-4469-B338-A60082CC04E1}

O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop

O42 - Logiciel: BatteryLifeExtender - (.Samsung.) [HKLM] -- {853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}

O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {2A981294-F14C-4F0F-9627-D793270922F8}

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: Camera RAW Plug-In for EPSON Creativity Suite - (.SEIKO EPSON CORPORATION.) [HKLM] -- {93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}

O42 - Logiciel: CyberLink DVD Suite - (.CyberLink Corp..) [HKLM] -- InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}

O42 - Logiciel: CyberLink DVD Suite - (.CyberLink Corp..) [HKLM] -- {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}

O42 - Logiciel: CyberLink LabelPrint - (.CyberLink Corp..) [HKLM] -- InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}

O42 - Logiciel: CyberLink LabelPrint - (.CyberLink Corp..) [HKLM] -- {C59C179C-668D-49A9-B6EA-0121CCFC1243}

O42 - Logiciel: CyberLink Power2Go - (.CyberLink Corp..) [HKLM] -- InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}

O42 - Logiciel: CyberLink Power2Go - (.CyberLink Corp..) [HKLM] -- {40BF1E83-20EB-11D8-97C5-0009C5020658}

O42 - Logiciel: CyberLink PowerDVD 8 - (.CyberLink Corp..) [HKLM] -- InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}

O42 - Logiciel: CyberLink PowerDVD 8 - (.CyberLink Corp..) [HKLM] -- {2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}

O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM] -- InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}

O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM] -- {CB099890-1D5F-11D5-9EA9-0050BAE317E1}

O42 - Logiciel: CyberLink PowerProducer - (.CyberLink Corp..) [HKLM] -- InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}

O42 - Logiciel: CyberLink PowerProducer - (.CyberLink Corp..) [HKLM] -- {B7A0CE06-068E-11D6-97FD-0050BACBF861}

O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}

O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D}

O42 - Logiciel: Dairy Dash - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}

O42 - Logiciel: EPSON Attach To Email - (.SEIKO EPSON.) [HKLM] -- InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}

O42 - Logiciel: EPSON Copy Utility 3 - (.Pas de propriétaire.) [HKLM] -- {67EDD823-135A-4D59-87BD-950616D6E857}

O42 - Logiciel: EPSON Easy Photo Print - (.SEIKO EPSON CORPORATION.) [HKLM] -- {3D78F2A2-C893-4ABD-B5FE-AD7011837755}

O42 - Logiciel: EPSON File Manager - (.Pas de propriétaire.) [HKLM] -- {2EB81825-E9EE-44F4-8F51-1240C3898DC6}

O42 - Logiciel: EPSON Logiciel imprimante - (.SEIKO EPSON Corporation.) [HKLM] -- EPSON Printer and Utilities

O42 - Logiciel: EPSON Scan - (.Pas de propriétaire.) [HKLM] -- EPSON Scanner

O42 - Logiciel: EPSON Scan Assistant - (.Pas de propriétaire.) [HKLM] -- {2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}

O42 - Logiciel: EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuel - (.Pas de propriétaire.) [HKLM] -- EPSON Stylus CX7300_CX8300_DX7400_DX8400 Guide d'utilisation

O42 - Logiciel: Easy Display Manager - (.Samsung Electronics Co., Ltd..) [HKLM] -- {17283B95-21A8-4996-97DA-547A48DB266F}

O42 - Logiciel: Easy Network Manager - (.Samsung.) [HKLM] -- {A5675A9E-F073-414A-9A04-F9BCD50459D7}

O42 - Logiciel: Easy SpeedUp Manager - (.Samsung Electronics Co.,Ltd..) [HKLM] -- {EF367AA4-070B-493C-9575-85BE59D789C9}

O42 - Logiciel: EasyBatteryManager - (.Samsung.) [HKLM] -- {178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}

O42 - Logiciel: Farm Frenzy 2 - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}

O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {B131E59D-202C-43C6-84C9-68F0C37541F1}

O42 - Logiciel: Game Pack - (.Oberon Media, Inc..) [HKLM] -- {63eafc52-b963-4297-a7eb-d412944e7065}_is1

O42 - Logiciel: Go-Go Gourmet - (.Oberon Media.) [HKLM] -- {82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}

O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}

O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3

O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}

O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI

O42 - Logiciel: Intel® Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}

O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {E2DFE069-083E-4631-9B6C-43C48E991DE5}

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Marvell Miniport Driver - (.Marvell.) [HKLM] -- Marvell Miniport Driver

O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}

O42 - Logiciel: Microsoft Office 97 Professional - (.Pas de propriétaire.) [HKLM] -- Office8.0

O42 - Logiciel: Microsoft Office Live Add-in 1.3 - (.Microsoft Corporation.) [HKLM] -- {57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}

O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (French) - (.Microsoft Corporation.) [HKLM] -- {95120000-00AF-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Suite Activation Assistant - (.Microsoft Corporation.) [HKLM] -- {E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}

O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-040C-0000-0000000FF1CE}

O42 - Logiciel: Nero 7 Essentials - (.Nero AG.) [HKLM] -- {45B3A3BD-F90D-48FE-A147-D74878A51036}

O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}

O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {E7004147-2CCA-431C-AA05-2AB166B9785D}

O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

O42 - Logiciel: Samsung Recovery Solution 4 - (.Samsung.) [HKLM] -- {145DE957-0679-4A2A-BB5C-1D3E9808FAB2}

O42 - Logiciel: Samsung Support Center - (.Samsung.) [HKLM] -- {CCC2B140-B47A-45FA-AAE3-BD60DA41AE00}

O42 - Logiciel: Samsung Update Plus - (.Samsung Electronics Co., Ltd..) [HKLM] -- {D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}

O42 - Logiciel: SecurDisc Viewer - (.Nero AG.) [HKLM] -- {BE90CE58-41DE-4708-9291-A9D1D49B1036}

O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey

O42 - Logiciel: User Guide - (.Pas de propriétaire.) [HKLM] -- {BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}

O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3B4E636E-9D65-4D67-BA61-189800823F52}

O42 - Logiciel: Windows Live Contrôle parental - (.Microsoft Corporation.) [HKLM] -- {D5D81435-B8DE-4CAF-867F-7998F2B92CFC}

O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM] -- {2075CB0A-D26F-4DAA-B424-5079296B43BA}

O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {5DD76286-9BE7-4894-A990-E905E91AC818}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}

O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {53B20C18-D8D4-4588-8737-9BBFE303C354}

O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}

O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {FAE36873-1941-4076-A9A5-48812B5EA0B7}

O42 - Logiciel: neroxml - (.Nero AG.) [HKLM] -- {56C049BE-79E9-4502-BEA7-9754A3E60F9B}

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\ABBYY]

[HKCU\Software\Adobe]

[HKCU\Software\Ahead]

[HKCU\Software\AppDataLow\Software\Google]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Apple Computer, Inc.]

[HKCU\Software\Apple Inc.]

[HKCU\Software\Avira]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\CyberLink]

[HKCU\Software\EPSON]

[HKCU\Software\Google]

[HKCU\Software\Intel]

[HKCU\Software\Macromedia]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\Netscape]

[HKCU\Software\ODBC]

[HKCU\Software\Oberon Media]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\Realtek]

[HKCU\Software\SEIKO EPSON]

[HKCU\Software\Samsung]

[HKCU\Software\Synaptics]

[HKLM\Software\ABBYY]

[HKLM\Software\ASK]

[HKLM\Software\ATI Technologies]

[HKLM\Software\Adobe]

[HKLM\Software\Ahead]

[HKLM\Software\America Online]

[HKLM\Software\Apple Computer, Inc.]

[HKLM\Software\Apple Inc.]

[HKLM\Software\Atheros]

[HKLM\Software\Audible]

[HKLM\Software\Avira]

[HKLM\Software\BrowserChoice]

[HKLM\Software\CHECKINSTALLER]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\CyberLink]

[HKLM\Software\Digital River]

[HKLM\Software\Dr.Soft]

[HKLM\Software\EPSON]

[HKLM\Software\GEAR Software]

[HKLM\Software\Google]

[HKLM\Software\InstallShield]

[HKLM\Software\InstalledOptions]

[HKLM\Software\Intel]

[HKLM\Software\Lake]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\Marvell]

[HKLM\Software\McAfeeInstaller]

[HKLM\Software\MimarSinan]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Nero]

[HKLM\Software\ODBC]

[HKLM\Software\Oberon Media]

[HKLM\Software\OldTimer Tools]

[HKLM\Software\Phoenix Technologies]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\Realtek Semiconductor Corp.]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\SRS Labs]

[HKLM\Software\Samsung Electronics Co., Ltd.]

[HKLM\Software\Samsung]

[HKLM\Software\Sonic]

[HKLM\Software\Synaptics]

[HKLM\Software\Uniblue]

[HKLM\Software\Volatile]

[HKLM\Software\Waves Audio]

[HKLM\Software\Wow6432Node]

[HKLM\Software\X-AVCSD]

 

 

---\\ Contenu des dossiers ProgramFiles/ProgramData (O43)

O43 - CFD: 3/12/2011 - 3:32:52 PM ----D- C:\Program Files\ABBYY FineReader 6.0 Sprint

O43 - CFD: 8/11/2010 - 11:39:28 PM ----D- C:\Program Files\Adobe

O43 - CFD: 12/5/2009 - 3:52:44 AM ----D- C:\Program Files\AnyPC Client

O43 - CFD: 3/12/2011 - 3:37:58 PM ----D- C:\Program Files\Apple Software Update

O43 - CFD: 12/5/2009 - 3:44:10 AM ----D- C:\Program Files\Atheros Client Installation Program

O43 - CFD: 3/12/2011 - 2:41:20 PM ----D- C:\Program Files\Avira

O43 - CFD: 3/12/2011 - 3:37:40 PM ----D- C:\Program Files\Bonjour

O43 - CFD: 3/12/2011 - 3:10:28 PM ----D- C:\Program Files\CCleaner

O43 - CFD: 3/12/2011 - 3:37:04 PM ----D- C:\Program Files\Common Files

O43 - CFD: 8/11/2010 - 5:55:42 PM ----D- C:\Program Files\CyberLink

O43 - CFD: 3/13/2011 - 11:56:46 AM ----D- C:\Program Files\DVD Maker

O43 - CFD: 3/12/2011 - 3:33:04 PM ----D- C:\Program Files\epson

O43 - CFD: 3/12/2011 - 3:49:42 PM ----D- C:\Program Files\Google

O43 - CFD: 3/12/2011 - 3:38:56 PM --H-D- C:\Program Files\InstallShield Installation Information

O43 - CFD: 12/5/2009 - 3:37:50 AM ----D- C:\Program Files\Intel

O43 - CFD: 3/13/2011 - 11:56:46 AM ----D- C:\Program Files\Internet Explorer

O43 - CFD: 3/12/2011 - 3:38:50 PM ----D- C:\Program Files\iPod

O43 - CFD: 3/12/2011 - 3:39:44 PM ----D- C:\Program Files\iTunes

O43 - CFD: 3/12/2011 - 4:54:36 PM ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD: 12/5/2009 - 3:42:26 AM ----D- C:\Program Files\Marvell

O43 - CFD: 8/11/2010 - 5:54:44 PM ----D- C:\Program Files\Microsoft

O43 - CFD: 12/5/2009 - 9:11:16 PM ----D- C:\Program Files\Microsoft Games

O43 - CFD: 3/12/2011 - 3:05:50 PM ----D- C:\Program Files\Microsoft Office

O43 - CFD: 8/11/2010 - 5:50:34 PM ----D- C:\Program Files\Microsoft Office Suite Activation Assistant

O43 - CFD: 8/11/2010 - 5:54:48 PM ----D- C:\Program Files\Microsoft Silverlight

O43 - CFD: 8/11/2010 - 5:53:28 PM ----D- C:\Program Files\Microsoft SQL Server Compact Edition

O43 - CFD: 3/12/2011 - 2:55:50 PM ----D- C:\Program Files\Microsoft Works

O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\MSBuild

O43 - CFD: 3/13/2011 - 11:49:00 AM ----D- C:\Program Files\MSXML 4.0

O43 - CFD: 3/12/2011 - 2:45:00 PM ----D- C:\Program Files\Nero

O43 - CFD: 12/5/2009 - 4:02:24 AM ----D- C:\Program Files\Phoenix Technologies Ltd

O43 - CFD: 3/12/2011 - 3:38:26 PM ----D- C:\Program Files\QuickTime

O43 - CFD: 12/5/2009 - 3:41:48 AM ----D- C:\Program Files\Realtek

O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 12/5/2009 - 3:55:38 AM ----D- C:\Program Files\Samsung

O43 - CFD: 8/11/2010 - 11:41:48 PM ----D- C:\Program Files\Samsung Casual Games

O43 - CFD: 12/5/2009 - 3:44:24 AM ----D- C:\Program Files\Synaptics

O43 - CFD: 12/5/2009 - 3:42:24 AM --H-D- C:\Program Files\Temp

O43 - CFD: 7/14/2009 - 5:53:24 AM --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 3/13/2011 - 11:56:44 AM ----D- C:\Program Files\Windows Defender

O43 - CFD: 3/13/2011 - 11:56:46 AM ----D- C:\Program Files\Windows Journal

O43 - CFD: 8/11/2010 - 5:54:38 PM ----D- C:\Program Files\Windows Live

O43 - CFD: 8/11/2010 - 5:52:20 PM ----D- C:\Program Files\Windows Live SkyDrive

O43 - CFD: 3/13/2011 - 11:56:46 AM ----D- C:\Program Files\Windows Mail

O43 - CFD: 3/13/2011 - 11:56:46 AM ----D- C:\Program Files\Windows Media Player

O43 - CFD: 3/12/2011 - 3:04:10 PM ----D- C:\Program Files\Windows Messaging

O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\Windows NT

O43 - CFD: 3/13/2011 - 11:56:46 AM ----D- C:\Program Files\Windows Photo Viewer

O43 - CFD: 3/13/2011 - 11:56:46 AM ----D- C:\Program Files\Windows Portable Devices

O43 - CFD: 3/13/2011 - 11:56:46 AM ----D- C:\Program Files\Windows Sidebar

O43 - CFD: 3/14/2011 - 9:13:40 PM ----D- C:\Program Files\ZHPDiag

O43 - CFD: 8/11/2010 - 11:39:32 PM ----D- C:\Program Files\Common Files\Adobe

O43 - CFD: 3/12/2011 - 2:49:14 PM ----D- C:\Program Files\Common Files\Ahead

O43 - CFD: 3/12/2011 - 3:38:48 PM ----D- C:\Program Files\Common Files\Apple

O43 - CFD: 12/5/2009 - 3:50:52 AM ----D- C:\Program Files\Common Files\CyberLink

O43 - CFD: 3/12/2011 - 3:37:08 PM ----D- C:\Program Files\Common Files\InstallShield

O43 - CFD: 3/12/2011 - 3:05:50 PM ----D- C:\Program Files\Common Files\microsoft shared

O43 - CFD: 8/11/2010 - 11:39:48 PM ----D- C:\Program Files\Common Files\Oberon Media

O43 - CFD: 12/5/2009 - 3:55:18 AM ----D- C:\Program Files\Common Files\Samsung

O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\Services

O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 3/12/2011 - 11:41:50 PM ----D- C:\Program Files\Common Files\System

O43 - CFD: 8/11/2010 - 5:51:04 PM ----D- C:\Program Files\Common Files\Windows Live

O43 - CFD: 8/11/2010 - 11:39:42 PM ----D- C:\ProgramData\Adobe

O43 - CFD: 3/12/2011 - 2:49:26 PM ----D- C:\ProgramData\Ahead

O43 - CFD: 3/12/2011 - 3:37:04 PM ----D- C:\ProgramData\Apple

O43 - CFD: 3/12/2011 - 3:38:48 PM ----D- C:\ProgramData\Apple Computer

O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Application Data

O43 - CFD: 3/12/2011 - 2:41:20 PM ----D- C:\ProgramData\Avira

O43 - CFD: 12/5/2009 - 3:47:36 AM ----D- C:\ProgramData\CyberLink

O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Desktop

O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Documents

O43 - CFD: 3/12/2011 - 3:29:22 PM ----D- C:\ProgramData\EPSON

O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Favorites

O43 - CFD: 12/5/2009 - 4:02:22 AM ----D- C:\ProgramData\Google

O43 - CFD: 3/12/2011 - 3:11:48 PM ----D- C:\ProgramData\Malwarebytes

O43 - CFD: 3/12/2011 - 2:52:20 PM -S--D- C:\ProgramData\Microsoft

O43 - CFD: 3/12/2011 - 2:52:34 PM ----D- C:\ProgramData\Microsoft Help

O43 - CFD: 3/12/2011 - 2:47:28 PM ----D- C:\ProgramData\Nero

O43 - CFD: 12/5/2009 - 4:18:16 AM ----D- C:\ProgramData\SAMSUNG

O43 - CFD: 12/5/2009 - 4:01:30 AM ----D- C:\ProgramData\SiteAdvisor

O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Start Menu

O43 - CFD: 8/11/2010 - 5:55:26 PM ----D- C:\ProgramData\Temp

O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Templates

O43 - CFD: 3/12/2011 - 3:34:56 PM ----D- C:\ProgramData\UDL

O43 - CFD: 3/13/2011 - 12:34:50 AM ----D- C:\ProgramData\WinClon

O43 - CFD: 8/11/2010 - 11:39:32 PM ----D- C:\Program Files\Common Files\Adobe

O43 - CFD: 3/12/2011 - 2:49:14 PM ----D- C:\Program Files\Common Files\Ahead

O43 - CFD: 3/12/2011 - 3:38:48 PM ----D- C:\Program Files\Common Files\Apple

O43 - CFD: 12/5/2009 - 3:50:52 AM ----D- C:\Program Files\Common Files\CyberLink

O43 - CFD: 3/12/2011 - 3:37:08 PM ----D- C:\Program Files\Common Files\InstallShield

O43 - CFD: 3/12/2011 - 3:05:50 PM ----D- C:\Program Files\Common Files\microsoft shared

O43 - CFD: 8/11/2010 - 11:39:48 PM ----D- C:\Program Files\Common Files\Oberon Media

O43 - CFD: 12/5/2009 - 3:55:18 AM ----D- C:\Program Files\Common Files\Samsung

O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\Services

O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 3/12/2011 - 11:41:50 PM ----D- C:\Program Files\Common Files\System

O43 - CFD: 8/11/2010 - 5:51:04 PM ----D- C:\Program Files\Common Files\Windows Live

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/12/2011 - 2:36:09 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\setuperr.log [0]

O44 - LFC:[MD5.A36EE93698802CD899F98BFD553D8185] - 3/12/2011 - 2:41:19 PM ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\windows\System32\drivers\ssmdrv.sys [28520]

O44 - LFC:[MD5.C306F96B5EAC2D58774780EC4AF5467B] - 3/12/2011 - 2:41:19 PM ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\windows\System32\drivers\avipbb.sys [135096]

O44 - LFC:[MD5.47B879406246FFDCED59E18D331A0E7D] - 3/12/2011 - 2:41:19 PM ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\windows\System32\drivers\avgntflt.sys [61960]

O44 - LFC:[MD5.EA9E8F8133C8C5DA8F04BF7C33FE9826] - 3/12/2011 - 2:46:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\DirectX.log [56700]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/12/2011 - 3:01:42 PM RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\IO.SYS [0]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 3/12/2011 - 3:01:42 PM RSHA- . (.Pas de propriétaire - Pas de description.) -- C:\MSDOS.SYS [0]

O44 - LFC:[MD5.DB5621F0450DD8092F8A3AB0CF12A43D] - 3/12/2011 - 3:05:24 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\system.mdw [69632]

O44 - LFC:[MD5.24AF843AC6B2828CD5CDB157121EBAC7] - 3/12/2011 - 3:05:28 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\ODBC.INI [611]

O44 - LFC:[MD5.DF3DD857C25918421EB5E51FD3D8E885] - 3/12/2011 - 3:05:28 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\ODBCINST.INI [957]

O44 - LFC:[MD5.A55A7A823EBCD9DC4624672F55490BB2] - 3/12/2011 - 3:05:28 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\exchng.ini [22]

O44 - LFC:[MD5.37429EC29C828C095B00AC940AFB253A] - 3/12/2011 - 3:05:28 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\win.ini [531]

O44 - LFC:[MD5.726B6B429BC1BD02FB82E6FE1A0D5D6A] - 3/12/2011 - 3:05:29 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\mapisvc.inf [6850]

O44 - LFC:[MD5.818FBFFD270EA95139CBE6D98E71E770] - 3/12/2011 - 3:05:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\FFASTLOG.TXT [510]

O44 - LFC:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 3/12/2011 - 3:11:47 PM ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\windows\System32\drivers\mbam.sys [20952]

O44 - LFC:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 3/12/2011 - 3:11:49 PM ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\windows\System32\drivers\mbamswissarmy.sys [38224]

O44 - LFC:[MD5.40FDF3546B2DD93413C2223169683979] - 3/12/2011 - 3:27:32 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\CDE DX8400DEFGIPS.ini [25]

O44 - LFC:[MD5.6AD752B19D3ADB1CF23D62A9D7C27811] - 3/12/2011 - 3:27:46 PM ---A- . (.SEIKO EPSON CORP. - EPSON WIA Module.) -- C:\windows\System32\escwiad.dll [67072]

O44 - LFC:[MD5.E3D843A6EE42420425393A99C646A76F] - 3/12/2011 - 3:28:08 PM ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\windows\System32\atmlib.dll [34304]

O44 - LFC:[MD5.144C5FC98697BCFD95FA02E2AEF5088D] - 3/12/2011 - 3:28:08 PM ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\windows\System32\atmfd.dll [294400]

O44 - LFC:[MD5.8EB50EB111D161708B899A6AF6A8F860] - 3/12/2011 - 3:28:19 PM ---A- . (.SEIKO EPSON CORPORATION - ECBTEGB.) -- C:\windows\System32\E_FD4BCEE.DLL [62976]

O44 - LFC:[MD5.1129871724A26B1DD6678DE88B7FE941] - 3/12/2011 - 3:28:20 PM ---A- . (.SEIKO EPSON CORP. - E_DCINST.) -- C:\windows\System32\E_DCINST.DLL [49152]

O44 - LFC:[MD5.A4EC6B9766E2A7FAA77283697BC5C307] - 3/12/2011 - 3:28:20 PM ---A- . (.SEIKO EPSON CORPORATION - EPSON Bi-directional Monitor.) -- C:\windows\System32\E_FLBCEE.DLL [76800]

O44 - LFC:[MD5.8C5D98825C4A3F840290D3000BCBD751] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_BP.cfg [6347]

O44 - LFC:[MD5.4522750EA97E574F092B463A5072F5D3] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_CF.cfg [6195]

O44 - LFC:[MD5.3B085599D53A8E49A02B42316167791D] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_DU.cfg [6122]

O44 - LFC:[MD5.87CC3262E60487AC2A7DF54E7A94405E] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_EN.cfg [13732]

O44 - LFC:[MD5.D74F30976FC27C4134AC650747E141F6] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_ES.cfg [6103]

O44 - LFC:[MD5.4522750EA97E574F092B463A5072F5D3] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_FR.cfg [6195]

O44 - LFC:[MD5.5AF012AA8CF511EBA96E1FB620800406] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_GE.cfg [6335]

O44 - LFC:[MD5.C97F01641F82529F811750CC8BA8F6BE] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_IT.cfg [6442]

O44 - LFC:[MD5.EFBB67A52E13B74D9504C72A7FFBAC66] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_KO.cfg [5817]

O44 - LFC:[MD5.8C5D98825C4A3F840290D3000BCBD751] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_PT.cfg [6347]

O44 - LFC:[MD5.3310F4A726ABF152C54C6AEF9FF6A73C] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_RU.cfg [2889]

O44 - LFC:[MD5.6CD8BBC5EFB7F458A8FE3AC3F566D48E] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_SC.cfg [5436]

O44 - LFC:[MD5.01BDBCEABF472323F62D879A7A2AACF9] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICLocal_TC.cfg [2426]

O44 - LFC:[MD5.11CEF97EC383B4A9268CEBCAFDA1C0BF] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPattern1.dat [26154]

O44 - LFC:[MD5.99B39A991604A09125A63D1F83A1668F] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPattern121.dat [27417]

O44 - LFC:[MD5.C35D83EF6773F875E85A37CD389FC98A] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPattern131.dat [31053]

O44 - LFC:[MD5.AED88E22D1F234668E0FF2F1C6D80AD1] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPattern2.dat [20148]

O44 - LFC:[MD5.EA23048F088AAC681C4FE4EC051A8663] - 3/12/2011 - 3:29:48 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPattern3.dat [24903]

O44 - LFC:[MD5.8C1013EAF95FF2CEC2391EB0E8B04B31] - 3/12/2011 - 3:29:48 PM ---A- . (.SEIKO EPSON CORPORATION - EPSON PIC SDK 1.10.) -- C:\windows\System32\EPPicMgr.dll [71840]

O44 - LFC:[MD5.DAEF4897E14EFB7050F7E0FC6887379F] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPattern4.dat [11811]

O44 - LFC:[MD5.7124C6AA586A840A5AE1F2972D4F6E12] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPattern5.dat [21390]

O44 - LFC:[MD5.E000BC718432CBB8F8AF9A2DD4EBCC59] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPattern6.dat [4943]

O44 - LFC:[MD5.17252792B6016C58F15C9A04AC834147] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPresetData_BP.dat [1139]

O44 - LFC:[MD5.EC10E010C637383D566C95CEA4307737] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPresetData_CF.dat [1129]

O44 - LFC:[MD5.7C52CC8596D832C902FD194EBBB2CB2E] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPresetData_DU.dat [1146]

O44 - LFC:[MD5.4843A0BA0A20A81373086ACCAD81725B] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPresetData_EN.dat [1104]

O44 - LFC:[MD5.A40E9AED5BB4DF99EEC5C973DA0C0B42] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPresetData_ES.dat [1136]

O44 - LFC:[MD5.EC10E010C637383D566C95CEA4307737] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPresetData_FR.dat [1129]

O44 - LFC:[MD5.968070015D107F9353471E2CCA8F432E] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPresetData_GE.dat [1107]

O44 - LFC:[MD5.1E58B11A525A5C324F4BCF86E62E1826] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPresetData_IT.dat [1120]

O44 - LFC:[MD5.17252792B6016C58F15C9A04AC834147] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPresetData_PT.dat [1139]

O44 - LFC:[MD5.7AA6FCF74FEA8DE3F1E71CF579E9BCB9] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\EPPICPrinterDB.dat [111932]

O44 - LFC:[MD5.0F23634D5375EBC97A1D77838730A55D] - 3/12/2011 - 3:29:49 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\PICSDK.ini [97]

O44 - LFC:[MD5.2E409416D32024870A2D841B157A8E19] - 3/12/2011 - 3:29:49 PM ---A- . (.SEIKO EPSON CORPORATION - EPSON PIC SDK 1.10.) -- C:\windows\System32\EpPicPrt.dll [120992]

O44 - LFC:[MD5.68D2DE06776BEC0409AF80D26C2FD42E] - 3/12/2011 - 3:29:49 PM ---A- . (.SEIKO EPSON CORPORATION - EPSON PIC SDK 3.0.) -- C:\windows\System32\PICEntry.dll [108704]

O44 - LFC:[MD5.93C3E9EE30280A8ED2D56DCEDA0FAF3F] - 3/12/2011 - 3:29:49 PM ---A- . (.SEIKO EPSON CORPORATION - EPSON PIC SDK 3.0.) -- C:\windows\System32\PICSDK.dll [80024]

O44 - LFC:[MD5.17152A7F21C9802E7826DE63D2DF184C] - 3/12/2011 - 3:29:49 PM ---A- . (.SEIKO EPSON CORPORATION - EPSON PIC SDK 3.0.) -- C:\windows\System32\PICSDK2.dll [501912]

O44 - LFC:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 3/12/2011 - 3:39:44 PM ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\windows\System32\drivers\GEARAspiWDM.sys [26600]

O44 - LFC:[MD5.005EE82BABF1D2D32188A75BEDF500A4] - 3/12/2011 - 3:39:44 PM ---A- . (.GEAR Software Inc. - GEARAspi (x86).) -- C:\windows\System32\GEARAspi.dll [107368]

O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 3/13/2011 - 11:45:55 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\RacRules.xml [105559]

O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 3/13/2011 - 11:45:59 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\ScavengeSpace.xml [10429]

O44 - LFC:[MD5.03783D0840B2C54D7665248425C74417] - 3/13/2011 - 11:46:00 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\dosx.exe [53600]

O44 - LFC:[MD5.1DE21EC4A2232FF4F5298ADCAE7B3690] - 3/13/2011 - 11:46:00 AM ---A- . (.Radius Inc. - Codec Cinepak®.) -- C:\windows\System32\iccvid.dll [82944]

O44 - LFC:[MD5.163A95975E1D8819E653AA3E961371CA] - 3/13/2011 - 11:46:06 AM ---A- . (.Twain Working Group - Gestionnaire de sources Twain_32 (Image Acq.) -- C:\windows\twain_32.dll [51200]

O44 - LFC:[MD5.737AFC772243C75E6AD17A7A8E8E23F9] - 3/13/2011 - 11:46:07 AM ---A- . (.Windows ® Codename Longhorn DDK provider - Services de gestion des polices.) -- C:\windows\System32\fms.dll [93696]

O44 - LFC:[MD5.A3CAE5D281DB4CFF7CFF8233507EE5AD] - 3/13/2011 - 11:46:15 AM ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\windows\System32\drivers\iaStorV.sys [332160]

O44 - LFC:[MD5.39B9273CA01364E115B464416CFB729B] - 3/13/2011 - 11:46:16 AM ---A- . (.Microsoft - robocopy.) -- C:\windows\System32\Robocopy.exe [98816]

O44 - LFC:[MD5.146459D2B08BFDCBFA856D9947043C81] - 3/13/2011 - 11:46:25 AM ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\windows\System32\drivers\amdxata.sys [22400]

O44 - LFC:[MD5.E7F4D42D8076EC60E21715CD11743A0D] - 3/13/2011 - 11:46:31 AM ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\windows\System32\drivers\amdsata.sys [80256]

O44 - LFC:[MD5.C9FB8C3D650EF8BD76865EC20A19A5BC] - 3/13/2011 - 11:46:39 AM ---A- . (.Microsoft - Filtre du convertisseur RDP (redirecteur).) -- C:\windows\System32\DShowRdpFilter.dll [252928]

O44 - LFC:[MD5.AF2EEC9580C1D32FB7EAF105D9784061] - 3/13/2011 - 11:46:40 AM ---A- . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) -- C:\windows\System32\drivers\nvraid.sys [117120]

O44 - LFC:[MD5.9283C58EBAA2618F93482EB5DABCEC82] - 3/13/2011 - 11:46:43 AM ---A- . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) -- C:\windows\System32\drivers\nvstor.sys [143744]

O44 - LFC:[MD5.C5DEA5B95AF9AA981C88CAB94A58213E] - 3/13/2011 - 11:46:47 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\locale.nls [419880]

O44 - LFC:[MD5.B8CBB46B42570D373C9933FBDF25EBCE] - 3/13/2011 - 11:46:51 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\systemsf.ebd [146852]

O44 - LFC:[MD5.CD4089E09174E7EF2E5B237C2035C1AC] - 3/13/2011 - 11:49:11 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\msxml4-KB973688-enu.LOG [290890]

O44 - LFC:[MD5.AE7CD87D91E048AE65A125658D8B0CFA] - 3/13/2011 - 11:49:19 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\msxml4-KB954430-enu.LOG [284344]

O44 - LFC:[MD5.764B4E40E8633904CEA020F6C46D20ED] - 3/13/2011 - 11:58:44 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\FNTCACHE.DAT [347704]

O44 - LFC:[MD5.EAB7432EF9F9A22E3FAA25B96EFB2DCB] - 3/13/2011 - 1:44:36 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\PFRO.log [655156]

O44 - LFC:[MD5.F550B7F523A9EB7143F4D9C04FBCACA1] - 3/14/2011 - 9:00:53 PM -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\bootstat.dat [67584]

O44 - LFC:[MD5.25E8BE34331D93B6A1139D6B727E85D8] - 3/14/2011 - 9:00:54 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\setupact.log [42474]

O44 - LFC:[MD5.53000000000000000000000004EF1200] - 3/14/2011 - 9:02:27 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\WindowsUpdate.log [1116075]

O44 - LFC:[MD5.3AFB7BAD0967EACE8D3ED16CF2A8FD8A] - 3/14/2011 - 9:05:09 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\PerfStringBackup.INI [1524562]

O44 - LFC:[MD5.EED51D56C1041D48C08D31CFC0876496] - 3/14/2011 - 9:05:09 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\perfc009.dat [103568]

O44 - LFC:[MD5.FF7FA933B2ABBB07373BDCD201A1ABA9] - 3/14/2011 - 9:05:09 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\perfc00C.dat [127684]

O44 - LFC:[MD5.EE946017F68304658A20B6732CE5F8B8] - 3/14/2011 - 9:05:09 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\perfh009.dat [607190]

O44 - LFC:[MD5.E4468BFBF99A521D733AA7B7BB2359F4] - 3/14/2011 - 9:05:09 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\perfh00C.dat [695004]

O44 - LFC:[MD5.F5A7732F9B00F9E7DC1049C7A315C980] - 3/14/2011 - 9:06:48 PM --HA- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [14736]

O44 - LFC:[MD5.F5A7732F9B00F9E7DC1049C7A315C980] - 3/14/2011 - 9:06:48 PM --HA- . (.Pas de propriétaire - Pas de description.) -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [14736]

 

 

---\\ Déni du service (Local Security Authority) (LSA) (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\windows\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\windows\System32\msv1_0.dll

 

 

---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\windows\System32\iccvid.dll

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

 

 

---\\ ShareTools MSconfig StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

O53 - SMSR:HKLM\...\startupreg\APLangApp [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\AnyPC Client\APLangApp.exe

O53 - SMSR:HKLM\...\startupreg\BrowserChoice [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Windows\System32\browserchoice.exe

O53 - SMSR:HKLM\...\startupreg\CLMLServer [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

O53 - SMSR:HKLM\...\startupreg\EPSON Stylus DX8400 Series [Key] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.exe

O53 - SMSR:HKLM\...\startupreg\HotKeysCmds [Key] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe

O53 - SMSR:HKLM\...\startupreg\IgfxTray [Key] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe

O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\iTunes\iTunesHelper.exe

O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O53 - SMSR:HKLM\...\startupreg\PDVD8LanguageShortcut [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe

O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe

O53 - SMSR:HKLM\...\startupreg\QuickTime Task [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\QuickTime\QTTask.exe

O53 - SMSR:HKLM\...\startupreg\RemoteControl8 [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

O53 - SMSR:HKLM\...\startupreg\RtHDVCpl [Key] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O53 - SMSR:HKLM\...\startupreg\swg [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O53 - SMSR:HKLM\...\startupreg\SynTPEnh [Key] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O53 - SMSR:HKLM\...\startupreg\UCam_Menu [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

O53 - SMSR:HKLM\...\startupreg\UpdateLBPShortCut [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

O53 - SMSR:HKLM\...\startupreg\UpdateP2GoShortCut [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

O53 - SMSR:HKLM\...\startupreg\UpdatePDRShortCut [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

O53 - SMSR:HKLM\...\startupreg\UpdatePPShortCut [Key] . (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe

 

 

---\\ Microsoft Control Security Providers (MCSP) (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\windows\system32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\windows\system32\credssp.dll

 

 

---\\ Microsoft Windows Policies System (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

 

 

---\\ Liste des Drivers Système (SDL) (O58)

O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 7/14/2009 - 2:26:15 AM ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\windows\system32\drivers\adp94xx.sys [422976]

O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 7/14/2009 - 2:26:17 AM ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\windows\system32\drivers\adpahci.sys [297552]

O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 7/14/2009 - 2:26:15 AM ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\windows\system32\drivers\adpu320.sys [146512]

O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 7/14/2009 - 2:26:15 AM ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\windows\system32\drivers\aliide.sys [14400]

O58 - SDL:[MD5.E7F4D42D8076EC60E21715CD11743A0D] - 11/20/2010 - 1:29:13 PM ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\windows\system32\drivers\amdsata.sys [80256]

O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 7/14/2009 - 2:26:15 AM ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\windows\system32\drivers\amdsbs.sys [159312]

O58 - SDL:[MD5.146459D2B08BFDCBFA856D9947043C81] - 11/20/2010 - 1:29:15 PM ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\windows\system32\drivers\amdxata.sys [22400]

O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 7/14/2009 - 2:26:15 AM ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\windows\system32\drivers\arc.sys [76368]

O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 7/14/2009 - 2:26:15 AM ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\windows\system32\drivers\arcsas.sys [86608]

O58 - SDL:[MD5.0F4B6B99D6CDC1D93DF1FA690796B2F7] - 11/6/2009 - 9:53:58 PM ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\windows\system32\drivers\athr.sys [1227776]

O58 - SDL:[MD5.47B879406246FFDCED59E18D331A0E7D] - 12/6/2010 - 8:48:06 AM ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\windows\system32\drivers\avgntflt.sys [61960]

O58 - SDL:[MD5.C306F96B5EAC2D58774780EC4AF5467B] - 12/6/2010 - 8:48:06 AM ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\windows\system32\drivers\avipbb.sys [135096]

O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 7/13/2009 - 11:02:49 PM ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\windows\system32\drivers\b57nd60x.sys [229888]

O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 7/13/2009 - 11:53:28 PM ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\windows\system32\drivers\BrFiltLo.sys [13568]

O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 7/13/2009 - 11:53:28 PM ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\windows\system32\drivers\BrFiltUp.sys [5248]

O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 7/14/2009 - 1:57:25 AM ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\windows\system32\drivers\BrSerId.sys [272128]

O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 7/13/2009 - 11:53:32 PM ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\windows\system32\drivers\BrSerWdm.sys [62336]

O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 7/13/2009 - 11:53:33 PM ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\windows\system32\drivers\BrUsbMdm.sys [12160]

O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 7/13/2009 - 11:53:33 PM ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\windows\system32\drivers\BrUsbSer.sys [11904]

O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 7/13/2009 - 11:02:48 PM ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\windows\system32\drivers\bxvbdx.sys [430080]

O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 7/14/2009 - 2:26:21 AM ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\windows\system32\drivers\cmdide.sys [15952]

O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 7/14/2009 - 2:20:28 AM ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\windows\system32\drivers\djsvs.sys [70720]

O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 7/14/2009 - 2:20:28 AM ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\windows\system32\drivers\elxstor.sys [453712]

O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 7/13/2009 - 11:02:48 PM ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\windows\system32\drivers\evbdx.sys [3100160]

O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 5/18/2009 - 1:17:00 PM ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\windows\system32\drivers\GEARAspiWDM.sys [26600]

O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 7/13/2009 - 11:54:14 PM ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\windows\system32\drivers\hcw85cir.sys [26624]

O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 7/14/2009 - 2:20:28 AM ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\windows\system32\drivers\HpSAMD.sys [67152]

O58 - SDL:[MD5.0BAA4115DFFFD6A6D809A89D65E1281A] - 10/13/2009 - 3:09:36 AM ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\windows\system32\drivers\iaStor.sys [331288]

O58 - SDL:[MD5.A3CAE5D281DB4CFF7CFF8233507EE5AD] - 11/20/2010 - 1:29:54 PM ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\windows\system32\drivers\iaStorV.sys [332160]

O58 - SDL:[MD5.8266AE06DF974E5BA047B3E9E9E70B3F] - 8/25/2010 - 7:31:30 PM ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\windows\system32\drivers\igdkmd32.sys [9024512]

O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 7/14/2009 - 2:20:36 AM ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\windows\system32\drivers\iirsp.sys [41040]

O58 - SDL:[MD5.264632ADE8127B7BAA2190CF6FAD435B] - 7/10/2009 - 2:44:52 PM ---A- . (.Intel® Corporation - Intel® High Definition Audio HDMI.) -- C:\windows\system32\drivers\IntcHdmi.sys [122880]

O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 7/14/2009 - 2:20:36 AM ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\windows\system32\drivers\lsi_fc.sys [95824]

O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 7/14/2009 - 2:20:37 AM ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\windows\system32\drivers\lsi_sas.sys [89168]

O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 7/14/2009 - 2:20:36 AM ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\windows\system32\drivers\lsi_sas2.sys [54864]

O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 7/14/2009 - 2:20:36 AM ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\windows\system32\drivers\lsi_scsi.sys [96848]

O58 - SDL:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 12/20/2010 - 6:08:40 PM ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\windows\system32\drivers\mbam.sys [20952]

O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 12/20/2010 - 6:09:00 PM ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\windows\system32\drivers\mbamswissarmy.sys [38224]

O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 7/14/2009 - 2:20:36 AM ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\windows\system32\drivers\megasas.sys [30800]

O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 7/14/2009 - 2:20:36 AM ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\windows\system32\drivers\MegaSR.sys [235584]

O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 7/14/2009 - 2:20:44 AM ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\windows\system32\drivers\nfrd960.sys [44624]

O58 - SDL:[MD5.AF2EEC9580C1D32FB7EAF105D9784061] - 11/20/2010 - 1:30:06 PM ---A- . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) -- C:\windows\system32\drivers\nvraid.sys [117120]

O58 - SDL:[MD5.9283C58EBAA2618F93482EB5DABCEC82] - 11/20/2010 - 1:30:06 PM ---A- . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) -- C:\windows\system32\drivers\nvstor.sys [143744]

O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 7/14/2009 - 2:19:04 AM ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\windows\system32\drivers\ql2300.sys [1383488]

O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 7/14/2009 - 2:19:04 AM ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\windows\system32\drivers\ql40xx.sys [106064]

O58 - SDL:[MD5.7DFD48E24479B68B258D8770121155A0] - 7/13/2009 - 11:02:52 PM ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Driver.) -- C:\windows\system32\drivers\Rt86win7.sys [139776]

O58 - SDL:[MD5.3202E26501E5E18C35DC2CC74709A704] - 11/21/2009 - 3:33:28 AM ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\windows\system32\drivers\RTKVHDA.sys [2811296]

O58 - SDL:[MD5.41CE6B172542A9A227E34A45881E1D2A] - 6/26/2010 - 10:53:57 AM ---A- . (.Windows ® 2003 DDK 3790 provider - Generic Port I/O for Win32.) -- C:\windows\system32\drivers\rtport.sys [15656]

O58 - SDL:[MD5.6E5FBB7CBAEC47038B945D5E9B144A64] - 5/28/2009 - 7:38:12 AM ---A- . (.SAMSUNG ELECTRONICS - SAMSUNG Kernel Driver.) -- C:\windows\system32\drivers\SABI.sys [10752]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 7/13/2009 - 9:50:20 PM ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\windows\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.5FB7FCEA0490D821F26F39CC5EA3D1E2] - 7/14/2009 - 12:45:33 AM ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\windows\system32\drivers\serial.sys [83456]

O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 7/14/2009 - 2:19:04 AM ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\windows\system32\drivers\sisraid2.sys [40016]

O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 7/14/2009 - 2:19:04 AM ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\windows\system32\drivers\sisraid4.sys [77888]

O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 6/17/2010 - 2:28:02 PM ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\windows\system32\drivers\ssmdrv.sys [28520]

O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 7/14/2009 - 2:19:04 AM ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\windows\system32\drivers\stexstor.sys [21072]

O58 - SDL:[MD5.215A45246C6E2D0A9C263CE1786C8D8A] - 10/10/2009 - 4:16:30 AM ---A- . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\windows\system32\drivers\SynTP.sys [229424]

O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 7/14/2009 - 2:19:10 AM ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\windows\system32\drivers\viaide.sys [16976]

O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 7/14/2009 - 2:19:11 AM ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\windows\system32\drivers\vsmraid.sys [141904]

O58 - SDL:[MD5.30B73EB97218A16CBC6DE535782A1B35] - 9/28/2009 - 10:22:00 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\drivers\yk62x86.sys [315392]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 7/13/2009 - 10:40:41 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\ANSI.SYS [9029]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 7/13/2009 - 10:40:44 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\country.sys [27097]

O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 7/13/2009 - 10:40:40 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\HIMEM.SYS [4768]

O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 7/13/2009 - 10:40:43 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\KEY01.SYS [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 7/13/2009 - 10:40:43 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\KEYBOARD.SYS [42537]

O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 7/13/2009 - 10:40:23 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\NTDOS.SYS [27866]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 7/13/2009 - 10:40:31 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\NTDOS404.SYS [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 7/13/2009 - 10:40:35 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\NTDOS411.SYS [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 7/13/2009 - 10:40:39 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\NTDOS412.SYS [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 7/13/2009 - 10:40:27 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\NTDOS804.SYS [29146]

O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 7/13/2009 - 10:40:11 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\NTIO.SYS [33952]

O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 7/13/2009 - 10:40:15 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\NTIO404.SYS [34672]

O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 7/13/2009 - 10:40:17 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\NTIO411.SYS [35776]

O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 7/13/2009 - 10:40:19 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\NTIO412.SYS [35536]

O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 7/13/2009 - 10:40:13 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\system32\NTIO804.SYS [34672]

 

 

---\\ Liste des outils de nettoyage (LATC) (O63)

O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

 

 

---\\ Liste des services Legacy (LALS) (O64)

O64 - Services: CurCS - C:\windows\system32\drivers\afd.sys (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD

O64 - Services: CurCS - C:\Windows\System32\drivers\atapi.sys - IDE Channel (atapi) .(.Microsoft Corporation - ATAPI IDE Miniport Driver.) - LEGACY_ATAPI

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\avgntflt.sys - avgntflt (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\avipbb.sys - avipbb (avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB

O64 - Services: CurCS - C:\windows\system32\Drivers\BEEP.sys - (.not file.) - Beep (Beep) .(.Pas de propriétaire - Pas de description.) - LEGACY_BEEP

O64 - Services: CurCS - C:\windows\system32\browser.dll (bowser) .(.Microsoft Corporation - DLL du service Explorateur d'ordinateurs.) - LEGACY_BOWSER

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\cdfs.sys - CD/DVD File System Reader (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS

O64 - Services: CurCS - C:\windows\system32\clfs.sys (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS

O64 - Services: CurCS - C:\Windows\System32\Drivers\cng.sys - CNG (CNG) .(.Microsoft Corporation - Kernel Cryptography, Next Generation.) - LEGACY_CNG

O64 - Services: CurCS - C:\windows\system32\drivers\dfsc.sys (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC

O64 - Services: CurCS - C:\windows\system32\drivers\discache.sys (discache) .(.Microsoft Corporation - System Indexer/Cache Driver.) - LEGACY_DISCACHE

O64 - Services: CurCS - C:\windows\system32\drivers\dxgkrnl.sys - LDDM Graphics Subsystem (DXGKrnl) .(.Microsoft Corporation - DirectX Graphics Kernel.) - LEGACY_DXGKRNL

O64 - Services: CurCS - C:\windows\system32\Drivers\FASTFAT.sys - (.not file.) - FAT12/16/32 File System Driver (fastfat) .(.Pas de propriétaire - Pas de description.) - LEGACY_FASTFAT

O64 - Services: CurCS - C:\windows\system32\drivers\fileinfo.sys (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO

O64 - Services: CurCS - C:\windows\system32\drivers\fltmgr.sys (FltMgr) .(.Microsoft Corporation - Gestionnaire de filtres de système de fichi.) - LEGACY_FLTMGR

O64 - Services: CurCS - C:\windows\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(.Pas de propriétaire - Pas de description.) - LEGACY_FS_REC

O64 - Services: CurCS - C:\windows\system32\drivers\fvevol.sys (fvevol) .(.Microsoft Corporation - BitLocker Drive Encryption Driver.) - LEGACY_FVEVOL

O64 - Services: CurCS - C:\windows\system32\drivers\http.sys (HTTP) .(.Microsoft Corporation - HTTP Pile du protocole.) - LEGACY_HTTP

O64 - Services: CurCS - C:\windows\system32\drivers\hwpolicy.sys (hwpolicy) .(.Microsoft Corporation - Hardware Policy Driver.) - LEGACY_HWPOLICY

O64 - Services: CurCS - C:\windows\system32\rascfg.dll (IpFilterDriver) .(.Microsoft Corporation - Objets de configuration RAS.) - LEGACY_IPFILTERDRIVER

O64 - Services: CurCS - C:\Windows\System32\Drivers\ksecdd.sys - KSecDD (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD

O64 - Services: CurCS - C:\Windows\System32\Drivers\ksecpkg.sys - KSecPkg (KSecPkg) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECPKG

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\lltdio.sys - Link-Layer Topology Discovery Mapper I/O Driver (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO

O64 - Services: CurCS - C:\windows\system32\drivers\luafv.sys (luafv) .(.Microsoft Corporation - Pilote de filtre de virtualisation de fichi.) - LEGACY_LUAFV

O64 - Services: CurCS - (.not file.) - McAfee Inc. mfeavfk (mfeavfk) .(.Pas de propriétaire - Pas de description.) - LEGACY_MFEAVFK

O64 - Services: CurCS - (.not file.) - McAfee Inc. mfebopk (mfebopk) .(.Pas de propriétaire - Pas de description.) - LEGACY_MFEBOPK

O64 - Services: CurCS - (.not file.) - McAfee Inc. mfehidk (mfehidk) .(.Pas de propriétaire - Pas de description.) - LEGACY_MFEHIDK

O64 - Services: CurCS - (.not file.) - McAfee Inc. mfesmfk (mfesmfk) .(.Pas de propriétaire - Pas de description.) - LEGACY_MFESMFK

O64 - Services: CurCS - C:\windows\system32\drivers\mountmgr.sys (mountmgr) .(.Microsoft Corporation - Gestionnaire des points de montage.) - LEGACY_MOUNTMGR

O64 - Services: CurCS - (.not file.) - MPFP (MPFP) .(.Pas de propriétaire - Pas de description.) - LEGACY_MPFP

O64 - Services: CurCS - C:\windows\system32\FirewallAPI.dll (mpsdrv) .(.Microsoft Corporation - API du Pare-feu Windows.) - LEGACY_MPSDRV

O64 - Services: CurCS - C:\windows\system32\wkssvc.dll (mrxsmb) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB

O64 - Services: CurCS - C:\windows\system32\wkssvc.dll (mrxsmb10) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB10

O64 - Services: CurCS - C:\windows\system32\wkssvc.dll (mrxsmb20) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB20

O64 - Services: CurCS - C:\Windows\System32\drivers\msahci.sys - msahci (msahci) .(.Microsoft Corporation - MS AHCI 1.0 Standard Driver.) - LEGACY_MSAHCI

O64 - Services: CurCS - C:\windows\system32\Drivers\MSFS.sys - Msfs (Msfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_MSFS

O64 - Services: CurCS - C:\Windows\System32\drivers\msisadrv.sys - msisadrv (msisadrv) .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV

O64 - Services: CurCS - C:\windows\system32\drivers\mup.sys (Mup) .(.Microsoft Corporation - Multiple UNC Provider Driver.) - LEGACY_MUP

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\nwifi.sys - NativeWiFi Filter (NativeWifiP) .(.Microsoft Corporation - Pilote de miniport WiFi natif.) - LEGACY_NATIVEWIFIP

O64 - Services: CurCS - C:\windows\system32\drivers\ndis.sys (NDIS) .(.Microsoft Corporation - Pilote NDIS 6.20.) - LEGACY_NDIS

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndisuio.sys - NDIS Usermode I/O Protocol (Ndisuio) .(.Microsoft Corporation - Pilote d'E/S du mode utilisateur NDIS.) - LEGACY_NDISUIO

O64 - Services: CurCS - C:\windows\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDPROXY

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbios.sys - NetBIOS Interface (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS

O64 - Services: CurCS - C:\windows\system32\drivers\netbt.sys (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT

O64 - Services: CurCS - C:\windows\system32\Drivers\NPFS.sys - Npfs (Npfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NPFS

O64 - Services: CurCS - C:\windows\system32\drivers\nsiproxy.sys (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY

O64 - Services: CurCS - C:\windows\system32\Drivers\NTFS.sys - Ntfs (Ntfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NTFS

O64 - Services: CurCS - C:\windows\system32\Drivers\NULL.sys - Null (Null) .(.Pas de propriétaire - Pas de description.) - LEGACY_NULL

O64 - Services: CurCS - C:\windows\system32\DRIVERS\parvdm.sys - Parvdm (Parvdm) .(.Microsoft Corporation - Pilote parallèle VDM.) - LEGACY_PARVDM

O64 - Services: CurCS - C:\Windows\System32\drivers\pcw.sys - Performance Counters for Windows Driver (pcw) .(.Microsoft Corporation - Performance Counters for Windows Driver.) - LEGACY_PCW

O64 - Services: CurCS - C:\Windows\System32\drivers\peauth.sys - PEAUTH (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH

O64 - Services: CurCS - C:\windows\system32\drivers\pacer.sys (Psched) .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED

O64 - Services: CurCS - C:\windows\system32\wkssvc.dll (rdbss) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_RDBSS

O64 - Services: CurCS - C:\windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD

O64 - Services: CurCS - C:\windows\system32\drivers\RDPENCDD.sys (RDPENCDD) .(.Microsoft Corporation - RDP Encoder Miniport.) - LEGACY_RDPENCDD

O64 - Services: CurCS - C:\windows\system32\drivers\RdpRefMp.sys (RDPREFMP) .(.Microsoft Corporation - RDP Reflector Driver Miniport.) - LEGACY_RDPREFMP

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rspndr.sys - Link-Layer Topology Discovery Responder (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR

O64 - Services: CurCS - C:\windows\system32\drivers\rtport.sys - rtport (rtport) .(.Windows ® 2003 DDK 3790 provider - Generic Port I/O for Win32.) - LEGACY_RTPORT

O64 - Services: CurCS - C:\windows\system32\Drivers\SABI.sys - SAMSUNG Kernel Driver For Windows 7 (SABI) .(.SAMSUNG ELECTRONICS - SAMSUNG Kernel Driver.) - LEGACY_SABI

O64 - Services: CurCS - C:\windows\system32\Drivers\SECDRV.sys - (.not file.) - Security Driver (secdrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_SECDRV

O64 - Services: CurCS - C:\windows\system32\Drivers\SPLDR.sys - (.not file.) - Security Processor Loader Driver (spldr) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPLDR

O64 - Services: CurCS - C:\windows\system32\srvsvc.dll (srv) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV

O64 - Services: CurCS - C:\windows\system32\srvsvc.dll (srv2) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV2

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srvnet.sys - srvnet (srvnet) .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ssmdrv.sys - ssmdrv (ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV

O64 - Services: CurCS - C:\windows\system32\tcpipcfg.dll (Tcpip) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TCPIP

O64 - Services: CurCS - C:\Windows\System32\drivers\tcpipreg.sys - TCP/IP Registry Compatibility (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG

O64 - Services: CurCS - C:\windows\system32\tcpipcfg.dll (tdx) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TDX

O64 - Services: CurCS - C:\windows\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE

O64 - Services: CurCS - C:\windows\system32\drivers\volmgrx.sys (volmgrx) .(.Microsoft Corporation - Pilote d'extension du gestionnaire de volum.) - LEGACY_VOLMGRX

O64 - Services: CurCS - C:\Windows\System32\drivers\volsnap.sys - Storage volumes (volsnap) .(.Microsoft Corporation - Pilote de cliché instantané du volume.) - LEGACY_VOLSNAP

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\vwififlt.sys - Virtual WiFi Filter Driver (vwififlt) .(.Microsoft Corporation - Virtual WiFi Filter Driver.) - LEGACY_VWIFIFLT

O64 - Services: CurCS - C:\windows\system32\rascfg.dll (Wanarpv6) .(.Microsoft Corporation - Objets de configuration RAS.) - LEGACY_WANARPV6

O64 - Services: CurCS - C:\Windows\System32\drivers\Wdf01000.sys - Kernel Mode Driver Frameworks service (Wdf01000) .(.Microsoft Corporation - Runtime de l'infrastructure de pilotes en m.) - LEGACY_WDF01000

O64 - Services: CurCS - C:\Windows\System32\DRIVERS\wfplwf.sys - WFP Lightweight Filter (WfpLwf) .(.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - LEGACY_WFPLWF

O64 - Services: CurCS - C:\Windows\System32\drivers\WudfPf.sys - User Mode Driver Frameworks Platform Driver (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\windows\regedit.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)

O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Pas de propriétaire - Pas de description.) -- "C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\windows\regedit.exe

 

 

---\\ Start Menu Internet (SMI) (O68)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

 

 

---\\ Search Browser Infection (SBI) (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - {searchTerms} - Bing

O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] - (Google) - {searchTerms} - Recherche Google

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - {searchTerms} - Recherche Google

 

 

---\\ Recherche des services démarrés par Svchost (SSS) (O83)

O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d'application.) -- C:\windows\System32\aelupsvc.dll [62464]

O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\windows\System32\certprop.dll [67584]

O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\windows\System32\certprop.dll [67584]

O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\windows\system32\srvsvc.dll [168960]

O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\windows\System32\gpsvc.dll [593408]

O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\windows\System32\ikeext.dll [674304]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\windows\System32\Audiosrv.dll [473600]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d'accès distant.) -- C:\windows\System32\rasauto.dll [90624]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d'accès distant.) -- C:\windows\System32\rasmans.dll [286208]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d'interface dynamique.) -- C:\windows\System32\mprdim.dll [75264]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d'événements système (SENS).) -- C:\windows\System32\sens.dll [49664]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\windows\System32\ipnathlp.dll [300544]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows™.) -- C:\windows\System32\tapisrv.dll [242176]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\windows\System32\termsrv.dll [521216]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\windows\system32\wuaueng.dll [1914368]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\windows\System32\qmgr.dll [585728]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\windows\System32\shsvcs.dll [328192]

O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\windows\System32\iphlpsvc.dll [499712]

O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\windows\system32\seclogon.dll [21504]

O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d'application.) -- C:\windows\System32\appinfo.dll [47104]

O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\windows\system32\iscsiexe.dll [114688]

O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\windows\system32\mmcss.dll [49664]

O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\windows\System32\wercplsupport.dll [61440]

O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\windows\System32\eapsvc.dll [98304]

O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\windows\system32\profsvc.dll [164352]

O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\windows\system32\schedsvc.dll [750592]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\windows\system32\kmsvc.dll [71168]

O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\windows\system32\sessenv.dll [113664]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\windows\system32\wbem\WMIsvc.dll [168960]

O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d'ordinateurs.) -- C:\windows\System32\browser.dll [102400]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\windows\system32\themeservice.dll [37376]

O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\windows\System32\bdesvc.dll [76800]

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 12/6/2010 135336 | "C:\Program Files\Avira\AntiVir Desktop\sched.exe (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe

SR - | Auto 12/6/2010 267944 | "C:\Program Files\Avira\AntiVir Desktop\avguard.exe (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 10/16/2010 37664 | "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

SR - | Auto 10/7/2010 345376 | "C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SR - | Auto 1/11/2007 113664 | C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.exe (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.exe

SS - | Auto 3/12/2011 135664 | "C:\Program Files\Google\Update\GoogleUpdate.exe (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 12/5/2009 182768 | "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

SS - | Demand 11/17/2010 820008 | "C:\Program Files\iPod\bin\iPodService.exe (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe

SS - | Demand 9/17/2007 800040 | C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

SS - | Demand 6/27/2007 279848 | "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

SR - | Auto 8/13/2009 44312 | "C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe (OberonGameConsoleService) . (.Pas de propriétaire.) - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

SR - | Auto 7/7/2009 247152 | "C:\Program Files\CyberLink\Shared files\RichVideo.exe (RichVideo) . (.Pas de propriétaire.) - C:\Program Files\CyberLink\Shared files\RichVideo.exe

SS - | Demand 7/14/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\windows\System32\svchost.exe

SR - | Auto 7/14/2009 20992 | C:\windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\windows\system32\svchost.exe

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, GMER - Rootkit Detector and Remover

Run by Yves at 3/14/2011 9:14:26 PM

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll

C:\windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver

1 nt!IofCallDriver[0x83073FE3] -> \Device\Harddisk0\DR0[0x86D6D820]

3 CLASSPNP[0x8C28659E] -> nt!IofCallDriver[0x83073FE3] -> \Device\Ide\IAAStorageDevice-1[0x85F29028]

kernel: MBR read successfully

user & kernel MBR OK

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13,

Run by Yves at 3/14/2011 9:14:26 PM

Use the desktop link 'MBRCheck' to have full report

 

 

 

 

End of the scan (924 lines in 52mn AMs)(0)

 

 

 

Modifié le 16 mars 2011 par yves13

[yves13]

 

 

J' ai oublié de joindre un rapport MBRCheck - désolé -

Yves 13.

 

 

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 32-bit

Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD.

BIOS Manufacturer: Phoenix Technologies Ltd.

System Manufacturer: SAMSUNG ELECTRONICS CO., LTD.

System Product Name: R530/R730

Logical Drives Mask: 0x0000001c

 

Kernel Drivers (total 187):

0x83045000 \SystemRoot\system32\ntoskrnl.exe

0x8300E000 \SystemRoot\system32\halmacpi.dll

0x80BCC000 \SystemRoot\system32\kdcom.dll

0x8B813000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x8B898000 \SystemRoot\system32\PSHED.dll

0x8B8A9000 \SystemRoot\system32\BOOTVID.dll

0x8B8B1000 \SystemRoot\system32\CLFS.SYS

0x8B8F3000 \SystemRoot\system32\CI.dll

0x8B99E000 \SystemRoot\system32\drivers\Wdf01000.sys

0x8BA0F000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x8BA1D000 \SystemRoot\system32\drivers\ACPI.sys

0x8BA65000 \SystemRoot\system32\drivers\WMILIB.SYS

0x8BA6E000 \SystemRoot\system32\drivers\msisadrv.sys

0x8BA76000 \SystemRoot\system32\drivers\pci.sys

0x8BAA0000 \SystemRoot\system32\drivers\vdrvroot.sys

0x8BAAB000 \SystemRoot\System32\drivers\partmgr.sys

0x8BABC000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x8BAC4000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x8BACF000 \SystemRoot\system32\drivers\volmgr.sys

0x8BADF000 \SystemRoot\System32\drivers\volmgrx.sys

0x8BB2A000 \SystemRoot\System32\drivers\mountmgr.sys

0x8BC01000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x8BCDB000 \SystemRoot\system32\drivers\atapi.sys

0x8BCE4000 \SystemRoot\system32\drivers\ataport.SYS

0x8BD07000 \SystemRoot\system32\drivers\msahci.sys

0x8BD11000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x8BD1F000 \SystemRoot\system32\drivers\amdxata.sys

0x8BD28000 \SystemRoot\system32\drivers\fltmgr.sys

0x8BD5C000 \SystemRoot\system32\drivers\fileinfo.sys

0x8BD6D000 \SystemRoot\System32\Drivers\Ntfs.sys

0x8BE9C000 \SystemRoot\System32\Drivers\msrpc.sys

0x8BEC7000 \SystemRoot\System32\Drivers\ksecdd.sys

0x8BEDA000 \SystemRoot\System32\Drivers\cng.sys

0x8BF37000 \SystemRoot\System32\drivers\pcw.sys

0x8BF45000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x8BB40000 \SystemRoot\system32\drivers\ndis.sys

0x8BF4E000 \SystemRoot\system32\drivers\NETIO.SYS

0x8BF8C000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x8C038000 \SystemRoot\System32\drivers\tcpip.sys

0x8C182000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x8C1B3000 \SystemRoot\system32\drivers\volsnap.sys

0x8C1F2000 \SystemRoot\System32\Drivers\spldr.sys

0x8C1FA000 \SystemRoot\System32\drivers\rdyboost.sys

0x8C227000 \SystemRoot\System32\Drivers\mup.sys

0x8C237000 \SystemRoot\System32\drivers\hwpolicy.sys

0x8C23F000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x8C271000 \SystemRoot\system32\DRIVERS\disk.sys

0x8C282000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x8C39F000 \SystemRoot\system32\drivers\cdrom.sys

0x8C3BE000 \SystemRoot\System32\Drivers\Null.SYS

0x8C3C5000 \SystemRoot\System32\Drivers\Beep.SYS

0x8C3CC000 \SystemRoot\System32\drivers\vga.sys

0x8C3D8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x8C000000 \SystemRoot\System32\drivers\watchdog.sys

0x8C00D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x8C015000 \SystemRoot\system32\drivers\rdpencdd.sys

0x8C01D000 \SystemRoot\system32\drivers\rdprefmp.sys

0x8C025000 \SystemRoot\System32\Drivers\Msfs.SYS

0x8BFB1000 \SystemRoot\System32\Drivers\Npfs.SYS

0x8BFBF000 \SystemRoot\system32\DRIVERS\tdx.sys

0x8BFD6000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x92C06000 \SystemRoot\system32\drivers\afd.sys

0x92C60000 \SystemRoot\System32\DRIVERS\netbt.sys

0x92C92000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x92C99000 \SystemRoot\system32\DRIVERS\pacer.sys

0x92CB8000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x92CC9000 \SystemRoot\system32\DRIVERS\netbios.sys

0x92CD7000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x92CEA000 \SystemRoot\system32\drivers\termdd.sys

0x92CFB000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

0x92D01000 \??\C:\windows\system32\Drivers\SABI.sys

0x92D09000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x92D4A000 \SystemRoot\system32\drivers\nsiproxy.sys

0x92D54000 \SystemRoot\system32\drivers\mssmbios.sys

0x92D5E000 \SystemRoot\System32\drivers\discache.sys

0x92D6A000 \SystemRoot\System32\Drivers\dfsc.sys

0x92D82000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x92D90000 \SystemRoot\system32\DRIVERS\avipbb.sys

0x92DB6000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x93839000 \SystemRoot\system32\DRIVERS\igdkmd32.sys

0x94156000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x9420D000 \SystemRoot\System32\drivers\dxgmms1.sys

0x94246000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x94251000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x9429C000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x942AB000 \SystemRoot\system32\drivers\HDAudBus.sys

0x942CA000 \SystemRoot\system32\DRIVERS\athr.sys

0x93800000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x92DD7000 \SystemRoot\system32\DRIVERS\yk62x86.sys

0x9380A000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x9380E000 \SystemRoot\system32\drivers\i8042prt.sys

0x93826000 \SystemRoot\system32\drivers\kbdclass.sys

0x92E28000 \SystemRoot\system32\DRIVERS\SynTP.sys

0x93833000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x92E5F000 \SystemRoot\system32\drivers\mouclass.sys

0x943F9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x92E6C000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x92E7E000 \SystemRoot\system32\drivers\CompositeBus.sys

0x92E8B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x92E9D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x92EB5000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x92EC0000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x92EE2000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x92EFA000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x92F11000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x93835000 \SystemRoot\system32\drivers\swenum.sys

0x92F28000 \SystemRoot\system32\drivers\ks.sys

0x92F5C000 \SystemRoot\system32\drivers\umbus.sys

0x92F6A000 \SystemRoot\system32\drivers\usbhub.sys

0x92FAE000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x96803000 \SystemRoot\system32\drivers\RTKVHDA.sys

0x96AB0000 \SystemRoot\system32\drivers\portcls.sys

0x96ADF000 \SystemRoot\system32\drivers\drmk.sys

0x96AF8000 \SystemRoot\system32\drivers\IntcHdmi.sys

0x96B1B000 \SystemRoot\System32\Drivers\crashdmp.sys

0x8C2A7000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x96B28000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x97450000 \SystemRoot\System32\win32k.sys

0x96B39000 \SystemRoot\System32\drivers\Dxapi.sys

0x96B43000 \SystemRoot\system32\DRIVERS\monitor.sys

0x976B0000 \SystemRoot\System32\TSDDD.dll

0x96B4E000 \SystemRoot\system32\drivers\usbccgp.sys

0x976E0000 \SystemRoot\System32\cdd.dll

0x96B65000 \SystemRoot\System32\Drivers\usbvideo.sys

0x96B89000 \SystemRoot\system32\drivers\luafv.sys

0x96BA4000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0x96BB9000 \SystemRoot\system32\drivers\WudfPf.sys

0x96BD3000 \SystemRoot\system32\drivers\hidusb.sys

0x96BDE000 \SystemRoot\system32\drivers\HIDCLASS.SYS

0x96BF1000 \SystemRoot\system32\drivers\HIDPARSE.SYS

0x92FBF000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x92FCA000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x9142F000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x91475000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x91485000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x91498000 \SystemRoot\system32\drivers\HTTP.sys

0x9151D000 \SystemRoot\system32\DRIVERS\bowser.sys

0x91536000 \SystemRoot\System32\drivers\mpsdrv.sys

0x91548000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x9156B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x915A6000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x915D9000 \SystemRoot\system32\drivers\peauth.sys

0x91670000 \SystemRoot\System32\Drivers\secdrv.SYS

0x9167A000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x9169B000 \SystemRoot\System32\drivers\tcpipreg.sys

0x916A8000 \SystemRoot\System32\DRIVERS\srv2.sys

0x916F7000 \SystemRoot\System32\DRIVERS\srv.sys

0x917B2000 \??\C:\Users\Yves\AppData\Local\Temp\mbr.sys

0x77600000 \Windows\System32\ntdll.dll

0x483D0000 \Windows\System32\smss.exe

0x77840000 \Windows\System32\apisetschema.dll

0x002E0000 \Windows\System32\autochk.exe

0x77820000 \Windows\System32\normaliz.dll

0x77790000 \Windows\System32\oleaut32.dll

0x77550000 \Windows\System32\rpcrt4.dll

0x774A0000 \Windows\System32\msvcrt.dll

0x77420000 \Windows\System32\comdlg32.dll

0x77220000 \Windows\System32\iertutil.dll

0x77080000 \Windows\System32\setupapi.dll

0x77020000 \Windows\System32\difxapi.dll

0x77770000 \Windows\System32\imm32.dll

0x77740000 \Windows\System32\imagehlp.dll

0x76F80000 \Windows\System32\advapi32.dll

0x76F70000 \Windows\System32\nsi.dll

0x76ED0000 \Windows\System32\usp10.dll

0x76EC0000 \Windows\System32\lpk.dll

0x76270000 \Windows\System32\shell32.dll

0x761A0000 \Windows\System32\user32.dll

0x760A0000 \Windows\System32\wininet.dll

0x76050000 \Windows\System32\Wldap32.dll

0x76010000 \Windows\System32\ws2_32.dll

0x75EB0000 \Windows\System32\ole32.dll

0x75E60000 \Windows\System32\gdi32.dll

0x75E50000 \Windows\System32\psapi.dll

0x75DF0000 \Windows\System32\shlwapi.dll

0x75D10000 \Windows\System32\kernel32.dll

0x75CF0000 \Windows\System32\sechost.dll

0x75C60000 \Windows\System32\clbcatq.dll

0x75B20000 \Windows\System32\urlmon.dll

0x75A50000 \Windows\System32\msctf.dll

0x75A20000 \Windows\System32\wintrust.dll

0x75900000 \Windows\System32\crypt32.dll

0x758D0000 \Windows\System32\cfgmgr32.dll

0x75880000 \Windows\System32\KernelBase.dll

0x75860000 \Windows\System32\devobj.dll

0x757D0000 \Windows\System32\comctl32.dll

0x757C0000 \Windows\System32\msasn1.dll

 

Processes (total 64):

0 System Idle Process

4 System

300 C:\Windows\System32\smss.exe

428 csrss.exe

480 C:\Windows\System32\wininit.exe

492 csrss.exe

528 C:\Windows\System32\services.exe

544 C:\Windows\System32\lsass.exe

556 C:\Windows\System32\lsm.exe

664 C:\Windows\System32\svchost.exe

764 C:\Windows\System32\winlogon.exe

796 C:\Windows\System32\svchost.exe

864 C:\Windows\System32\svchost.exe

956 C:\Windows\System32\svchost.exe

1000 C:\Windows\System32\svchost.exe

1092 C:\Windows\System32\svchost.exe

1180 C:\Windows\System32\svchost.exe

1352 C:\Windows\System32\spoolsv.exe

1404 C:\Program Files\Avira\AntiVir Desktop\sched.exe

1464 C:\Windows\System32\svchost.exe

1568 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

1604 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1620 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

1652 C:\Windows\System32\conhost.exe

1716 C:\Program Files\Bonjour\mDNSResponder.exe

1752 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

1792 C:\Windows\System32\svchost.exe

1948 C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

272 C:\Program Files\CyberLink\Shared files\RichVideo.exe

436 C:\Windows\System32\svchost.exe

2528 C:\Windows\System32\taskhost.exe

2540 C:\Windows\System32\taskeng.exe

2556 C:\Windows\System32\dwm.exe

2688 C:\Windows\explorer.exe

2740 C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

2760 C:\Program Files\AnyPC Client\APLanMgrC.exe

2828 C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe

2840 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe

2860 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

2872 C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

2912 C:\Windows\System32\rundll32.exe

3104 C:\Windows\System32\igfxext.exe

3144 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

3152 C:\Windows\System32\igfxsrvc.exe

3188 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

3212 C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

3228 C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

3628 C:\Windows\System32\SearchIndexer.exe

3736 C:\Program Files\Windows Media Player\wmpnetwk.exe

2512 C:\Windows\System32\svchost.exe

3072 C:\Windows\System32\taskhost.exe

3184 C:\Program Files\Internet Explorer\iexplore.exe

1456 C:\Program Files\Internet Explorer\iexplore.exe

3032 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

1292 C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe

1768 C:\Windows\System32\svchost.exe

1220 C:\Windows\System32\audiodg.exe

3036 C:\Program Files\Windows Media Player\wmplayer.exe

1380 C:\Windows\System32\SearchFilterHost.exe

3304 C:\Windows\System32\SearchProtocolHost.exe

2160 dllhost.exe

2264 dllhost.exe

4016 C:\Program Files\ZHPDiag\mbrcheck.exe

2104 C:\Windows\System32\conhost.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c6500000 (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003f`e8f00000 (NTFS)

 

PhysicalDrive0 Model Number: SAMSUNGHM321HI, Rev: 2AJ10002

 

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Unknown MBR code

SHA1: F5C09ACABD4A5370BDD907E8EDFE0C1DA0F9D3F5

 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

 

[pear]

Bonjour,

 

Télécharger OTL sur le bureau

Double cliquer sur l'icône

 

 

Vérifiez que toutes les autres fenêtres sont fermées afin qu'il s'exécute sans interruption.

pour Vista/Seven clic-droit sur l'icône d'OTL et "Exécuter en tant qu'administrateur".

 

Copier/coller dans le cadre "Personnalisation" ce qui suit:

SAVEMBR:0

>%systemdrive%\vt.bat echo @echo off /raw /c

>>%systemdrive%\vt.bat echo start IEXPLORE.EXE VirusTotal - Free Online Virus, Malware and URL Scanner /raw /c

>>%systemdrive%\vt.bat echo exit /raw /c

call %systemdrive%\vt.bat /c

del %systemdrive%\vt.bat /c

En dessous de "Analyse rapide"

Cliquer sur "Aucuns" ), puis sur "Analyse"en haut, à gauche.

 

Dans la page" Virus Total " qui s'ouvre:

 

Cliquer sur "Parcourir" et sélectionner le fichier "PhysicalMBR.bin" à la racine du disque système (en général "c:\PhysicalMBR.bin")

et ensuite sur "Ouvrir".

puis sur "Send File" et attendre la fin du scan.

Poster le compte rendu d'analyse.

 

Poste de travail->Outils ->Options des dossiers ->Affichage

Cocher "Afficher les dossiers cachés"

Décocher" Masquer les extension des fichiers dont le type est connu "ainsi que "Masquer les fichiers protégés du système d exploitation"

--> un message dit que cela peut endommager le système, ne pas en tenir compte, valider par oui.

 

Rendez vous à cette adresse:

Cliquez sur parcourir pour trouver ces fichiers

C:\Windows\System32\conhost.exe

et cliquez sur "envoyer le fichier"

Copiez /collez la réponse dans votre prochain message.

Note: il peut arriver que le fichier ait déjà été analysé. Si c'est le cas, cliquez sur le bouton Reanalyse file now

Modifié le 15 mars 2011 par pear

[yves13]

Bonsoir PEAR et merci de beaucoup de ta réponse.

 

J'ai suivi toutes tes instrcutions et je t'envoie les 2 rapports . Je dois partir 2 heures mais j'attend ta réponse avec un grand intêret.

 

A toute à l'heure.

Yves 13.

 

OTL logfile created on: 3/15/2011 7:01:27 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Yves\Desktop

Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free

6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 240.54 Gb Total Space | 220.10 Gb Free Space | 91.50% Space Free | Partition Type: NTFS

Drive D: | 42.45 Gb Total Space | 41.83 Gb Free Space | 98.54% Space Free | Partition Type: NTFS

Drive F: | 372.52 Gb Total Space | 363.09 Gb Free Space | 97.47% Space Free | Partition Type: FAT32

 

Computer Name: YVES-PC | User Name: Yves | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Custom Scans ==========

 

 

< >%systemdrive%\vt.bat echo @echo off /raw /c >

 

< >>%systemdrive%\vt.bat echo start IEXPLORE.EXE VirusTotal - Free Online Virus, Malware and URL Scanner /raw /c >

 

< >>%systemdrive%\vt.bat echo exit /raw /c >

 

< call %systemdrive%\vt.bat /c >

 

< del %systemdrive%\vt.bat /c >

 

< >

 

< End of report >

 

 

 

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

 

MD5:156f20e7a89573c2fd7cbc305dfc181fDate first seen:2011-01-14 23:02:56 (UTC)Date last seen:2011-03-15 10:11:24 (UTC)Detection ratio:0/43What do you wish to do?

 

Reanalyse View last report

 

 

 

 

 

[yves13]

Désolé Pear, il me semble avoir oublié ce rapport que je te joins.

 

A toute à l'heure.

Yves 13.

 

 

 

 

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: PhysicalMBR.bin

Submission date: 2011-03-15 18:07:49 (UTC)

Current status: queued (#10) queued (#1) analysing finished

Result: 1/ 43 (2.3%)

VT Community

not reviewed

Safety score: - Compact Print results AntivirusVersionLast UpdateResultAhnLab-V32011.03.15.022011.03.15-AntiVir7.11.4.2162011.03.15-Antiy-AVL2.0.3.72011.03.15-Avast4.8.1351.02011.03.15-Avast55.0.677.02011.03.15-AVG10.0.0.11902011.03.15-BitDefender7.22011.03.15-CAT-QuickHeal11.002011.03.15-ClamAV0.96.4.02011.03.15-Commtouch5.2.11.52011.03.15-Comodo79902011.03.15-DrWeb5.0.2.033002011.03.15-Emsisoft5.1.0.22011.03.15-eSafe7.0.17.02011.03.15-eTrust-Vet36.1.82162011.03.15-F-Prot4.6.2.1172011.03.15-F-Secure9.0.16440.02011.03.14-Fortinet4.2.254.02011.03.15-GData212011.03.15-IkarusT3.1.1.97.02011.03.15-Jiangmin13.0.9002011.03.15-K7AntiVirus9.93.41162011.03.15-Kaspersky7.0.0.1252011.03.15-McAfee5.400.0.11582011.03.15-McAfee-GW-Edition2010.1C2011.03.15-Microsoft1.66032011.03.15-NOD3259552011.03.15-Norman6.07.032011.03.15-nProtect2011-02-10.012011.02.15-Panda10.0.3.52011.03.15-PCTools7.0.3.52011.03.11-Prevx3.02011.03.15-Rising23.49.01.052011.03.15-Sophos4.63.02011.03.15-SUPERAntiSpyware4.40.0.10062011.03.15-Symantec20101.3.0.1032011.03.15-TheHacker6.7.0.1.1502011.03.15-TrendMicro9.200.0.10122011.03.15-TrendMicro-HouseCall9.200.0.10122011.03.15-VBA323.12.14.32011.03.15suspected of Unknown.BootVirusVIPRE87132011.03.15-ViRobot2011.3.15.43582011.03.15-VirusBuster13.6.250.02011.03.15-Additional informationShow all MD5 : b819b71cd046fc7bb7d48828657be500SHA1 : cdea8c3ff50deb3bdcb6a0616bc2f7d5e30a038dSHA256: 5f048ed1aa924e6aed9a3ab9386fc6e248e319e7c6f053950d4b62802f06272fssdeep: 12:D6RUrZis1hrW35FluO0OYBVm09HQQqla3usF7un:DY8Zv1VWpFeO8Vm09HQQqiusEnFile size : 512 bytesFirst seen: 2011-03-15 18:07:49Last seen : 2011-03-15 18:07:49TrID:

Unknown!sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

 

 

VT Community

 

0

Thi

s

file ha

s

never been reviewed by any VT Community member. Be the fir

s

t one to comment on it!

VirusTotal Team Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?

You can add basic styles to your comments using the following accepted bbcode tags:

 

text -- bold

text -- italics

text -- underline

text -- strikethrough

text

-- preformatted text

 

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.

Goodware Malware Spam attachment/link

P2P download Propagating via IM Network worm

Drive-by-download

 

Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.

 

[pear]

Pour le disque n c'est bon.

J'attends ceci:

 

Rendez vous à cette adresse:

Cliquez sur parcourir pour trouver ces fichiers

C:\Windows\System32\conhost.exe

 

et cliquez sur "envoyer le fichier"

Copiez /collez la réponse dans votre prochain message.

Note: il peut arriver que le fichier ait déjà été analysé. Si c'est le cas, cliquez sur le bouton Reanalyse file now

[yves13]

Bonjour Pear - Merci de ta réponse.

 

Je t'envoie les rapports de Conhost.exe de l'adresse que tu m'as indiquée.

 

Je t'avoue que c'est du " chinois " pour moi mais cela m'interresse beaucoup.

 

Peux-tu me résumer en une phrase - merci -

 

Par acquis de conscience , j'en profite pour te poster en fin un rapport HJT de ce midi.

Yves 13.

 

 

 

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: conhost.exe

Submission date: 2011-03-16 11:08:39 (UTC)

Current status: queued (#5) queued (#5) analysing finished

Result: 0/ 43 (0.0%)

VT Community

not reviewed

Safety score: - Compact Print results AntivirusVersionLast UpdateResultAhnLab-V32011.03.16.042011.03.16-AntiVir7.11.4.2212011.03.16-Antiy-AVL2.0.3.72011.03.16-Avast4.8.1351.02011.03.16-Avast55.0.677.02011.03.16-AVG10.0.0.11902011.03.16-BitDefender7.22011.03.16-CAT-QuickHeal11.002011.03.16-ClamAV0.96.4.02011.03.15-Commtouch5.2.11.52011.03.16-Comodo79992011.03.16-DrWeb5.0.2.033002011.03.16-Emsisoft5.1.0.22011.03.16-eSafe7.0.17.02011.03.15-eTrust-Vet36.1.82182011.03.16-F-Prot4.6.2.1172011.03.16-F-Secure9.0.16440.02011.03.14-Fortinet4.2.254.02011.03.16-GData212011.03.16-IkarusT3.1.1.97.02011.03.16-Jiangmin13.0.9002011.03.16-K7AntiVirus9.93.41222011.03.16-Kaspersky7.0.0.1252011.03.16-McAfee5.400.0.11582011.03.16-McAfee-GW-Edition2010.1C2011.03.16-Microsoft1.66032011.03.16-NOD3259572011.03.16-Norman6.07.032011.03.16-nProtect2011-02-10.012011.02.15-Panda10.0.3.52011.03.15-PCTools7.0.3.52011.03.11-Prevx3.02011.03.16-Rising23.49.02.062011.03.16-Sophos4.63.02011.03.16-SUPERAntiSpyware4.40.0.10062011.03.16-Symantec20101.3.0.1032011.03.16-TheHacker6.7.0.1.1502011.03.16-TrendMicro9.200.0.10122011.03.16-TrendMicro-HouseCall9.200.0.10122011.03.16-VBA323.12.14.32011.03.15-VIPRE87192011.03.16-ViRobot2011.3.16.43602011.03.16-VirusBuster13.6.250.02011.03.15-Additional informationShow all MD5 : 156f20e7a89573c2fd7cbc305dfc181fSHA1 : 84c10a4fb72446432c4a252b2cd43ca369017dd2SHA256: b3bbcd2ff46233d6f64776b83048f58c8459e76327ad77a2132b471d389fe04cssdeep: 6144:fUgR3OYwYXLMdj7S1m4dD3ZtfUvYRAdER8Euem:fUgtLMdjZ4dD3rg+5File size : 271360 bytesFirst seen: 2011-01-14 23:02:56Last seen : 2011-03-16 11:08:39TrID:

Win 9x/ME Control Panel applet (31.8%)

Windows Screen Saver (26.8%)

Win32 Executable Generic (17.4%)

Win32 Dynamic Link Library (generic) (15.5%)

Generic Win/DOS Executable (4.1%)sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Console Window Host

original name: CONHOST.EXE

internal name: ConHost

file version.: 6.1.7601.17514 (win7sp1_rtm.101119-1850)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

 

[[ basic data ]]

entrypointaddress: 0x627F

timedatestamp....: 0x4CE78FCC (Sat Nov 20 09:07:24 2010)

machinetype......: 0x14c (I386)

 

[[ 5 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x30D04, 0x30E00, 6.64, 4cf8e10e2b97523922d2619d82e5264b

FE_TEXT, 0x32000, 0x5322, 0x5400, 6.47, 6003cc9b125e989613830879b89a7bff

.data, 0x38000, 0xF30, 0x1000, 0.55, 58ace29510f35d68df7fd037bed78ffe

.rsrc, 0x39000, 0x86A8, 0x8800, 4.39, 5e3ee192d4528856e0e7d16e9d3aa214

.reloc, 0x42000, 0x24FC, 0x2600, 6.73, 64655fae1f5e09e59a132a40fd76e8b3

 

[[ 9 import(s) ]]

GDI32.dll: DeleteDC, GetDIBits, BitBlt, GetObjectW, SelectObject, CreateCompatibleDC, CreateDIBitmap, PatBlt, InvertRgn, CombineRgn, CreateRectRgn, StretchDIBits, SelectPalette, CreateCompatibleBitmap, GdiFullscreenControl, GdiFlush, PolyPatBlt, GetStockObject, SetBkColor, SetTextColor, SetDCBrushColor, GetNearestColor, DeleteObject, GetTextExtentPoint32W, GetTextMetricsW, EnumFontFamiliesExW, CreateDCW, GetTextFaceW, SetFontEnumeration, GetDeviceCaps, GetRegionData, GetRgnBox, PolyTextOutW, GetCurrentObject, SetBkMode, RealizePalette, SetSystemPaletteUse, GetStringBitmapW, CreateSolidBrush, TranslateCharsetInfo, GetCharWidth32W, CreateBitmap, SetBitmapBits, GetBitmapBits, StretchBlt, CreateFontIndirectW, SetDIBitsToDevice

USER32.dll: RegisterClassExW, SetProcessDPIAware, GetForegroundWindow, SetCursor, SendMessageTimeoutW, TrackPopupMenuEx, UnpackDDElParam, CreateIconFromResourceEx, ReuseDDElParam, CreateWindowExW, GetDC, GetSystemMenu, SetActiveWindow, LoadCursorW, KillTimer, ReleaseDC, DestroyWindow, GetKeyboardLayout, SetTimer, ScrollDC, SetScrollInfo, GetWindowRect, MonitorFromRect, MapWindowPoints, GetMonitorInfoW, GetClientRect, ClientToScreen, AdjustWindowRectEx, GetCaretBlinkTime, GetWindowTextW, SetWindowTextW, SetWindowPos, NotifyWinEvent, MapVirtualKeyW, VkKeyScanW, CloseClipboard, InvalidateRect, GetClipboardData, OpenClipboard, ReleaseCapture, LoadIconW, LoadImageW, EnumDisplaySettingsW, BeginPaint, DrawIcon, EndPaint, DefWindowProcW, IsIconic, EnableMenuItem, LoadMenuW, AppendMenuW, SetMenuItemInfoW, ShowWindow, MessageBoxW, GetKeyboardState, ToUnicodeEx, GetMessageW, DispatchMessageW, UnhookWindowsHookEx, RegisterWindowMessageW, SetWindowsHookExW, GetWindowLongW, SetCapture, SetClipboardData, EmptyClipboard, GetKeyState, PrivateExtractIconExW, EnterReaderModeHelper, TranslateMessageEx, ConsoleControl, GetWindowPlacement, SetWindowPlacement, SystemParametersInfoW, ActivateKeyboardLayout, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, CopyIcon, DestroyIcon, DialogBoxParamW, EndDialog, GetDlgItemTextW, IsDlgButtonChecked, SendNotifyMessageW, SetWindowLongW, SendDlgItemMessageW, CheckRadioButton, GetSystemMetrics, SendMessageW, PtInRect, ScreenToClient, PostMessageW, LoadStringW, GetCursorPos, WindowFromPoint

msvcrt.dll: malloc, free, __set_app_type, _controlfp, _except_handler4_common, __p__fmode, __p__commode, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, memcpy, _local_unwind4, _vsnwprintf, wcschr, wcsncmp, wcsrchr, memset, atoi, _itoa, memmove, _terminate@@YAXXZ

ntdll.dll: RtlPrefixUnicodeString, RtlIntegerToUnicodeString, RtlUnicodeToMultiByteSize, RtlInitializeCriticalSectionAndSpinCount, RtlConsoleMultiByteToUnicodeN, RtlDosSearchPath_U, ShipAssert, RtlExitUserProcess, NtReplyWaitReceivePort, NtOpenDirectoryObject, NtCreatePort, RtlOpenCurrentUser, NtEnumerateValueKey, NtQueryValueKey, RtlCreateTagHeap, NtOpenKey, NtAcceptConnectPort, NtWaitForMultipleObjects, NtSetInformationProcess, RtlReAllocateHeap, RtlInitCodePageTable, RtlUnicodeToMultiByteN, RtlMultiByteToUnicodeN, RtlCustomCPToUnicodeN, RtlOemToUnicodeN, RtlUnicodeToOemN, RtlExitUserThread, RtlInitUnicodeString, RtlUnicodeStringToInteger, NtSetEvent, NtCreateEvent, NtDuplicateObject, NtClearEvent, RtlDeleteCriticalSection, RtlInitializeCriticalSection, NtOpenProcess, NtQueryInformationProcess, NtVdmControl, NtReleaseMutant, NtWaitForSingleObject, NtCreateMutant, NtUnmapViewOfSection, NtReadVirtualMemory, RtlEnterCriticalSection, RtlLeaveCriticalSection, NtReplyPort, RtlCompareUnicodeString, RtlSizeHeap, DbgPrintEx, RtlAllocateHeap, NtCreateSection, RtlFreeHeap, NtMapViewOfSection, NtClose, RtlGetCriticalSectionRecursionCount

API_MS_Win_Core_LocalRegistry_L1_1_0.dll: RegGetValueW

KERNEL32.dll: GetOEMCP, GlobalSize, GlobalUnlock, GetStringTypeW, CreateFileA, GetSystemDirectoryA, GetModuleHandleW, GetACP, CreateThread, InterlockedExchange, Sleep, InterlockedCompareExchange, GetStartupInfoA, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GlobalFree, GlobalAlloc, InterlockedIncrement, InterlockedDecrement, GetVersionExW, VirtualProtect, lstrlenA, VirtualAlloc, GetSystemInfo, VirtualQuery, LocalAlloc, LocalFree, LocalReAlloc, LockResource, LoadResource, FindResourceExW, IsValidCodePage, GetCurrentProcessId, GetCurrentThreadId, GetLastError, CreateActCtxW, GetModuleFileNameW, SetEnvironmentVariableW, GetEnvironmentVariableW, CloseHandle, SetFilePointer, ReadFile, MultiByteToWideChar, FreeLibrary, LoadLibraryExW, ExpandEnvironmentStringsW, GetPrivateProfileStringW, CreateFileW, SetProcessShutdownParameters, GetProcAddress, LoadLibraryW, GetSystemDirectoryW, WideCharToMultiByte, GetCPInfo, lstrlenW, Beep, GetCurrentThread, GlobalLock

IMM32.dll: ImmGetCompositionStringW, ImmGetGuideLineW, ImmGetContext, ImmGetOpenStatus, ImmGetConversionStatus, ImmReleaseContext, ImmAssociateContextEx, ImmAssociateContext, ImmTranslateMessage, ImmNotifyIME, ImmGetProperty, ImmGetCandidateListW

ole32.dll: CoUninitialize, CoCreateInstance, CoInitializeEx

OLEAUT32.dll: -, -, -, -, -, -, -

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 221696

CompanyName: Microsoft Corporation

EntryPoint: 0x627f

FileDescription: Console Window Host

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 265 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)

FileVersionNumber: 6.1.7601.17514

ImageVersion: 6.1

InitializedDataSize: 48640

InternalName: ConHost

LanguageCode: English (U.S.)

LegalCopyright: Microsoft Corporation. All rights reserved.

LinkerVersion: 9.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 6.1

ObjectFileType: Executable application

OriginalFilename: CONHOST.EXE

PEType: PE32

ProductName: Microsoft Windows Operating System

ProductVersion: 6.1.7601.17514

ProductVersionNumber: 6.1.7601.17514

Subsystem: Windows GUI

SubsystemVersion: 6.1

TimeStamp: 2010:11:20 10:07:24+01:00

UninitializedDataSize: 0

 

 

VT Community

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:30:53, on 16/03/2011

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: NormalRunning processes:

C:\windows\system32\taskhost.exe

C:\windows\Explorer.EXE

C:\windows\system32\Dwm.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

C:\Windows\System32\conhost.exe

C:\Windows\System32\conhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Users\Yves\Downloads\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE

O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O13 - Gopher Prefix:

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe--

End of file - 5005 bytes

 

 

[yves13]

..../.....Je crois que j'ai mal fait le Copier - Coller de Conhost.exe ? - Désolé -

 

Bon après midi.

Yves 13.

 

 

 

 

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware. File name: conhost.exe

Submission date: 2011-03-16 11:40:22 (UTC)

Current status: queued (#1) queued (#1) analysing finished

Result: 0/ 43 (0.0%)

VT Community

not reviewed

Safety score: - Compact Print results AntivirusVersionLast UpdateResultAhnLab-V32011.03.16.042011.03.16-AntiVir7.11.4.2212011.03.16-Antiy-AVL2.0.3.72011.03.16-Avast4.8.1351.02011.03.16-Avast55.0.677.02011.03.16-AVG10.0.0.11902011.03.16-BitDefender7.22011.03.16-CAT-QuickHeal11.002011.03.16-ClamAV0.96.4.02011.03.15-Commtouch5.2.11.52011.03.16-Comodo79992011.03.16-DrWeb5.0.2.033002011.03.16-Emsisoft5.1.0.22011.03.16-eSafe7.0.17.02011.03.15-eTrust-Vet36.1.82182011.03.16-F-Prot4.6.2.1172011.03.16-F-Secure9.0.16440.02011.03.14-Fortinet4.2.254.02011.03.16-GData212011.03.16-IkarusT3.1.1.97.02011.03.16-Jiangmin13.0.9002011.03.16-K7AntiVirus9.93.41222011.03.16-Kaspersky7.0.0.1252011.03.16-McAfee5.400.0.11582011.03.16-McAfee-GW-Edition2010.1C2011.03.16-Microsoft1.66032011.03.16-NOD3259572011.03.16-Norman6.07.032011.03.16-nProtect2011-02-10.012011.02.15-Panda10.0.3.52011.03.15-PCTools7.0.3.52011.03.11-Prevx3.02011.03.16-Rising23.49.02.062011.03.16-Sophos4.63.02011.03.16-SUPERAntiSpyware4.40.0.10062011.03.16-Symantec20101.3.0.1032011.03.16-TheHacker6.7.0.1.1502011.03.16-TrendMicro9.200.0.10122011.03.16-TrendMicro-HouseCall9.200.0.10122011.03.16-VBA323.12.14.32011.03.15-VIPRE87192011.03.16-ViRobot2011.3.16.43602011.03.16-VirusBuster13.6.250.02011.03.15-Additional informationShow all MD5 : 156f20e7a89573c2fd7cbc305dfc181fSHA1 : 84c10a4fb72446432c4a252b2cd43ca369017dd2SHA256: b3bbcd2ff46233d6f64776b83048f58c8459e76327ad77a2132b471d389fe04cssdeep: 6144:fUgR3OYwYXLMdj7S1m4dD3ZtfUvYRAdER8Euem:fUgtLMdjZ4dD3rg+5File size : 271360 bytesFirst seen: 2011-01-14 23:02:56Last seen : 2011-03-16 11:40:22TrID:

Win 9x/ME Control Panel applet (31.8%)

Windows Screen Saver (26.8%)

Win32 Executable Generic (17.4%)

Win32 Dynamic Link Library (generic) (15.5%)

Generic Win/DOS Executable (4.1%)sigcheck:

publisher....: Microsoft Corporation

copyright....: © Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Console Window Host

original name: CONHOST.EXE

internal name: ConHost

file version.: 6.1.7601.17514 (win7sp1_rtm.101119-1850)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

 

[[ basic data ]]

entrypointaddress: 0x627F

timedatestamp....: 0x4CE78FCC (Sat Nov 20 09:07:24 2010)

machinetype......: 0x14c (I386)

 

[[ 5 section(s) ]]

name, viradd, virsiz, rawdsiz, ntropy, md5

.text, 0x1000, 0x30D04, 0x30E00, 6.64, 4cf8e10e2b97523922d2619d82e5264b

FE_TEXT, 0x32000, 0x5322, 0x5400, 6.47, 6003cc9b125e989613830879b89a7bff

.data, 0x38000, 0xF30, 0x1000, 0.55, 58ace29510f35d68df7fd037bed78ffe

.rsrc, 0x39000, 0x86A8, 0x8800, 4.39, 5e3ee192d4528856e0e7d16e9d3aa214

.reloc, 0x42000, 0x24FC, 0x2600, 6.73, 64655fae1f5e09e59a132a40fd76e8b3

 

[[ 9 import(s) ]]

GDI32.dll: DeleteDC, GetDIBits, BitBlt, GetObjectW, SelectObject, CreateCompatibleDC, CreateDIBitmap, PatBlt, InvertRgn, CombineRgn, CreateRectRgn, StretchDIBits, SelectPalette, CreateCompatibleBitmap, GdiFullscreenControl, GdiFlush, PolyPatBlt, GetStockObject, SetBkColor, SetTextColor, SetDCBrushColor, GetNearestColor, DeleteObject, GetTextExtentPoint32W, GetTextMetricsW, EnumFontFamiliesExW, CreateDCW, GetTextFaceW, SetFontEnumeration, GetDeviceCaps, GetRegionData, GetRgnBox, PolyTextOutW, GetCurrentObject, SetBkMode, RealizePalette, SetSystemPaletteUse, GetStringBitmapW, CreateSolidBrush, TranslateCharsetInfo, GetCharWidth32W, CreateBitmap, SetBitmapBits, GetBitmapBits, StretchBlt, CreateFontIndirectW, SetDIBitsToDevice

USER32.dll: RegisterClassExW, SetProcessDPIAware, GetForegroundWindow, SetCursor, SendMessageTimeoutW, TrackPopupMenuEx, UnpackDDElParam, CreateIconFromResourceEx, ReuseDDElParam, CreateWindowExW, GetDC, GetSystemMenu, SetActiveWindow, LoadCursorW, KillTimer, ReleaseDC, DestroyWindow, GetKeyboardLayout, SetTimer, ScrollDC, SetScrollInfo, GetWindowRect, MonitorFromRect, MapWindowPoints, GetMonitorInfoW, GetClientRect, ClientToScreen, AdjustWindowRectEx, GetCaretBlinkTime, GetWindowTextW, SetWindowTextW, SetWindowPos, NotifyWinEvent, MapVirtualKeyW, VkKeyScanW, CloseClipboard, InvalidateRect, GetClipboardData, OpenClipboard, ReleaseCapture, LoadIconW, LoadImageW, EnumDisplaySettingsW, BeginPaint, DrawIcon, EndPaint, DefWindowProcW, IsIconic, EnableMenuItem, LoadMenuW, AppendMenuW, SetMenuItemInfoW, ShowWindow, MessageBoxW, GetKeyboardState, ToUnicodeEx, GetMessageW, DispatchMessageW, UnhookWindowsHookEx, RegisterWindowMessageW, SetWindowsHookExW, GetWindowLongW, SetCapture, SetClipboardData, EmptyClipboard, GetKeyState, PrivateExtractIconExW, EnterReaderModeHelper, TranslateMessageEx, ConsoleControl, GetWindowPlacement, SetWindowPlacement, SystemParametersInfoW, ActivateKeyboardLayout, GetKeyboardLayoutNameA, GetKeyboardLayoutNameW, CopyIcon, DestroyIcon, DialogBoxParamW, EndDialog, GetDlgItemTextW, IsDlgButtonChecked, SendNotifyMessageW, SetWindowLongW, SendDlgItemMessageW, CheckRadioButton, GetSystemMetrics, SendMessageW, PtInRect, ScreenToClient, PostMessageW, LoadStringW, GetCursorPos, WindowFromPoint

msvcrt.dll: malloc, free, __set_app_type, _controlfp, _except_handler4_common, __p__fmode, __p__commode, __setusermatherr, _amsg_exit, _initterm, _acmdln, exit, _ismbblead, _XcptFilter, _exit, _cexit, __getmainargs, memcpy, _local_unwind4, _vsnwprintf, wcschr, wcsncmp, wcsrchr, memset, atoi, _itoa, memmove, _terminate@@YAXXZ

ntdll.dll: RtlPrefixUnicodeString, RtlIntegerToUnicodeString, RtlUnicodeToMultiByteSize, RtlInitializeCriticalSectionAndSpinCount, RtlConsoleMultiByteToUnicodeN, RtlDosSearchPath_U, ShipAssert, RtlExitUserProcess, NtReplyWaitReceivePort, NtOpenDirectoryObject, NtCreatePort, RtlOpenCurrentUser, NtEnumerateValueKey, NtQueryValueKey, RtlCreateTagHeap, NtOpenKey, NtAcceptConnectPort, NtWaitForMultipleObjects, NtSetInformationProcess, RtlReAllocateHeap, RtlInitCodePageTable, RtlUnicodeToMultiByteN, RtlMultiByteToUnicodeN, RtlCustomCPToUnicodeN, RtlOemToUnicodeN, RtlUnicodeToOemN, RtlExitUserThread, RtlInitUnicodeString, RtlUnicodeStringToInteger, NtSetEvent, NtCreateEvent, NtDuplicateObject, NtClearEvent, RtlDeleteCriticalSection, RtlInitializeCriticalSection, NtOpenProcess, NtQueryInformationProcess, NtVdmControl, NtReleaseMutant, NtWaitForSingleObject, NtCreateMutant, NtUnmapViewOfSection, NtReadVirtualMemory, RtlEnterCriticalSection, RtlLeaveCriticalSection, NtReplyPort, RtlCompareUnicodeString, RtlSizeHeap, DbgPrintEx, RtlAllocateHeap, NtCreateSection, RtlFreeHeap, NtMapViewOfSection, NtClose, RtlGetCriticalSectionRecursionCount

API_MS_Win_Core_LocalRegistry_L1_1_0.dll: RegGetValueW

KERNEL32.dll: GetOEMCP, GlobalSize, GlobalUnlock, GetStringTypeW, CreateFileA, GetSystemDirectoryA, GetModuleHandleW, GetACP, CreateThread, InterlockedExchange, Sleep, InterlockedCompareExchange, GetStartupInfoA, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GlobalFree, GlobalAlloc, InterlockedIncrement, InterlockedDecrement, GetVersionExW, VirtualProtect, lstrlenA, VirtualAlloc, GetSystemInfo, VirtualQuery, LocalAlloc, LocalFree, LocalReAlloc, LockResource, LoadResource, FindResourceExW, IsValidCodePage, GetCurrentProcessId, GetCurrentThreadId, GetLastError, CreateActCtxW, GetModuleFileNameW, SetEnvironmentVariableW, GetEnvironmentVariableW, CloseHandle, SetFilePointer, ReadFile, MultiByteToWideChar, FreeLibrary, LoadLibraryExW, ExpandEnvironmentStringsW, GetPrivateProfileStringW, CreateFileW, SetProcessShutdownParameters, GetProcAddress, LoadLibraryW, GetSystemDirectoryW, WideCharToMultiByte, GetCPInfo, lstrlenW, Beep, GetCurrentThread, GlobalLock

IMM32.dll: ImmGetCompositionStringW, ImmGetGuideLineW, ImmGetContext, ImmGetOpenStatus, ImmGetConversionStatus, ImmReleaseContext, ImmAssociateContextEx, ImmAssociateContext, ImmTranslateMessage, ImmNotifyIME, ImmGetProperty, ImmGetCandidateListW

ole32.dll: CoUninitialize, CoCreateInstance, CoInitializeEx

OLEAUT32.dll: -, -, -, -, -, -, -

ExifTool:

file metadata

CharacterSet: Unicode

CodeSize: 221696

CompanyName: Microsoft Corporation

EntryPoint: 0x627f

FileDescription: Console Window Host

FileFlagsMask: 0x003f

FileOS: Windows NT 32-bit

FileSize: 265 kB

FileSubtype: 0

FileType: Win32 EXE

FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)

FileVersionNumber: 6.1.7601.17514

ImageVersion: 6.1

InitializedDataSize: 48640

InternalName: ConHost

LanguageCode: English (U.S.)

LegalCopyright: Microsoft Corporation. All rights reserved.

LinkerVersion: 9.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 6.1

ObjectFileType: Executable application

OriginalFilename: CONHOST.EXE

PEType: PE32

ProductName: Microsoft Windows Operating System

ProductVersion: 6.1.7601.17514

ProductVersionNumber: 6.1.7601.17514

Subsystem: Windows GUI

SubsystemVersion: 6.1

TimeStamp: 2010:11:20 10:07:24+01:00

UninitializedDataSize: 0

 

 

VT Community

[pear]

Eh bien,c'est tout propre.

[yves13]

 

Mille merci Pear.

 

Bonne soirée.

Yves 13.