Ordi toujours infecté?

[Apollo]

Eh bien on utilisera ce qu'il faut pour tout désinfecter correctement.

 

Tu devrais aussi mettre Ton Seven à jour, installer le SP1 et faire toutes les mises à jour importantes.

 

Les applications non-à-jour sont aussi une source d'infections à cause des failles qu'elles contiennent.

 

@++

[EmmaMene]

Je croyais qu'il se mettait à jour automatiquement...c'est bizarre, je n'ai aucune alerte.

Où dois-je aller pour vérifier s'il est à jour?

 

Voici le rapport :

 

Rapport de ZHPDiag v1.27.2361 par Nicolas Coolman, Update du 01/07/2011

Run by Emma at 02/07/2011 22:59:30

Web site : ZHPDiag Outil de diagnostic

 

 

---\\ Web Browser

MSIE: Internet Explorer v8.0.7600.16385

MFIE: Mozilla Firefox 5.0 v (Defaut)

 

---\\ System Information

Windows 7 Home Premium Edition, 64-bit (Build 7600)

Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel

Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3932 MB (59% free)

System Restore: Activé (Enable)

System drive C: has 80 GB (53%) free of 149 GB

 

---\\ Logged in mode

Computer Name: EMMA-TOSH

User Name: Emma

All Users Names: HomeGroupUser$, Emma, Administrateur,

Unselected Option: O45,O61,O62,O65,O66,O82

Logged in as Administrator

 

---\\ Environnement Variables

%AppData%=C:\Users\Emma\AppData\Roaming

%LocalAppData%=C:\Users\Emma\AppData\Local

%StartMenu%=C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 80 Go of 149 Go)

D:\ Hard drive, Flash drive, Thumb drive (Free 13 Go of 149 Go)

E:\ CD-ROM drive (Not Inserted)

Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

 

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

 

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.22/05/2011 - 07:23:14.) -- C:\Windows\Explorer.exe [2870272]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256]

[MD5.27CDAF355CCE3762C7F13719E814418B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/06/2011 - 20:31:50.) -- C:\Windows\system32\wininet.dll [981504]

 

 

 

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 50/7116

~ Mes Favoris (My Favorites) : 3/45

~ Mes Documents (My Documents) : 1/257

~ Mon Bureau (My Desktop) : 1/21

~ Menu demarrer (Programs) : 6/31

 

 

 

---\\ Processus lancés

[MD5.05973FB5F863CDB65852D88ADB383A33] - (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe [4581280]

[MD5.7DE0794DCFC80FF16B0A68D74515B267] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [353736]

[MD5.FA1E9F362E4E5F194E3256BA79936170] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216]

[MD5.1FAA54E9FFEA6FD3E0CEAD951CDDFEF6] - (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160]

[MD5.80D632DC81BDF6E58630D8FA329FAE54] - (.TOSHIBA CORPORATION. - Pas de description.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840]

[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768]

[MD5.F018E866BBF4A54DE48E2CFB1411EF27] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [255432]

[MD5.86E69581356CA45167EA6986B6E29087] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304560]

[MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe [62848]

[MD5.6C9CD3ECBA6732661C8BBE37A877A2BD] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924632]

[MD5.4486AD32BB05628967695FCA1BADD46E] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16856]

[MD5.9462CE5872A7FD2B1CD0180877E8DE22] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [656896]

 

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\mjft8olb.default\prefs.js

M3 - MFPP: Plugins - [Emma] -- C:\Users\Emma\AppData\Roaming\Mozilla\Firefox\Profiles\mjft8olb.default\searchplugins\wot-safe-search.xml

M0 - MFSP: prefs.js [Emma - mjft8olb.default] Yahoo! France

M2 - MFEP: prefs.js [Emma - mjft8olb.default\firefox@ghostery.com] [] Ghostery v2.5.3 (.Evidon, Inc..)

M2 - MFEP: prefs.js [Emma - mjft8olb.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.3.5.20110120033202 (.Yahoo!.)

M2 - MFEP: prefs.js [Emma - mjft8olb.default\{ff356687-aa08-463d-a46c-11c451824939}] [] Red Cats (blue flavor) v5.5.0 (.Red_Fat_Lazy_Cat.)

 

 

 

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search Microsoft.com

R0 - HKUS\S-1-5-21-761817655-3391056785-1250235615-1000\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Microsoft Corporation

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Search Microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search Microsoft.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll

R3 - URLSearchHook: (no name) [64Bits] - {249d74a3-bd19-4657-b6ce-e62f480a20de} . (...) (No version) -- (.not file.)

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

 

 

 

---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: &Yahoo! Toolbar Helper [64Bits] - {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper [64Bits] - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\

O2 - BHO: Windows Live Messenger Companion Helper [64Bits] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) -- C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO [64Bits] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in [64Bits] - {F3C88694-EFFA-4d78-B409-54B7B2535B14} . (.<TOSHIBA> - TOSHIBA Media Controller Plug-in.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O2 - BHO: SingleInstance Class [64Bits] - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} . (.Yahoo! Inc - Yahoo! Single Instance for Mail.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

 

 

 

---\\ ---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [TosNC] . (.TOSHIBA Corporation - Message Center.) -- C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe

O4 - HKLM\..\Run: [TosReelTimeMonitor] . (.TOSHIBA Corporation - Monitor of TOSHIBA ReelTime.) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

O4 - HKLM\..\Run: [Toshiba TEMPRO] . (.Toshiba Europe GmbH - Toshiba TEMPRO.) -- C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe (.not file.)

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (.not file.)

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (.not file.)

O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

O4 - HKLM\..\Run: [TPwrMain] . (.TOSHIBA Corporation - TOSHIBA Power Saver.) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

O4 - HKLM\..\Run: [smoothView] . (.TOSHIBA Corporation - SmoothView.) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] . (.TOSHIBA Corporation - TOSHIBA Flash Cards.) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [synTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [smartFaceVWatcher] . (.TOSHIBA Corporation - SmartFaceVWatcher.) -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

O4 - HKLM\..\Run: [TosSENotify] . (.TOSHIBA Corporation - Pas de description.) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

O4 - HKLM\..\Run: [TosVolRegulator] . (.TOSHIBA Corporation - Toshiba Volume Regulator.) -- C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

O4 - HKLM\..\Run: [Toshiba Registration] . (.Toshiba Europe GmbH - Toshiba Notebook Registration Reminder.) -- C:\Program Files\Toshiba\Registration\ToshibaReminder.exe

O4 - HKCU\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

O4 - HKCU\..\Run: [incrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe

O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

O4 - HKLM\..\Wow6432Node\Run: [NBAgent] . (.Nero AG - Nero BackItUp.) -- c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe

O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

O4 - HKLM\..\Wow6432Node\Run: [sVPWUTIL] . (.TOSHIBA - SVPWUTIL Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe

O4 - HKLM\..\Wow6432Node\Run: [KeNotify] . (.TOSHIBA CORPORATION - KeNotify MFC Application.) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Wow6432Node\Run: [TWebCamera] . (.TOSHIBA CORPORATION. - Pas de description.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] Clé orpheline

O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

O4 - HKLM\..\Wow6432Node\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-21-761817655-3391056785-1250235615-1000\..\Run: [TOSHIBA Online Product Information] . (.TOSHIBA - TOSHIBA Online Product Information.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

O4 - HKUS\S-1-5-21-761817655-3391056785-1250235615-1000\..\Run: [incrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)

O4 - Global Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk . (.TOSHIBA Europe.) -- C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

 

 

 

---\\ ---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Emma\Desktop\adsl TV.lnk . (.adsl TV / FM.) -- C:\Program Files (x86)\adslTV\adsltv.exe

O4 - Global Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay Turbo Lister 2.lnk . (.eBay Inc..) -- C:\Program Files (x86)\eBay\Turbo Lister2\tl.exe

O4 - Global Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk . (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

O4 - Global Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Kplan.lnk . (.METAGENIA.) -- C:\Program Files (x86)\metagenia\kplan\KPlan.exe

O4 - Global Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Emma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk . (.Malwarebytes Corporation.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{690DB7D7-44A1-47F6-9621-861436D7D04A}: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CS1\Services\Tcpip\..\{690DB7D7-44A1-47F6-9621-861436D7D04A}: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CS2\Services\Tcpip\..\{690DB7D7-44A1-47F6-9621-861436D7D04A}: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241

 

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (...) -- igfxdev.dll

 

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

 

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) . (.TOSHIBA CORPORATION - ConfigFree Service Process.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

O23 - Service: ConfigFree Service (ConfigFree Service) . (.TOSHIBA CORPORATION - ConfigFree Service Process.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: IconMan_R (IconMan_R) . (.Realsil Microelectronics Inc. - Realtek Card Reader Icon Tool..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

O23 - Service: c:\Program Files (x86)\Nero\Update\NASvc.exe (NAUpdate) . (.Nero AG - NeroUpdate.) - c:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) . (...) - C:\Windows\system32\TODDSrv.exe (.not file.)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) . (.TOSHIBA Corporation - TOSHIBA Power Saver.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: Yahoo! Updater (YahooAUService) . (.Yahoo! Inc. - AutoUpater Service Module.) - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

 

 

 

---\\ Tâches planifiées en automatique (O39)

[MD5.86E69581356CA45167EA6986B6E29087] [APT] [ConfigFree Startup Programs] (.TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

 

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys

O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\DRIVERS\mssmbios.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys

O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys

O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys

O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys

 

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM][64Bits] -- Adobe AIR

O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM][64Bits] -- {B194272D-1F92-46DF-99EB-8D5CE91CB4EC}

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Reader 9.4.5 - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-A94000000001}

O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM][64Bits] -- Avira AntiVir Desktop

O42 - Logiciel: Barre d'outils Bing - (.Microsoft Corporation.) [HKLM][64Bits] -- {08234a0d-cf39-4dca-99f0-0c5cb496da81}

O42 - Logiciel: Bejeweled 2 Deluxe - (.WildTangent.) [HKLM][64Bits] -- WT088682

O42 - Logiciel: Chuzzle Deluxe - (.WildTangent.) [HKLM][64Bits] -- WT088696

O42 - Logiciel: Complément Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}

O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM][64Bits] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}

O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}

O42 - Logiciel: DHTML Editing Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {2EA870FA-585F-4187-903D-CB9FFD21E2E0}

O42 - Logiciel: Farm Mania 2 - (.WildTangent.) [HKLM][64Bits] -- WT089367

O42 - Logiciel: Fishdom - (.WildTangent.) [HKLM][64Bits] -- WT089404

O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {488F0347-C4A7-4374-91A7-30818BEDA710}

O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}

O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail

O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}

O42 - Logiciel: Intel® Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}

O42 - Logiciel: Java 6 Update 20 - (.Sun Microsystems, Inc..) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216020FF}

O42 - Logiciel: Jeux WildTangent - (.WildTangent.) [HKLM][64Bits] -- WildTangent toshiba Master Uninstall

O42 - Logiciel: Jewel Quest II - (.WildTangent.) [HKLM][64Bits] -- WT089378

O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

O42 - Logiciel: Kplan 2.4.8.0 - (.Metagenia.) [HKLM][64Bits] -- Kplan_is1

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}

O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM][64Bits] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.0.1200 - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}

O42 - Logiciel: Microsoft Default Manager - (.Microsoft Corporation.) [HKLM][64Bits] -- {B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}

O42 - Logiciel: Microsoft Office 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {95140000-0070-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (French) - (.Microsoft Corporation.) [HKLM][64Bits] -- {95120000-00AF-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Starter 2010 - Français - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140011-0066-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office « Démarrer en un clic » 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-006D-040C-1000-0000000FF1CE}

O42 - Logiciel: Microsoft Office « Démarrer en un clic » 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- Office14.Click2Run

O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM][64Bits] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {06E6E30D-B498-442F-A943-07DE41D7F785}

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM][64Bits] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {EE936C7A-EA40-31D5-9B65-8E3E089C3828}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {8338783A-0968-3B85-AFC7-BAAE0A63DC50}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM][64Bits] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {8220EEFE-38CD-377E-8595-13398D740ACE}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM][64Bits] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM][64Bits] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack

O42 - Logiciel: Mozilla Firefox 5.0 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 5.0 (x86 fr)

O42 - Logiciel: Nero 10 Movie ThemePack Basic - (.Nero AG.) [HKLM][64Bits] -- {F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}

O42 - Logiciel: Nero BackItUp 10 - (.Nero AG.) [HKLM][64Bits] -- {68AB6930-5BFF-4FF6-923B-516A91984FE6}

O42 - Logiciel: Nero BackItUp 10 Help (CHM) - (.Nero AG.) [HKLM][64Bits] -- {08C8666B-C502-4AB3-B4CB-D74AC42D14FE}

O42 - Logiciel: Nero BurnRights 10 - (.Nero AG.) [HKLM][64Bits] -- {943CFD7D-5336-47AF-9418-E02473A5A517}

O42 - Logiciel: Nero BurnRights 10 Help (CHM) - (.Nero AG.) [HKLM][64Bits] -- {555868C6-49FB-484F-BB43-8980651A1B00}

O42 - Logiciel: Nero Control Center 10 - (.Nero AG.) [HKLM][64Bits] -- {6DFB899F-17A2-48F0-A533-ED8D6866CF38}

O42 - Logiciel: Nero ControlCenter 10 Help (CHM) - (.Nero AG.) [HKLM][64Bits] -- {523B2B1B-D8DB-4B41-90FF-C4D799E2758A}

O42 - Logiciel: Nero Core Components 10 - (.Nero AG.) [HKLM][64Bits] -- {2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}

O42 - Logiciel: Nero Express 10 - (.Nero AG.) [HKLM][64Bits] -- {70550193-1C22-445C-8FA4-564E155DB1A7}

O42 - Logiciel: Nero Express 10 Help (CHM) - (.Nero AG.) [HKLM][64Bits] -- {33643918-7957-4839-92C7-EA96CB621A98}

O42 - Logiciel: Nero InfoTool 10 - (.Nero AG.) [HKLM][64Bits] -- {F412B4AF-388C-4FF5-9B2F-33DB1C536953}

O42 - Logiciel: Nero InfoTool 10 Help (CHM) - (.Nero AG.) [HKLM][64Bits] -- {66049135-9659-4AAD-9169-9CCA269EBB3E}

O42 - Logiciel: Nero MediaHub 10 - (.Nero AG.) [HKLM][64Bits] -- {1F7FB68F-52F6-46A3-B42F-38CE46295AE5}

O42 - Logiciel: Nero MediaHub 10 Help (CHM) - (.Nero AG.) [HKLM][64Bits] -- {F467862A-D9CA-47ED-8D81-B4B3C9399272}

O42 - Logiciel: Nero Multimedia Suite 10 Essentials - (.Nero AG.) [HKLM][64Bits] -- {0FF68F26-416C-4954-ACA5-6AD5F9DE99C1}

O42 - Logiciel: Nero RescueAgent 10 - (.Nero AG.) [HKLM][64Bits] -- {E337E787-CF61-4B7B-B84F-509202A54023}

O42 - Logiciel: Nero RescueAgent 10 Help (CHM) - (.Nero AG.) [HKLM][64Bits] -- {92E25238-61A3-4ACD-A407-3C480EEF47A7}

O42 - Logiciel: Nero StartSmart 10 - (.Nero AG.) [HKLM][64Bits] -- {F61D489E-6C44-49AC-AD02-7DA8ACA73A65}

O42 - Logiciel: Nero StartSmart 10 Help (CHM) - (.Nero AG.) [HKLM][64Bits] -- {F6117F9C-ADB5-4590-9BE4-12C7BEC28702}

O42 - Logiciel: Nero Update - (.Nero AG.) [HKLM][64Bits] -- {65BB0407-4CC8-4DC7-952E-3EEFDF05602A}

O42 - Logiciel: Penguins! - (.WildTangent.) [HKLM][64Bits] -- WT089380

O42 - Logiciel: Photo Service - powered by myphotobook - (.myphotobook GmbH.) [HKLM][64Bits] -- eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1

O42 - Logiciel: Photo Service - powered by myphotobook - (.myphotobook GmbH.) [HKLM][64Bits] -- {3D047C6C-19EE-46E3-C14B-9FA84260DF9B}

O42 - Logiciel: Plants vs. Zombies - Game of the Year - (.WildTangent.) [HKLM][64Bits] -- WT089395

O42 - Logiciel: PlayReady PC Runtime amd64 - (.Microsoft Corporation.) [HKLM] -- {BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}

O42 - Logiciel: Polar Bowler - (.WildTangent.) [HKLM][64Bits] -- WT088759

O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}

O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

O42 - Logiciel: Realtek USB 2.0 Card Reader - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {96AE7E41-E34E-47D0-AC07-1091A8127911}

O42 - Logiciel: Realtek WLAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] -- {9D3D8C60-A55F-4fed-B2B9-173001290E16}

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870

O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM][64Bits] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2478663

O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM][64Bits] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2518870

O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM][64Bits] -- {981029E0-7FC9-4CF3-AB39-6F133621921A}

O42 - Logiciel: Skype™ 4.2 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {D103C4BA-F905-437A-8049-DB24763BBE36}

O42 - Logiciel: Slingo Supreme - (.WildTangent.) [HKLM][64Bits] -- WT089381

O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey

O42 - Logiciel: TOSHIBA Assist - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}

O42 - Logiciel: TOSHIBA Bulletin Board - (.TOSHIBA Corporation.) [HKLM] -- {C14518AF-1A0F-4D39-8011-69BAA01CD380}

O42 - Logiciel: TOSHIBA Bulletin Board - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}

O42 - Logiciel: TOSHIBA ConfigFree - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {E0FAA369-B0E3-48B8-9447-4873103B0012}

O42 - Logiciel: TOSHIBA Disc Creator - (.TOSHIBA Corporation.) [HKLM] -- {5DA0E02F-970B-424B-BF41-513A5018E4C0}

O42 - Logiciel: TOSHIBA Face Recognition - (.TOSHIBA Corporation.) [HKLM] -- {F67FA545-D8E5-4209-86B1-AEE045D1003F}

O42 - Logiciel: TOSHIBA Face Recognition - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}

O42 - Logiciel: TOSHIBA Flash Cards Support Utility - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}

O42 - Logiciel: TOSHIBA Flash Cards Support Utility - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {620BBA5E-F848-4D56-8BDA-584E44584C5E}

O42 - Logiciel: TOSHIBA HDD/SSD Alert - (.TOSHIBA Corporation.) [HKLM] -- {D4322448-B6AF-4316-B859-D8A0E84DCB38}

O42 - Logiciel: TOSHIBA HDD/SSD Alert - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}

O42 - Logiciel: TOSHIBA Hardware Setup - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}

O42 - Logiciel: TOSHIBA Hardware Setup - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {5279374D-87FE-4879-9385-F17278EBB9D3}

O42 - Logiciel: TOSHIBA Media Controller - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {983CD6FE-8320-4B80-A8F6-0D0366E0AA22}

O42 - Logiciel: TOSHIBA Media Controller Plug-in - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}

O42 - Logiciel: TOSHIBA Mot de passe responsable - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}

O42 - Logiciel: TOSHIBA Online Product Information - (.TOSHIBA.) [HKLM][64Bits] -- {2290A680-4083-410A-ADCC-7092C67FC052}

O42 - Logiciel: TOSHIBA Recovery Media Creator - (.TOSHIBA Corporation.) [HKLM] -- {B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}

O42 - Logiciel: TOSHIBA Recovery Media Creator Reminder - (.TOSHIBA.) [HKLM][64Bits] -- InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}

O42 - Logiciel: TOSHIBA ReelTime - (.TOSHIBA Corporation.) [HKLM] -- {24811C12-F4A9-4D0F-8494-A7B8FE46123C}

O42 - Logiciel: TOSHIBA ReelTime - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}

O42 - Logiciel: TOSHIBA Service Station - (.TOSHIBA.) [HKLM][64Bits] -- {AC6569FA-6919-442A-8552-073BE69E247A}

O42 - Logiciel: TOSHIBA Supervisor Password - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}

O42 - Logiciel: TOSHIBA Value Added Package - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}

O42 - Logiciel: TOSHIBA Web Camera Application - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {5E6F6CF3-BACC-4144-868C-E14622C658F3}

O42 - Logiciel: TRORMCLauncher - (.Pas de propriétaire.) [HKLM][64Bits] -- InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}

O42 - Logiciel: Toshiba Manuals - (.TOSHIBA.) [HKLM][64Bits] -- {90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}

O42 - Logiciel: Toshiba TEMPRO - (.Toshiba Europe GmbH.) [HKLM][64Bits] -- {DBB7021A-3437-446F-ACE5-7261644A972C}

O42 - Logiciel: Turbo Lister 2 - (. eBay Inc..) [HKLM][64Bits] -- {8927E07C-97F7-4A54-88FB-D976F50DD46E}

O42 - Logiciel: Utility Common Driver - (.TOSHIBA.) [HKLM][64Bits] -- InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}

O42 - Logiciel: Utility Common Driver - (.TOSHIBA.) [HKLM][64Bits] -- {12688FD7-CB92-4A5B-BEE4-5C8E0574434F}

O42 - Logiciel: WildTangent ORB Game Console - (.WildTangent.) [HKLM][64Bits] -- TOSHIBA Game Console

O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- WinLiveSuite

O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}

O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}

O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}

O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}

O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {DA54F80E-261C-41A2-A855-549A144F2F59}

O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9D56775A-93F3-44A3-8092-840E3826DE30}

O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM][64Bits] -- {9FAE6E8D-E686-49F5-A574-0A58DFD9580C}

O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}

O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM][64Bits] -- {DECDCB7C-58CC-4865-91AF-627F9798FE48}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}

O42 - Logiciel: Windows Live Messenger Companion Core - (.Microsoft Corporation.) [HKLM][64Bits] -- {78A96B4C-A643-4D0F-98C2-A8E16A6669F9}

O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}

O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM][64Bits] -- {92EA4134-10D1-418A-91E1-5A0453131A38}

O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}

O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}

O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM][64Bits] -- {3336F667-9049-4D46-98B6-4C743EEBC5B1}

O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {DF6D988A-EEA0-4277-AAB8-158E086E439B}

O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}

O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {E02A6548-6FDE-40E2-8ED9-119D7D7E641F}

O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {5E2CD4FB-4538-4831-8176-05D653C3E6D4}

O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM][64Bits] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}

O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM][64Bits] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}

O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {09F56A49-A7B1-4AAB-95B9-D13094254AD1}

O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {3B9A92DA-6374-4872-B646-253F18624D5F}

O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {A726AE06-AAA3-43D1-87E3-70F510314F04}

O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM][64Bits] -- {AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM][64Bits] -- {62687B11-58B5-4A18-9BC3-9DF4CE03F194}

O42 - Logiciel: Yahoo! Software Update - (.Pas de propriétaire.) [HKLM][64Bits] -- Yahoo! Software Update

O42 - Logiciel: Yahoo! Toolbar - (.Pas de propriétaire.) [HKLM][64Bits] -- Yahoo! Companion

O42 - Logiciel: Zuma Deluxe - (.WildTangent.) [HKLM][64Bits] -- WT089388

O42 - Logiciel: adsl TV - (.adsl TV / FM.) [HKLM][64Bits] -- {3AFDD2C6-8663-46B5-B195-6CEB00D44768}

O42 - Logiciel: eBay - (.eBay Inc..) [HKLM][64Bits] -- {FDE58148-57E7-43BF-879A-29CCE818C078}

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\Adobe]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software\Yahoo]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Avira]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\IM]

[HKCU\Software\ImInstaller]

[HKCU\Software\IncrediMail]

[HKCU\Software\Intel]

[HKCU\Software\Macromedia]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\Nero]

[HKCU\Software\Netscape]

[HKCU\Software\Policies]

[HKCU\Software\Realtek]

[HKCU\Software\Skype]

[HKCU\Software\Synaptics]

[HKCU\Software\TOSHIBA]

[HKCU\Software\Wow6432Node]

[HKCU\Software\Yahoo]

[HKCU\Software\eBay]

[HKLM\Software\ATI Technologies]

[HKLM\Software\Adobe]

[HKLM\Software\Avira]

[HKLM\Software\COMPAL]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\Cyberlink]

[HKLM\Software\DTS]

[HKLM\Software\ImInstaller]

[HKLM\Software\InstallShield]

[HKLM\Software\InstalledOptions]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\McAfee.com]

[HKLM\Software\McAfeeInstaller]

[HKLM\Software\McAfee]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Nero]

[HKLM\Software\ODBC]

[HKLM\Software\Policies]

[HKLM\Software\RTLSetup]

[HKLM\Software\Realtek Semiconductor Corp.]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\RtWLan]

[HKLM\Software\SOFTWARE]

[HKLM\Software\SRS Labs]

[HKLM\Software\SiteAdvisor]

[HKLM\Software\Skype]

[HKLM\Software\SonicFocus]

[HKLM\Software\Sonic]

[HKLM\Software\Synaptics]

[HKLM\Software\TOSHIBA CORPORATION]

[HKLM\Software\TOSHIBA]

[HKLM\Software\VideoLAN]

[HKLM\Software\Waves Audio]

[HKLM\Software\WildTangent]

[HKLM\Software\Wow6432Node]

[HKLM\Software\X-AVCSD]

[HKLM\Software\Yahoo]

[HKLM\Software\mozilla.org]

 

 

 

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 22/05/2011 - 14:16:12 - [83510531] ----D- C:\Program Files\Common Files

O43 - CFD: 14/07/2009 - 17:35:28 - [90257428] ----D- C:\Program Files\DVD Maker

O43 - CFD: 21/05/2011 - 12:02:30 - [0] -SH-D- C:\Program Files\Fichiers communs

O43 - CFD: 16/06/2011 - 03:19:30 - [5174937] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 19/10/2010 - 13:58:42 - [148930098] ----D- C:\Program Files\Microsoft Games

O43 - CFD: 17/06/2011 - 14:56:06 - [1584815] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild

O43 - CFD: 19/10/2010 - 13:29:50 - [2178436] ----D- C:\Program Files\PlayReady

O43 - CFD: 21/05/2011 - 11:39:50 - [17509392] ----D- C:\Program Files\Realtek

O43 - CFD: 14/07/2009 - 07:32:40 - [36253865] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 21/05/2011 - 11:47:02 - [31323877] ----D- C:\Program Files\Synaptics

O43 - CFD: 21/05/2011 - 11:54:48 - [393529534] ----D- C:\Program Files\TOSHIBA

O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 14/07/2009 - 17:24:10 - [4039168] ----D- C:\Program Files\Windows Defender

O43 - CFD: 14/07/2009 - 17:35:28 - [9224824] ----D- C:\Program Files\Windows Journal

O43 - CFD: 19/10/2010 - 14:01:44 - [7755583] ----D- C:\Program Files\Windows Live

O43 - CFD: 23/05/2011 - 08:17:48 - [6667264] ----D- C:\Program Files\Windows Mail

O43 - CFD: 23/05/2011 - 08:17:44 - [7687085] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 21/05/2011 - 12:02:30 - [12627124] ----D- C:\Program Files\Windows NT

O43 - CFD: 14/07/2009 - 17:24:10 - [5516568] ----D- C:\Program Files\Windows Photo Viewer

O43 - CFD: 14/07/2009 - 07:32:40 - [235008] ----D- C:\Program Files\Windows Portable Devices

O43 - CFD: 14/07/2009 - 17:24:10 - [8024661] ----D- C:\Program Files\Windows Sidebar

O43 - CFD: 17/06/2011 - 14:56:06 - [70889090] ----D- C:\Program Files\Common Files\Microsoft Shared

O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services

O43 - CFD: 14/07/2009 - 05:20:10 - [608768] ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 14/07/2009 - 17:24:10 - [12009971] ----D- C:\Program Files\Common Files\System

O43 - CFD: 21/05/2011 - 14:24:48 - [30162689] ----D- C:\ProgramData\Adobe

O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data

O43 - CFD: 21/05/2011 - 12:34:06 - [47463780] ----D- C:\ProgramData\Avira

O43 - CFD: 21/05/2011 - 12:02:28 - [0] -SH-D- C:\ProgramData\Bureau

O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Desktop

O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Documents

O43 - CFD: 21/05/2011 - 18:46:00 - [371154244] ----D- C:\ProgramData\eBay

O43 - CFD: 21/05/2011 - 12:02:28 - [0] -SH-D- C:\ProgramData\Favoris

O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Favorites

O43 - CFD: 21/05/2011 - 13:10:40 - [144] ----D- C:\ProgramData\IM

O43 - CFD: 21/05/2011 - 13:09:52 - [6276245] ----D- C:\ProgramData\IncrediMail

O43 - CFD: 21/05/2011 - 12:40:46 - [16301746] ----D- C:\ProgramData\Malwarebytes

O43 - CFD: 22/05/2011 - 14:16:12 - [6102] ----D- C:\ProgramData\McAfee

O43 - CFD: 21/05/2011 - 12:02:30 - [0] -SH-D- C:\ProgramData\Menu Démarrer

O43 - CFD: 17/06/2011 - 14:56:40 - [2296304859] -S--D- C:\ProgramData\Microsoft

O43 - CFD: 21/05/2011 - 12:02:30 - [0] -SH-D- C:\ProgramData\Modèles

O43 - CFD: 19/10/2010 - 13:51:02 - [2445602] ----D- C:\ProgramData\Nero

O43 - CFD: 19/10/2010 - 13:54:50 - [19883946] ----D- C:\ProgramData\Skype

O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Start Menu

O43 - CFD: 19/10/2010 - 13:31:48 - [119] ----D- C:\ProgramData\Sun

O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Templates

O43 - CFD: 21/05/2011 - 11:52:02 - [5261507] ----D- C:\ProgramData\Toshiba

O43 - CFD: 21/05/2011 - 12:03:00 - [1649] ----D- C:\ProgramData\ToshibaEurope

O43 - CFD: 17/06/2011 - 17:11:18 - [0] ----D- C:\ProgramData\VirtualizedApplications

O43 - CFD: 21/05/2011 - 11:42:36 - [2262453] ----D- C:\ProgramData\vista32

O43 - CFD: 21/05/2011 - 11:42:36 - [3298743] ----D- C:\ProgramData\vista64

O43 - CFD: 19/10/2010 - 13:58:16 - [1076708706] ----D- C:\ProgramData\WildTangent

O43 - CFD: 21/05/2011 - 11:45:02 - [2220344] ----D- C:\ProgramData\win7_32

O43 - CFD: 21/05/2011 - 11:45:02 - [3218377] ----D- C:\ProgramData\win7_64

O43 - CFD: 21/05/2011 - 11:42:36 - [58152] ----D- C:\ProgramData\xp

O43 - CFD: 21/05/2011 - 22:53:36 - [4369] ----D- C:\ProgramData\Yahoo!

O43 - CFD: 21/05/2011 - 22:53:44 - [5900] ----D- C:\ProgramData\Yahoo! Companion

O43 - CFD: 21/05/2011 - 14:24:22 - [2048381] ----D- C:\Users\Emma\AppData\Roaming\Adobe

O43 - CFD: 21/05/2011 - 12:37:58 - [0] ----D- C:\Users\Emma\AppData\Roaming\Avira

O43 - CFD: 21/05/2011 - 12:05:04 - [0] ----D- C:\Users\Emma\AppData\Roaming\Identities

O43 - CFD: 19/10/2010 - 13:54:28 - [62467] ----D- C:\Users\Emma\AppData\Roaming\Macromedia

O43 - CFD: 21/05/2011 - 12:40:52 - [146087] ----D- C:\Users\Emma\AppData\Roaming\Malwarebytes

O43 - CFD: 14/07/2009 - 17:35:06 - [0] ----D- C:\Users\Emma\AppData\Roaming\Media Center Programs

O43 - CFD: 17/06/2011 - 14:58:48 - [18415891] -S--D- C:\Users\Emma\AppData\Roaming\Microsoft

O43 - CFD: 21/05/2011 - 13:55:20 - [31881482] ----D- C:\Users\Emma\AppData\Roaming\Mozilla

O43 - CFD: 21/05/2011 - 12:05:56 - [66410] ----D- C:\Users\Emma\AppData\Roaming\Nero

O43 - CFD: 23/06/2011 - 23:27:38 - [1050326] ----D- C:\Users\Emma\AppData\Roaming\SoftGrid Client

O43 - CFD: 21/05/2011 - 22:48:50 - [12250968] ----D- C:\Users\Emma\AppData\Roaming\Toshiba

O43 - CFD: 17/06/2011 - 14:57:02 - [0] ----D- C:\Users\Emma\AppData\Roaming\TP

O43 - CFD: 24/05/2011 - 21:54:34 - [691346] ----D- C:\Users\Emma\AppData\Roaming\vlc

O43 - CFD: 21/05/2011 - 22:53:30 - [17285] ----D- C:\Users\Emma\AppData\Roaming\Yahoo!

O43 - CFD: 21/05/2011 - 14:26:00 - [79648] ----D- C:\Users\Emma\AppData\Local\Adobe

O43 - CFD: 30/06/2011 - 20:29:46 - [14497394] ----D- C:\Users\Emma\AppData\Local\adslTV

O43 - CFD: 21/05/2011 - 12:02:38 - [0] -SH-D- C:\Users\Emma\AppData\Local\Application Data

O43 - CFD: 26/06/2011 - 11:53:34 - [0] ----D- C:\Users\Emma\AppData\Local\Diagnostics

O43 - CFD: 21/05/2011 - 12:02:38 - [0] -SH-D- C:\Users\Emma\AppData\Local\Historique

O43 - CFD: 21/05/2011 - 13:12:38 - [229331904] ----D- C:\Users\Emma\AppData\Local\IM

O43 - CFD: 24/06/2011 - 13:35:28 - [271543831] ----D- C:\Users\Emma\AppData\Local\Microsoft

O43 - CFD: 21/05/2011 - 13:55:08 - [62789552] ----D- C:\Users\Emma\AppData\Local\Mozilla

O43 - CFD: 17/06/2011 - 14:56:52 - [507904] ----D- C:\Users\Emma\AppData\Local\SoftGrid Client

O43 - CFD: 02/07/2011 - 22:58:44 - [6009483] ----D- C:\Users\Emma\AppData\Local\Temp

O43 - CFD: 21/05/2011 - 12:02:38 - [0] -SH-D- C:\Users\Emma\AppData\Local\Temporary Internet Files

O43 - CFD: 21/05/2011 - 14:24:16 - [1212] ----D- C:\Users\Emma\AppData\Local\Toshiba

O43 - CFD: 21/05/2011 - 14:20:08 - [310] ----D- C:\Users\Emma\AppData\Local\TOSHIBA_Corporation

O43 - CFD: 01/07/2011 - 11:23:40 - [7061] ----D- C:\Users\Emma\AppData\Local\VirtualStore

O43 - CFD: 28/05/2011 - 08:56:26 - [24576] ----D- C:\Users\Emma\AppData\Local\Windows Live

O43 - CFD: 28/05/2011 - 08:56:26 - [0] ----D- C:\Users\Emma\AppData\Local\Yahoo

O43 - CFD: 21/05/2011 - 14:26:00 - [79648] ----D- C:\Users\Emma\AppData\Local\Adobe

O43 - CFD: 30/06/2011 - 20:29:46 - [14497394] ----D- C:\Users\Emma\AppData\Local\adslTV

O43 - CFD: 21/05/2011 - 12:02:38 - [0] -SH-D- C:\Users\Emma\AppData\Local\Application Data

O43 - CFD: 26/06/2011 - 11:53:34 - [0] ----D- C:\Users\Emma\AppData\Local\Diagnostics

O43 - CFD: 21/05/2011 - 12:02:38 - [0] -SH-D- C:\Users\Emma\AppData\Local\Historique

O43 - CFD: 21/05/2011 - 13:12:38 - [229331904] ----D- C:\Users\Emma\AppData\Local\IM

O43 - CFD: 24/06/2011 - 13:35:28 - [271543831] ----D- C:\Users\Emma\AppData\Local\Microsoft

O43 - CFD: 21/05/2011 - 13:55:08 - [62789552] ----D- C:\Users\Emma\AppData\Local\Mozilla

O43 - CFD: 17/06/2011 - 14:56:52 - [507904] ----D- C:\Users\Emma\AppData\Local\SoftGrid Client

O43 - CFD: 02/07/2011 - 22:58:44 - [6009483] ----D- C:\Users\Emma\AppData\Local\Temp

O43 - CFD: 21/05/2011 - 12:02:38 - [0] -SH-D- C:\Users\Emma\AppData\Local\Temporary Internet Files

O43 - CFD: 21/05/2011 - 14:24:16 - [1212] ----D- C:\Users\Emma\AppData\Local\Toshiba

O43 - CFD: 21/05/2011 - 14:20:08 - [310] ----D- C:\Users\Emma\AppData\Local\TOSHIBA_Corporation

O43 - CFD: 01/07/2011 - 11:23:40 - [7061] ----D- C:\Users\Emma\AppData\Local\VirtualStore

O43 - CFD: 28/05/2011 - 08:56:26 - [24576] ----D- C:\Users\Emma\AppData\Local\Windows Live

O43 - CFD: 28/05/2011 - 08:56:26 - [0] ----D- C:\Users\Emma\AppData\Local\Yahoo

O43 - CFD: 19/10/2010 - 13:54:28 - [244881368] ----D- C:\Program Files (x86)\Adobe

O43 - CFD: 21/05/2011 - 22:53:36 - [45039166] ----D- C:\Program Files (x86)\adslTV

O43 - CFD: 21/05/2011 - 12:34:06 - [124047590] ----D- C:\Program Files (x86)\Avira

O43 - CFD: 19/10/2010 - 13:53:52 - [569669] ----D- C:\Program Files (x86)\Bing Bar Installer

O43 - CFD: 17/06/2011 - 14:56:06 - [412123966] ----D- C:\Program Files (x86)\Common Files

O43 - CFD: 21/05/2011 - 18:46:00 - [45770555] ----D- C:\Program Files (x86)\eBay

O43 - CFD: 21/05/2011 - 13:09:52 - [26233092] ----D- C:\Program Files (x86)\IncrediMail

O43 - CFD: 21/05/2011 - 11:52:40 - [145259043] --H-D- C:\Program Files (x86)\InstallShield Installation Information

O43 - CFD: 21/05/2011 - 11:37:38 - [65709320] ----D- C:\Program Files (x86)\Intel

O43 - CFD: 16/06/2011 - 03:19:30 - [4815785] ----D- C:\Program Files (x86)\Internet Explorer

O43 - CFD: 19/10/2010 - 13:30:16 - [90561110] ----D- C:\Program Files (x86)\Java

O43 - CFD: 13/06/2011 - 13:59:52 - [7585418] ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware

O43 - CFD: 21/05/2011 - 12:56:22 - [7255573] ----D- C:\Program Files (x86)\metagenia

O43 - CFD: 19/10/2010 - 13:53:46 - [2914684] ----D- C:\Program Files (x86)\Microsoft

O43 - CFD: 17/06/2011 - 23:37:00 - [11424814] ----D- C:\Program Files (x86)\Microsoft Application Virtualization Client

O43 - CFD: 17/06/2011 - 14:56:06 - [37205806] ----D- C:\Program Files (x86)\Microsoft Office

O43 - CFD: 16/06/2011 - 03:20:32 - [38411899] ----D- C:\Program Files (x86)\Microsoft Silverlight

O43 - CFD: 19/10/2010 - 14:02:42 - [1829877] ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

O43 - CFD: 24/05/2011 - 07:36:36 - [15715] ----D- C:\Program Files (x86)\Microsoft.NET

O43 - CFD: 21/06/2011 - 19:58:26 - [34245862] ----D- C:\Program Files (x86)\Mozilla Firefox

O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files (x86)\MSBuild

O43 - CFD: 22/05/2011 - 17:35:34 - [27892223] ----D- C:\Program Files (x86)\MSECache

O43 - CFD: 23/05/2011 - 08:25:52 - [0] ----D- C:\Program Files (x86)\MSXML 4.0

O43 - CFD: 19/10/2010 - 13:51:00 - [653572400] ----D- C:\Program Files (x86)\Nero

O43 - CFD: 19/10/2010 - 13:54:30 - [31296334] ----D- C:\Program Files (x86)\Photo-Service

O43 - CFD: 21/05/2011 - 11:47:14 - [15852096] ----D- C:\Program Files (x86)\Realtek

O43 - CFD: 21/05/2011 - 11:48:04 - [5710668] ----D- C:\Program Files (x86)\Realtek WLAN Driver

O43 - CFD: 14/07/2009 - 07:32:40 - [38597377] ----D- C:\Program Files (x86)\Reference Assemblies

O43 - CFD: 19/10/2010 - 13:54:56 - [25537329] R---D- C:\Program Files (x86)\Skype

O43 - CFD: 21/05/2011 - 11:39:58 - [0] --H-D- C:\Program Files (x86)\Temp

O43 - CFD: 21/05/2011 - 11:52:50 - [271819498] ----D- C:\Program Files (x86)\TOSHIBA

O43 - CFD: 19/10/2010 - 13:58:18 - [237916360] ----D- C:\Program Files (x86)\TOSHIBA Games

O43 - CFD: 19/10/2010 - 13:55:18 - [11424156] ----D- C:\Program Files (x86)\Toshiba TEMPRO

O43 - CFD: 14/07/2009 - 06:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information

O43 - CFD: 14/07/2009 - 17:24:10 - [524800] ----D- C:\Program Files (x86)\Windows Defender

O43 - CFD: 23/05/2011 - 00:40:52 - [177028360] ----D- C:\Program Files (x86)\Windows Live

O43 - CFD: 23/05/2011 - 08:17:48 - [6180864] ----D- C:\Program Files (x86)\Windows Mail

O43 - CFD: 23/05/2011 - 08:17:44 - [5024017] ----D- C:\Program Files (x86)\Windows Media Player

O43 - CFD: 14/07/2009 - 07:32:40 - [12197556] ----D- C:\Program Files (x86)\Windows NT

O43 - CFD: 14/07/2009 - 17:24:10 - [4417800] ----D- C:\Program Files (x86)\Windows Photo Viewer

O43 - CFD: 14/07/2009 - 07:32:42 - [189440] ----D- C:\Program Files (x86)\Windows Portable Devices

O43 - CFD: 14/07/2009 - 17:24:10 - [6233468] ----D- C:\Program Files (x86)\Windows Sidebar

O43 - CFD: 21/05/2011 - 22:53:36 - [5189604] ----D- C:\Program Files (x86)\Yahoo!

O43 - CFD: 02/07/2011 - 22:59:40 - [8510107] ----D- C:\Program Files (x86)\ZHPDiag

O43 - CFD: 19/10/2010 - 13:41:10 - [6247934] ----D- C:\Program Files (x86)\Common Files\Adobe

O43 - CFD: 19/10/2010 - 13:54:26 - [30516688] ----D- C:\Program Files (x86)\Common Files\Adobe AIR

O43 - CFD: 17/06/2011 - 14:56:06 - [99136] ----D- C:\Program Files (x86)\Common Files\DESIGNER

O43 - CFD: 21/05/2011 - 11:39:32 - [2106564] ----D- C:\Program Files (x86)\Common Files\InstallShield

O43 - CFD: 19/10/2010 - 13:31:48 - [1231815] ----D- C:\Program Files (x86)\Common Files\Java

O43 - CFD: 17/06/2011 - 14:56:06 - [74782875] ----D- C:\Program Files (x86)\Common Files\microsoft shared

O43 - CFD: 19/10/2010 - 13:49:26 - [10211515] ----D- C:\Program Files (x86)\Common Files\Nero

O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files (x86)\Common Files\Services

O43 - CFD: 19/10/2010 - 13:54:52 - [2135336] ----D- C:\Program Files (x86)\Common Files\Skype

O43 - CFD: 14/07/2009 - 05:20:10 - [41103783] ----D- C:\Program Files (x86)\Common Files\SpeechEngines

O43 - CFD: 14/07/2009 - 17:24:10 - [10102259] ----D- C:\Program Files (x86)\Common Files\System

O43 - CFD: 19/10/2010 - 13:59:08 - [224545535] ----D- C:\Program Files (x86)\Common Files\Windows Live

O43 - CFD: 19/10/2010 - 13:55:12 - [9037824] ----D- C:\Program Files (x86)\Common Files\Wise Installation Wizard

 

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.313BE511C07213711204659EB536B192] - 02/07/2011 - 21:25:18 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16304]

O44 - LFC:[MD5.313BE511C07213711204659EB536B192] - 02/07/2011 - 21:25:18 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16304]

O44 - LFC:[MD5.E0EE1800FEFFFFFF57494E444F577E31] - 02/07/2011 - 21:21:24 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1659751]

O44 - LFC:[MD5.58E0ED26C4B31CD18FF5599692355170] - 02/07/2011 - 21:17:45 ---A- . (...) -- C:\Windows\setupact.log [31540]

O44 - LFC:[MD5.C7D25255FD29D0352B3C9FED336CDF0F] - 02/07/2011 - 21:17:44 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.6BAA1790944DF043F601F6A7C2ABFB77] - 02/07/2011 - 21:09:32 ---A- . (...) -- C:\ZHPExportRegistry-02-07-2011-22-09-32.txt [706]

O44 - LFC:[MD5.F066EF5DFFD258222EC7D2BBC44C447A] - 02/07/2011 - 09:33:50 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]

O44 - LFC:[MD5.C3132CE0C8338A399D1A4FB6B95724A3] - 30/06/2011 - 06:53:40 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [274464]

O44 - LFC:[MD5.00CA17846AF2FD1F8A2731869FAE1057] - 24/06/2011 - 12:36:42 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1551212]

O44 - LFC:[MD5.189EE16AB9A2EFBC81EF88C4E47D3BBB] - 24/06/2011 - 12:36:42 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [106574]

O44 - LFC:[MD5.90CB337C2868790ED61D02CD7138739F] - 24/06/2011 - 12:36:42 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [130940]

O44 - LFC:[MD5.B20B73A1942415AE702D44B77BFE5CAB] - 24/06/2011 - 12:36:42 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [616452]

O44 - LFC:[MD5.829F0E85DD10976B754A8FB6E8328828] - 24/06/2011 - 12:36:42 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [704924]

O44 - LFC:[MD5.00CA17846AF2FD1F8A2731869FAE1057] - 17/06/2011 - 22:36:59 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1578010]

 

 

 

---\\ Contrôle du Safe Boot (CSB) (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys

 

 

 

---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

 

 

 

---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

 

 

 

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1

 

 

 

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 10/06/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [491088]

O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 13/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339536]

O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 13/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [182864]

O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15440]

O58 - SDL:[MD5.7A4B413614C055935567CF88A9734D38] - 10/06/2009 - 02:52:21 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [106576]

O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 10/06/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys [194128]

O58 - SDL:[MD5.B4AD0CACBAB298671DD6F6EF7E20679D] - 13/07/2009 - 02:52:21 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [28752]

O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 13/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [87632]

O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 13/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [97856]

O58 - SDL:[MD5.39C2E2870FC0C2AE0595B883CBE716B4] - 21/05/2011 - 11:09:08 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [83120]

O58 - SDL:[MD5.C98FA6E5AD0E857D22716BD2B8B1F399] - 21/05/2011 - 11:09:08 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [116568]

O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 10/06/2009 - 21:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys [270848]

O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 14/07/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432]

O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 14/07/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704]

O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 14/07/2009 - 02:19:07 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [286720]

O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 14/07/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104]

O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 14/07/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976]

O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 14/07/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720]

O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 10/06/2009 - 21:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys [468480]

O58 - SDL:[MD5.7E83E47BD1FF93E11CD69F1AD65A9581] - 21/05/2011 - 10:42:22 ---A- . (.Compal Electronics, INC. - CeKbFilter.) -- C:\Windows\system32\drivers\CeKbFilter.sys [20592]

O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 14/07/2009 - 02:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [17488]

O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 10/06/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [530496]

O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 10/06/2009 - 21:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys [3286016]

O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 14/07/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [31232]

O58 - SDL:[MD5.0886D440058F203EBA0E1825E4355914] - 13/07/2009 - 02:47:48 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [77888]

O58 - SDL:[MD5.1D004CB1DA6323B1F55CAEF7F94B61D9] - 21/05/2011 - 17:54:36 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStor.sys [408600]

O58 - SDL:[MD5.D83EFB6FD45DF9D55E9A1AFC63640D50] - 10/06/2009 - 02:48:04 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys [410688]

O58 - SDL:[MD5.898AB5BFED7040D7AB07AF01885EB944] - 21/05/2011 - 23:24:36 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\system32\drivers\igdkmd64.sys [10300800]

O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 13/07/2009 - 02:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44112]

O58 - SDL:[MD5.2825A71E7501CB33B3B9F856610C729D] - 21/05/2011 - 09:55:20 ---A- . (.COMPAL ELECTRONIC INC. - LPCFilter.) -- C:\Windows\system32\drivers\LPCFilter.sys [46192]

O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 13/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [114752]

O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 13/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [106560]

O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 13/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [65600]

O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 13/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [115776]

O58 - SDL:[MD5.ED49FD1373DE93617A1F6D128D98FE4D] - 21/05/2011 - 08:11:20 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [25912]

O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 10/06/2009 - 02:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys [35392]

O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 13/07/2009 - 02:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [284736]

O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 13/07/2009 - 02:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51264]

O58 - SDL:[MD5.3E38712941E9BB4DDBEE00AFFE3FED3D] - 13/07/2009 - 02:48:27 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [149056]

O58 - SDL:[MD5.477DC4D6DEB99BE37084C9AC6D013DA1] - 10/06/2009 - 02:45:45 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [167488]

O58 - SDL:[MD5.663962900E7FEA522126BA287715BB4A] - 21/05/2011 - 16:06:38 ---A- . (.TOSHIBA Corporation - TOSHIBA Universal Camera Filter Driver.) -- C:\Windows\system32\drivers\PGEffect.sys [35008]

O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 10/06/2009 - 02:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1524816]

O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 13/07/2009 - 02:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [128592]

O58 - SDL:[MD5.3E70F9CA3EEB22AFFAAC1A4861A303DC] - 21/05/2011 - 14:11:18 ---A- . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver.) -- C:\Windows\system32\drivers\Rt64win7.sys [349800]

O58 - SDL:[MD5.E8017F1662D9142F45CEAB694D013C00] - 21/05/2011 - 17:26:00 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHD64.sys [2445672]

O58 - SDL:[MD5.945AB249D12CBE044782430C6013AA1A] - 21/05/2011 - 10:10:18 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL8187B NDIS Driver.) -- C:\Windows\system32\drivers\rtl8187B.sys [450048]

O58 - SDL:[MD5.F79E887762D9A0C3FDE5D188DCA5BB26] - 21/05/2011 - 13:01:10 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL8187S PCIE NDIS Driverr.) -- C:\Windows\system32\drivers\rtl8187Se.sys [442368]

O58 - SDL:[MD5.FFC748D848740D1BC8F330A8879C2674] - 21/05/2011 - 10:32:20 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL81892CE NDIS Driverr.) -- C:\Windows\system32\drivers\rtl8192ce.sys [932384]

O58 - SDL:[MD5.7475548B0BA58EBA4D12414FC9E9DFE6] - 21/05/2011 - 00:23:08 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL81892SE NDIS Driverr.) -- C:\Windows\system32\drivers\rtl8192se.sys [1103904]

O58 - SDL:[MD5.DBA89D7C8C888BB7161BB63A60B2CCE8] - 21/05/2011 - 09:07:58 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL819xP NDIS Driverr.) -- C:\Windows\system32\drivers\rtl819xp.sys [612352]

O58 - SDL:[MD5.907C4464381B5EBDFDC60F6C7D0DEDFC] - 21/05/2011 - 08:05:46 ---A- . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7.) -- C:\Windows\system32\drivers\RtsUStor.sys [232992]

O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 14/07/2009 - 21:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040]

O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 10/06/2009 - 02:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [43584]

O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 13/07/2009 - 02:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [80464]

O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [24656]

O58 - SDL:[MD5.470C47DABA9CA3966F0AB3F835D7D135] - 21/05/2011 - 17:51:32 ---A- . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\Windows\system32\drivers\SynTP.sys [316464]

O58 - SDL:[MD5.FD542B661BD22FA69CA789AD0AC58C29] - 21/05/2011 - 18:22:04 ---A- . (.TOSHIBA Corporation. - TOSHIBA ODD Writing Driver for x64..) -- C:\Windows\system32\drivers\tdcmdpst.sys [27784]

O58 - SDL:[MD5.550B567F9364D8F7684C3FB3EA665A72] - 21/05/2011 - 14:31:18 ---A- . (.TOSHIBA Corporation - TOSHIBA ACPI-Based Value Added Logical and General Purpose Devi.) -- C:\Windows\system32\drivers\TVALZ_O.SYS [26840]

O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [17488]

O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 10/06/2009 - 02:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [161872]

O58 - SDL:[MD5.B309912717C29FC67E1BA4730A82B6DD] - 13/06/2011 - 08:11:30 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys [39984]

 

 

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM][64Bits] -- ZHPDiag_is1

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (.Microsoft Corporation - Wim file system Driver.) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - Bing

O69 - SBI: SearchScopes [HKCU] {3D650006-DF0A-4B7B-8260-356DB762FA92} - (@ieframe.dll,-12512) - Bing

O69 - SBI: SearchScopes [HKCU] {A562B117-84A5-4AD8-851D-3DF3021DEC2E} - (eBay) - eBay

O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredimail.com

O69 - SBI: SearchScopes [HKCU] {FEDCCAF5-797E-4DC8-A4B5-DABF5F2CEBB1} - (MyStart Search) - http://mystart.incredimail.com

 

 

 

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.ED1B1DC193C2CC2583C75DC562373769] [sPRF] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Emma\Desktop\ZHPDiag2.exe [2535547]

 

 

 

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)

O87 - FAEL: "FPS-SpoolSvc-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)

O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" |Out - Domain - P6 - TRUE | .(...) -- C:\Windows\system32\lsass.exe (.not file.)

O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.)

O87 - FAEL: "RemoteSvcAdmin-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.)

O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "{3BFBC139-FED6-4849-832F-3024AF9E2B51}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe (.not file.)

O87 - FAEL: "{CFE05C45-2067-4CC5-A8C0-F65CC1451A03}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe (.not file.)

O87 - FAEL: "{7F0BD0CF-A91F-4EA0-A75E-AF84D72183C6}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe

O87 - FAEL: "{BD54736F-805E-489E-A53C-F7608434CBBD}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

O87 - FAEL: "{B18850C6-424D-45C3-A139-A512AC769D9F}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Mesh Operating Environment.) -- C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

O87 - FAEL: "{9B97695D-237E-4A31-A006-9E08FEF32EB8}" |In - Private - P6 - TRUE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)

O87 - FAEL: "{D6F3968C-27D8-4AF2-BD7F-1E78E954BE5F}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{E290801B-CC02-4113-AD7A-90FC22FAB858}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe

O87 - FAEL: "{9DF1135F-2C4F-4125-94C7-AB1062067808}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

O87 - FAEL: "{7718D2D0-A55D-42D0-B094-7CEA8641213D}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

O87 - FAEL: "{32334444-BB2E-4768-BD24-183F2316CFD8}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

O87 - FAEL: "{188CBF0C-FCCF-42F4-B081-C1D1708D739C}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

O87 - FAEL: "{B3DFC7F9-ACBF-4463-BE37-2FB13A1C08C1}" | In - Private - P6 - TRUE | .(.adsl TV / FM - Pas de description.) -- C:\Program Files (x86)\adslTV\adsltv.exe

O87 - FAEL: "{5E6239E7-5E08-421F-A8AB-45F3A4DA95E3}" | In - Private - P17 - TRUE | .(.adsl TV / FM - Pas de description.) -- C:\Program Files (x86)\adslTV\adsltv.exe

O87 - FAEL: "{6F559A19-82AC-4D53-ABE9-5FF4A4316BB8}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\adslTV\VLC\vlc.exe

O87 - FAEL: "{CE264413-3045-4DA8-B407-96B50271DA66}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\adslTV\VLC\vlc.exe

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 21/05/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

SR - | Auto 21/05/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 21/05/2011 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

SR - | Auto 21/05/2011 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

SS - | Demand 19/10/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

SR - | Auto 21/05/2011 1811456 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

SR - | Auto 19/10/2010 503080 | c:\Program Files (x86)\Nero\Update\NASvc.exe (NAUpdate) . (.Nero AG.) - c:\Program Files (x86)\Nero\Update\NASvc.exe

SS - | Demand 19/10/2010 124368 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

SR - | Demand 21/05/2011 51512 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

SR - | Auto 30/12/1899 0 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe

SR - | Auto 21/05/2011 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

SR - | Demand 21/05/2011 137560 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe

SR - | Auto 21/05/2011 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by Emma at 02/07/2011 23:00:09

 

device: opened successfully

user: error reading MBR

 

Disk trace:

error: Read Descripteur non valide

kernel: error reading MBR

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Emma at 02/07/2011 23:00:11

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

 

 

 

End of the scan (942 lines in 00mn 40s)(0)

Modifié le 2 juillet 2011 par EmmaMene

[Apollo]

Pour vérifier les mises à jour, Menu Démarrer/tous les programmes/Windows Update. Rechercher des mises à jour (à gauche).

Fais ça quand on est sûr que le pc est clean.

 

 

Si tu veux plein d'astuces pour seven: Toutes les astuces Windows Seven : Astuces pour Windows Vista - Windows Seven

 

~~~~~~~~~~~~~~~~~~~~

ZHPFix :

 

• Ferme toutes les applications ouvertes
   
  
• Double-clique sur ZHPFix, raccourci installé par ZHPDiag sur le Bureau
  Important:
  Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur.
   
  
• Clique sur H .
   
  
• Copie-colle les lignes ci-dessous dans la fenêtre

 

O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - <http://mystart.incredimail.com>      
O69 - SBI: SearchScopes [HKCU] {FEDCCAF5-797E-4DC8-A4B5-DABF5F2CEBB1} - (MyStart Search) - <http://mystart.incredimail.com>    

 

• Clique sur l'icone représentant la lettre H (« coller les lignes Helper »). Le script doit automatiquement apparaitre dans ZHPFix, sinon, colle-le.
   
  Clique sur le bouton GO pour lancer le nettoyage

 

• Valide par Oui la désinstallation des programmes si demandé
   
  
• Laisse l'outil travailler. Si un redémarrage est demandé, accepte et redémarre le PC
   
  
• Le rapport ZHPFixReport.txt s'affiche. Copie-colle le contenu de ce rapport dans ta réponse.
  Le rapport ZHPFixReport.txt est enregistré sous C:\Program files\ZHPFix\ZHPFixReport.txt

 

 

@++

[EmmaMene]

Ok je note pour seven, merci.

 

Voici le rapport :

 

Rapport de ZHPFix 1.12.3332 par Nicolas Coolman, Update du 28/06/2011

Fichier d'export Registre :

Run by Emma at 02/07/2011 23:42:32

Windows 7 Home Premium Edition, 64-bit (Build 7600)

Web site : ZHPFix Fix de rapport

 

========== Clé(s) du Registre ==========

SUPPRIME Key: SearchScopes :{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

SUPPRIME Key: SearchScopes :{FEDCCAF5-797E-4DC8-A4B5-DABF5F2CEBB1}

 

 

========== Récapitulatif ==========

2 : Clé(s) du Registre

 

 

========== Chemin du fichier rapport ==========

C:\Program Files (x86)\ZHPDiag\ZHPFixReport.txt

 

 

 

End of the scan in 00mn 00s

[Apollo]

Relance Zhp Fix et clique sur le bouton HiddenFix à droite ou alors fais ceci:

 

ZHPFix :

 

• Ferme toutes les applications ouvertes
   
  
• Double-clique sur ZHPFix, raccourci installé par ZHPDiag sur le Bureau
  Important:
  Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur.
   
  
• Clique sur H .
   
  
• Copie-colle les lignes ci-dessous dans la fenêtre

 

HiddenFix   

 

• Clique sur l'icone représentant la lettre H (« coller les lignes Helper »). Le script doit automatiquement apparaitre dans ZHPFix, sinon, colle-le.
   
  Clique sur le bouton GO pour lancer le nettoyage

 

• Valide par Oui la désinstallation des programmes si demandé
   
  
• Laisse l'outil travailler. Si un redémarrage est demandé, accepte et redémarre le PC
   
  
• Le rapport ZHPFixReport.txt s'affiche. Copie-colle le contenu de ce rapport dans ta réponse.
  Le rapport ZHPFixReport.txt est enregistré sous C:\Program files\ZHPFix\ZHPFixReport.txt

 

~~~~~~~~~~~~~~~~~~~~~~~

On va vérifier ton MBR par sécurité mais je ne crois pas; on verra bien car le MBR de Seven n'est pas reconnu par ZhpDiag.

 

Le fait qu'il y ait un "dump" MBR montre qu'on a déjà utilisé TDSSKiller ou un autre outil de réparation du même genre.

 

Télécharge TDSSKiller de Kaspersky sur ton bureau.

 

Ou: http://support.kaspersky.com/fr/downloads/utils/tdsskiller.zip ; décompresse le zip.

 

Double-clique sur TDSSKiller.exe

L'écran de TDSSKiller s'affiche:

 

 

Cliquer sur Start scan pour lancer l'analyse.

 

NB: TDSSKiller proposera des options: Delete, Skip ou Cure, il ne faut pas modifier ces options!

 

Lorsque l'outil a terminé son travail d'inspection, si des nuisibles ("Malicious objects") ont été trouvés,

cliquer sur le bouton Continue puis sur le bouton Reboot now.

 

Envoyer en réponse:

*- Le rapport de TDSSKiller (contenu du fichier SystemDrive \TDSSKiller.Version_Date_Heure_log.txt)

[systemDrive représente la partition sur laquelle est installé le système, généralement C:] .

 

 

@++

[Invité Didie85]

 

 

Parfois on infecte son ordi quand on installe Messenger Plus! avec le "sponsor" qui en vérité est le malware Lop.

Si on refuse le sponsor, le pc n'est pas infecté par ça.

 

 

Tout pc ayant Messenger plus est vulnérable par une autre personne executant Messenger plus également.

 

Pour le msn certain indices font pensé à un patch utilisé ou à une version patché diffusée pour permettre d'utiliser une ancienne version de wlm.

 

Bonne recherche.

 

~~ édition ipl_001

Didie85 n'est pas autorisé à intervenir sur ce forum

[EmmaMene]

Bonjour,

 

Alors, voici le rapport TDSSKiller :

 

2011/07/03 15:40:44.0921 5688 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16

2011/07/03 15:40:45.0140 5688 ================================================================================

2011/07/03 15:40:45.0140 5688 SystemInfo:

2011/07/03 15:40:45.0140 5688

2011/07/03 15:40:45.0140 5688 OS Version: 6.1.7600 ServicePack: 0.0

2011/07/03 15:40:45.0140 5688 Product type: Workstation

2011/07/03 15:40:45.0140 5688 ComputerName: EMMA-TOSH

2011/07/03 15:40:45.0140 5688 UserName: Emma

2011/07/03 15:40:45.0140 5688 Windows directory: C:\Windows

2011/07/03 15:40:45.0140 5688 System windows directory: C:\Windows

2011/07/03 15:40:45.0140 5688 Running under WOW64

2011/07/03 15:40:45.0140 5688 Processor architecture: Intel x64

2011/07/03 15:40:45.0140 5688 Number of processors: 2

2011/07/03 15:40:45.0140 5688 Page size: 0x1000

2011/07/03 15:40:45.0140 5688 Boot type: Normal boot

2011/07/03 15:40:45.0140 5688 ================================================================================

2011/07/03 15:40:45.0779 5688 Initialize success

2011/07/03 15:40:48.0462 6012 ================================================================================

2011/07/03 15:40:48.0462 6012 Scan started

2011/07/03 15:40:48.0462 6012 Mode: Manual;

2011/07/03 15:40:48.0462 6012 ================================================================================

2011/07/03 15:40:50.0288 6012 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

2011/07/03 15:40:50.0350 6012 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

2011/07/03 15:40:50.0459 6012 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

2011/07/03 15:40:50.0553 6012 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

2011/07/03 15:40:50.0646 6012 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

2011/07/03 15:40:50.0724 6012 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

2011/07/03 15:40:50.0865 6012 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

2011/07/03 15:40:50.0990 6012 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

2011/07/03 15:40:51.0130 6012 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

2011/07/03 15:40:51.0161 6012 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

2011/07/03 15:40:51.0208 6012 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

2011/07/03 15:40:51.0302 6012 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

2011/07/03 15:40:51.0364 6012 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

2011/07/03 15:40:51.0473 6012 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

2011/07/03 15:40:51.0520 6012 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

2011/07/03 15:40:51.0660 6012 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

2011/07/03 15:40:51.0801 6012 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

2011/07/03 15:40:51.0848 6012 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

2011/07/03 15:40:51.0957 6012 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/07/03 15:40:52.0004 6012 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

2011/07/03 15:40:52.0144 6012 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/07/03 15:40:52.0191 6012 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys

2011/07/03 15:40:52.0316 6012 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

2011/07/03 15:40:52.0456 6012 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

2011/07/03 15:40:52.0503 6012 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

2011/07/03 15:40:52.0643 6012 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

2011/07/03 15:40:52.0706 6012 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

2011/07/03 15:40:52.0815 6012 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

2011/07/03 15:40:52.0846 6012 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

2011/07/03 15:40:52.0893 6012 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

2011/07/03 15:40:52.0986 6012 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

2011/07/03 15:40:53.0033 6012 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

2011/07/03 15:40:53.0127 6012 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

2011/07/03 15:40:53.0174 6012 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

2011/07/03 15:40:53.0361 6012 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/07/03 15:40:53.0408 6012 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

2011/07/03 15:40:53.0517 6012 CeKbFilter (7e83e47bd1ff93e11cd69f1ad65a9581) C:\Windows\system32\DRIVERS\CeKbFilter.sys

2011/07/03 15:40:53.0642 6012 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

2011/07/03 15:40:53.0704 6012 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

2011/07/03 15:40:53.0844 6012 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/07/03 15:40:53.0891 6012 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

2011/07/03 15:40:54.0000 6012 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

2011/07/03 15:40:54.0125 6012 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

2011/07/03 15:40:54.0172 6012 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

2011/07/03 15:40:54.0297 6012 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

2011/07/03 15:40:54.0468 6012 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

2011/07/03 15:40:54.0531 6012 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

2011/07/03 15:40:54.0656 6012 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

2011/07/03 15:40:54.0718 6012 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

2011/07/03 15:40:54.0843 6012 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\Windows\System32\drivers\dxgkrnl.sys

2011/07/03 15:40:55.0030 6012 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

2011/07/03 15:40:55.0280 6012 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

2011/07/03 15:40:55.0373 6012 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

2011/07/03 15:40:55.0529 6012 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

2011/07/03 15:40:55.0560 6012 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

2011/07/03 15:40:55.0685 6012 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

2011/07/03 15:40:55.0826 6012 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

2011/07/03 15:40:55.0857 6012 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

2011/07/03 15:40:55.0982 6012 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/07/03 15:40:56.0044 6012 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

2011/07/03 15:40:56.0169 6012 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

2011/07/03 15:40:56.0200 6012 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

2011/07/03 15:40:56.0325 6012 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

2011/07/03 15:40:56.0356 6012 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

2011/07/03 15:40:56.0465 6012 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

2011/07/03 15:40:56.0528 6012 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

2011/07/03 15:40:56.0637 6012 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/07/03 15:40:56.0668 6012 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

2011/07/03 15:40:56.0762 6012 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

2011/07/03 15:40:56.0808 6012 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

2011/07/03 15:40:56.0933 6012 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

2011/07/03 15:40:56.0980 6012 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

2011/07/03 15:40:57.0105 6012 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

2011/07/03 15:40:57.0214 6012 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

2011/07/03 15:40:57.0245 6012 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/07/03 15:40:57.0370 6012 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys

2011/07/03 15:40:57.0448 6012 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

2011/07/03 15:40:57.0744 6012 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys

2011/07/03 15:40:58.0134 6012 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

2011/07/03 15:40:58.0259 6012 IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys

2011/07/03 15:40:58.0400 6012 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

2011/07/03 15:40:58.0462 6012 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

2011/07/03 15:40:58.0524 6012 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/07/03 15:40:58.0602 6012 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

2011/07/03 15:40:58.0680 6012 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

2011/07/03 15:40:58.0743 6012 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

2011/07/03 15:40:58.0821 6012 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

2011/07/03 15:40:58.0852 6012 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/07/03 15:40:58.0961 6012 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/07/03 15:40:59.0008 6012 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/07/03 15:40:59.0133 6012 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

2011/07/03 15:40:59.0164 6012 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

2011/07/03 15:40:59.0273 6012 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

2011/07/03 15:40:59.0414 6012 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

2011/07/03 15:40:59.0570 6012 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\Windows\system32\DRIVERS\LPCFilter.sys

2011/07/03 15:40:59.0632 6012 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

2011/07/03 15:40:59.0726 6012 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

2011/07/03 15:40:59.0772 6012 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

2011/07/03 15:40:59.0882 6012 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

2011/07/03 15:40:59.0991 6012 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

2011/07/03 15:41:00.0038 6012 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

2011/07/03 15:41:00.0069 6012 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

2011/07/03 15:41:00.0178 6012 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

2011/07/03 15:41:00.0225 6012 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

2011/07/03 15:41:00.0318 6012 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

2011/07/03 15:41:00.0365 6012 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

2011/07/03 15:41:00.0490 6012 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

2011/07/03 15:41:00.0537 6012 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

2011/07/03 15:41:00.0630 6012 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

2011/07/03 15:41:00.0677 6012 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

2011/07/03 15:41:00.0786 6012 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/07/03 15:41:00.0833 6012 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/07/03 15:41:00.0864 6012 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/07/03 15:41:00.0958 6012 msahci (2ba4ff3d5eb68587dd662a896f649c7d) C:\Windows\system32\DRIVERS\msahci.sys

2011/07/03 15:41:00.0989 6012 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

2011/07/03 15:41:01.0036 6012 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

2011/07/03 15:41:01.0130 6012 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

2011/07/03 15:41:01.0161 6012 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

2011/07/03 15:41:01.0317 6012 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

2011/07/03 15:41:01.0348 6012 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/07/03 15:41:01.0364 6012 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

2011/07/03 15:41:01.0395 6012 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

2011/07/03 15:41:01.0488 6012 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/07/03 15:41:01.0535 6012 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

2011/07/03 15:41:01.0613 6012 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

2011/07/03 15:41:01.0660 6012 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

2011/07/03 15:41:01.0800 6012 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

2011/07/03 15:41:01.0878 6012 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

2011/07/03 15:41:02.0003 6012 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

2011/07/03 15:41:02.0081 6012 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/07/03 15:41:02.0159 6012 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/07/03 15:41:02.0237 6012 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/07/03 15:41:02.0268 6012 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

2011/07/03 15:41:02.0346 6012 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

2011/07/03 15:41:02.0409 6012 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

2011/07/03 15:41:02.0518 6012 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

2011/07/03 15:41:02.0580 6012 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

2011/07/03 15:41:02.0658 6012 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

2011/07/03 15:41:02.0721 6012 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

2011/07/03 15:41:02.0830 6012 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

2011/07/03 15:41:02.0861 6012 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

2011/07/03 15:41:02.0924 6012 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

2011/07/03 15:41:03.0017 6012 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

2011/07/03 15:41:03.0080 6012 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/07/03 15:41:03.0173 6012 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

2011/07/03 15:41:03.0236 6012 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

2011/07/03 15:41:03.0329 6012 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

2011/07/03 15:41:03.0376 6012 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

2011/07/03 15:41:03.0470 6012 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/07/03 15:41:03.0532 6012 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

2011/07/03 15:41:03.0610 6012 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

2011/07/03 15:41:03.0750 6012 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys

2011/07/03 15:41:03.0922 6012 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

2011/07/03 15:41:03.0953 6012 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

2011/07/03 15:41:04.0094 6012 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

2011/07/03 15:41:04.0156 6012 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

2011/07/03 15:41:04.0281 6012 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

2011/07/03 15:41:04.0312 6012 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

2011/07/03 15:41:04.0421 6012 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

2011/07/03 15:41:04.0468 6012 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

2011/07/03 15:41:04.0577 6012 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/07/03 15:41:04.0624 6012 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/07/03 15:41:04.0733 6012 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

2011/07/03 15:41:04.0764 6012 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

2011/07/03 15:41:04.0796 6012 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

2011/07/03 15:41:04.0920 6012 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/07/03 15:41:04.0952 6012 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

2011/07/03 15:41:05.0045 6012 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

2011/07/03 15:41:05.0092 6012 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

2011/07/03 15:41:05.0201 6012 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys

2011/07/03 15:41:05.0373 6012 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

2011/07/03 15:41:05.0498 6012 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys

2011/07/03 15:41:05.0560 6012 RTL8167 (3e70f9ca3eeb22affaac1a4861a303dc) C:\Windows\system32\DRIVERS\Rt64win7.sys

2011/07/03 15:41:05.0700 6012 RTL8192Ce (ffc748d848740d1bc8f330a8879c2674) C:\Windows\system32\DRIVERS\rtl8192Ce.sys

2011/07/03 15:41:05.0825 6012 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

2011/07/03 15:41:05.0872 6012 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

2011/07/03 15:41:06.0028 6012 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

2011/07/03 15:41:06.0122 6012 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

2011/07/03 15:41:06.0246 6012 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

2011/07/03 15:41:06.0293 6012 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

2011/07/03 15:41:06.0356 6012 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

2011/07/03 15:41:06.0449 6012 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

2011/07/03 15:41:06.0480 6012 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

2011/07/03 15:41:06.0512 6012 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

2011/07/03 15:41:06.0574 6012 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys

2011/07/03 15:41:06.0714 6012 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys

2011/07/03 15:41:06.0761 6012 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys

2011/07/03 15:41:06.0792 6012 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys

2011/07/03 15:41:06.0917 6012 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

2011/07/03 15:41:06.0948 6012 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

2011/07/03 15:41:07.0073 6012 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

2011/07/03 15:41:07.0120 6012 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

2011/07/03 15:41:07.0260 6012 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

2011/07/03 15:41:07.0385 6012 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

2011/07/03 15:41:07.0416 6012 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

2011/07/03 15:41:07.0541 6012 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

2011/07/03 15:41:07.0588 6012 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

2011/07/03 15:41:07.0713 6012 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys

2011/07/03 15:41:07.0869 6012 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\drivers\tcpip.sys

2011/07/03 15:41:08.0040 6012 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\Windows\system32\DRIVERS\tcpip.sys

2011/07/03 15:41:08.0150 6012 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

2011/07/03 15:41:08.0228 6012 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys

2011/07/03 15:41:08.0306 6012 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

2011/07/03 15:41:08.0337 6012 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

2011/07/03 15:41:08.0462 6012 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

2011/07/03 15:41:08.0586 6012 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

2011/07/03 15:41:08.0805 6012 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/07/03 15:41:08.0883 6012 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

2011/07/03 15:41:08.0976 6012 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

2011/07/03 15:41:09.0023 6012 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

2011/07/03 15:41:09.0101 6012 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

2011/07/03 15:41:09.0179 6012 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

2011/07/03 15:41:09.0257 6012 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

2011/07/03 15:41:09.0335 6012 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

2011/07/03 15:41:09.0413 6012 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/07/03 15:41:09.0429 6012 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

2011/07/03 15:41:09.0507 6012 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys

2011/07/03 15:41:09.0585 6012 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys

2011/07/03 15:41:09.0647 6012 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

2011/07/03 15:41:09.0678 6012 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

2011/07/03 15:41:09.0741 6012 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/07/03 15:41:09.0788 6012 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/07/03 15:41:09.0897 6012 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

2011/07/03 15:41:10.0053 6012 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

2011/07/03 15:41:10.0131 6012 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/07/03 15:41:10.0209 6012 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

2011/07/03 15:41:10.0240 6012 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

2011/07/03 15:41:10.0318 6012 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

2011/07/03 15:41:10.0396 6012 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

2011/07/03 15:41:10.0427 6012 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

2011/07/03 15:41:10.0490 6012 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

2011/07/03 15:41:10.0583 6012 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

2011/07/03 15:41:10.0661 6012 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

2011/07/03 15:41:10.0755 6012 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

2011/07/03 15:41:10.0895 6012 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

2011/07/03 15:41:10.0958 6012 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/03 15:41:10.0989 6012 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

2011/07/03 15:41:11.0082 6012 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

2011/07/03 15:41:11.0129 6012 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

2011/07/03 15:41:11.0285 6012 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

2011/07/03 15:41:11.0332 6012 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

2011/07/03 15:41:11.0488 6012 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

2011/07/03 15:41:11.0628 6012 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/07/03 15:41:11.0691 6012 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

2011/07/03 15:41:11.0816 6012 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

2011/07/03 15:41:11.0894 6012 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/07/03 15:41:11.0987 6012 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

2011/07/03 15:41:12.0018 6012 Boot (0x1200) (7be122aa0db68e0fd49141b3ca0a70e0) \Device\Harddisk0\DR0\Partition0

2011/07/03 15:41:12.0065 6012 Boot (0x1200) (49e28da7a97b63d7e0b23fd65774f974) \Device\Harddisk0\DR0\Partition1

2011/07/03 15:41:12.0065 6012 ================================================================================

2011/07/03 15:41:12.0065 6012 Scan finished

2011/07/03 15:41:12.0065 6012 ================================================================================

2011/07/03 15:41:12.0081 1624 Detected object count: 0

2011/07/03 15:41:12.0081 1624 Actual detected object count: 0

 

 

 

 

Puis l'autre rapport :

 

Rapport de ZHPFix 1.12.3332 par Nicolas Coolman, Update du 28/06/2011

Fichier d'export Registre :

Run by Emma at 02/07/2011 23:56:44

Windows 7 Home Premium Edition, 64-bit (Build 7600)

Web site : ZHPFix Fix de rapport

 

========== Dossiers/Fichiers cachés restaurés ==========

Mes images (My Pictures) : 50 Restauré(s) avec succès

Ma musique (My Music) : 1 Restauré(s) avec succès

Ma Video (My Video) : 1 Restauré(s) avec succès

Mes Favoris (My Favorites) : 3 Restauré(s) avec succès

Mes Documents (My Documents) : 4 Restauré(s) avec succès

Mon Bureau (My Desktop) : 1 Restauré(s) avec succès

Menu demarrer (Programs) : 6 Restauré(s) avec succès

Dossier utilisateur (AppData) : 34 Restauré(s) avec succès

Programmes (Program Files) : 13 Restauré(s) avec succès

 

 

========== Récapitulatif ==========

113 : Dossiers/Fichiers cachés restaurés

 

 

========== Chemin du fichier rapport ==========

C:\Program Files (x86)\ZHPDiag\ZHPFixReport.txt

 

 

 

End of the scan in 00mn 05s

 

 

 

Emma

[Apollo]

Bonjour,

 

Comment va l'ordi?

 

Fais ces vérifications de sécurité stp:

 

Apollo Et Compagnie A vérifier de temps en temps, important!

 

Le PSI n'est pas obligatoire mais il peut se révéler utile pour connaître les failles dans diverses applications.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET ONLINE SCANNER

 

Télécharge ESET Online Scanner sur ton Bureau en cliquant sur ce logo:

http://download.eset.com/special/eos/esetsmartinstaller_enu.exe

• Double-clique sur le fichier esetsmartinstaller_enu.exe présent sur ton Bureau pour installer le scanner. Attention: si tu disposes de Windows VISTA, clique droit sur esetsmartinstaller_enu.exe puis sélectionne "exécuter en tant qu'administrateur"
  
• Accepte la licence en cochant la case "YES, i accept the terms of use", puis clique sur le bouton "Start"
  
• Une fois le scanner installé, configure-le en cochant la case "Remove found threats" et en cochant la case "Scan archives" de même que la case "scan for the potentially unsafe applications."
   
  
• Lance la recherche antivirale en cliquant sur le bouton "Start": l'outil se met à jour puis lance le scan: une barre de progression indique où en est la recherche
  
• Quand le scan est terminé, si des virus ont été détectés, clique sur la ligne "List of found threats":
   
  
• Une nouvelle fenêtre aparaît: clique sur "Export to text file" et enregistre le rapport sur ton Bureau en le nommant logESET.txt
  
• Clique sur le bouton "Back" pour retourner à l'interface précédente, puis coche la case "Uninstall application on close"
   
  
• Clique enfin sur le bouton "Finish" puis ferme la fenêtre du scanner
  
• Ouvre le fichier logESET sur ton Bureau et copie-colle son contenu dans ta prochaine réponse
  

 

Nota : ce scan peut être très long et prendre plusieurs heures.

 

@++

[EmmaMene]

Bonjour,

 

 

Alors, je n'ai pas pu avoir de log eset : il amène sur une page pour "purchaser" des versions d'eset avec impossibilité de faire autre chose que "purchase" : pas de logs possible et je l'ai lancé deux fois pour être sûre.

Sinon, il a trouvé 0 threats.

 

Sinon, j'ai fait les mises à jour recommandées dans ton lien (acrobat reader, java, ...)

 

L'ordi semble fonctionner, à part cette box de MBAM au démarrage.

 

Emma

[Apollo]

Re,,

Ok, le mieux à faire est de désinstaller MBAM avec le nettoyeur puis de le réinstaller, mais je pense que si c'est effectivement MalwareBytes qui demande une modification, il faut accepter (s'il a traîté des indésirables). C'est la version gratuite ou payante que tu as?

 

Télécharge mbam-clean sur ton Bureau, exécute le en mode Administrateur pour Vista/7 et double-clic pour XP.

A la demande de redémarrer le PC, accepte.

Suite au redémarrage, supprime le fichier mbam-clean.exe sur ton Bureau, et refais la procédure d'installation et d'analyse complète avec MBAM. (après mise à jour).

 

++