Petits soucis

[Lorak]

Bonjour,

je voudrais être sur qu'il n'y a pas de virus sur mon pc car en ce moment il est un peu

bizar.voici mon rapport:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:16:07, on 30/11/2011

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\ASUS\PC Probe II\Probe2.exe

C:\Program Files (x86)\ASUS\AASP\1.01.12\aaCenter.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Program Files (x86)\Peer2Me\Peer2Me.exe

C:\Program Files (x86)\Opera\opera.exe

C:\Program Files (x86)\VPN Lifeguard\VpnLifeguard.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\TuneUp Utilities 2012\Integrator.exe

C:\Users\Lorak\Desktop\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google Actualités

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix:

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cab

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_5_1_4_1.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F8027F5-0AFC-4C24-B78D-5B3EFB32C4E6}: NameServer = 10.1.1.12

O17 - HKLM\System\CS1\Services\Tcpip\..\{0F8027F5-0AFC-4C24-B78D-5B3EFB32C4E6}: NameServer = 10.1.1.12

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8924 bytes

[Apollo]

Bonsoir,

 

Il ne faut plus utiliser Hijackthis, il n'est plus adapté.

 

ZHPDiag :

 

• Télécharge ZHPDiag de Nicolas Coolman. et enregistre-le sur le BUREAU.
   
   
  
• Double-clique sur ZHPDiag.exe pour lancer l'installation
  
  • Important:
    Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

 

[*]L'outil a créé 2 icônes ZHPDiag et ZHPFix sur le Bureau.

 

[*]Double-clique sur ZHPDiag pour lancer l'exécution

• Important:
  Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

 

[*]Clique sur le tournevis.

[*]Clique sur la loupe pour lancer l'analyse. Tu patientes jusqu'à ce que le scan affiche 100%

Tu refermes ZHPDiag

 

[*]Le rapport ZHPDiag.txt se trouve sur le Bureau. (et sous c:\ZHP\ZHPDiag.txt)

Ce rapport étant trop long pour le forum, héberge le :

• soit directement sur le forum en pièce jointe dans ta réponse : Ajouter un fichier en pièce jointe sur le forum <<< Seulement pour le forum Vista-XP.fr!
  
• soit sur Cjoint et copie-colle le lien fourni dans ta réponse. OU >>
  
• Free large file hosting. Send big files the easy way! copier/coller le tout premier lien fourni.

 

 

@++

[Lorak]

Bonsoir,

 

Il ne faut plus utiliser Hijackthis, il n'est plus adapté.

 

ZHPDiag :

 

• Télécharge ZHPDiag de Nicolas Coolman. et enregistre-le sur le BUREAU.
   
   
  
• Double-clique sur ZHPDiag.exe pour lancer l'installation
  
  • Important:
    Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

 

[*]L'outil a créé 2 icônes ZHPDiag et ZHPFix sur le Bureau.

 

[*]Double-clique sur ZHPDiag pour lancer l'exécution

• Important:
  Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur

 

[*]Clique sur le tournevis.

[*]Clique sur la loupe pour lancer l'analyse. Tu patientes jusqu'à ce que le scan affiche 100%

Tu refermes ZHPDiag

 

[*]Le rapport ZHPDiag.txt se trouve sur le Bureau. (et sous c:\ZHP\ZHPDiag.txt)

Ce rapport étant trop long pour le forum, héberge le :

• soit directement sur le forum en pièce jointe dans ta réponse : Ajouter un fichier en pièce jointe sur le forum <<< Seulement pour le forum Vista-XP.fr!
  
• soit sur Cjoint et copie-colle le lien fourni dans ta réponse. OU >>
  
• Free large file hosting. Send big files the easy way! copier/coller le tout premier lien fourni.

 

 

@++

[Apollo]

Je vais te demander de bien vouloir utiliser le bouton "Ajouter une réponse" afin de ne pas citer chaque fois le post précédent, merci.

 

[Lorak]

Re

"C:\Users\Lorak\Desktop\ZHPDiag.txt"

[Apollo]

Oui bon,

 

Ouvre le fichier texte (zhpdiag), sélectionne tout ce qu'il contient et fais un copié/collé ici tp.

 

@++

[Lorak]

Rapport de ZHPDiag v1.28.2423 par Nicolas Coolman, Update du 27/11/2011

Run by Lorak at 30/11/2011 21:27:11

Web site : ZHPDiag Outil de diagnostic

State : Version à jour.

 

 

---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421 (Defaut)

OPIE: Opera v11.52

OPIE: Opera vv11.52

 

---\\ Windows Product Information

~ Langage: Français

Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

~ Windows® 7, OEM_SLP channel

System Locked Preinstallation (OEM_SLP) : OK

Windows ID Activation : OK

~ Windows Partial Key : HYRR2

Windows License : OK

~ Windows Remaining Initializations Number : 4

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

 

---\\ System Information

~ Processor: AMD64 Family 16 Model 4 Stepping 2, AuthenticAMD

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 6143 MB (56% free)

System Restore: Activé (Enable)

System drive C: has 143 GB (47%) free of 300 GB

 

---\\ Logged in mode

~ Computer Name: LORAK-PC

~ User Name: Lorak

~ All Users Names: Lorak, HomeGroupUser$, Administrateur,

~ Unselected Option: O45,O61,O62,O65,O66,O82,O89

Logged in as Administrator

 

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\Lorak\AppData\Roaming\

~ %Desktop% : C:\Users\Lorak\Desktop\

~ %Favorites% : C:\Users\Lorak\Favorites\

~ %LocalAppData% : C:\Users\Lorak\AppData\Local\

~ %StartMenu% : C:\Users\Lorak\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\system32\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 143 Go of 300 Go)

E:\ Hard drive, Flash drive, Thumb drive (Free 142 Go of 501 Go)

G:\ CD-ROM drive (Not Inserted)

H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

L:\ Hard drive, Flash drive, Thumb drive (Free 166 Go of 431 Go)

M:\ CD-ROM drive (Not Inserted)

 

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK

~ Scan Security Center in 00mn 00s

 

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.19/11/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]

[MD5.DD81D91FF3B0763C392422865C9AC12E] - (....) (.19/11/2011 - 02:39:31.) -- C:\Windows\system32\rundll32.exe [45568]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/11/2011 - 02:39:52.) -- C:\Windows\system32\Wininit.exe [129024]

[MD5.271E8FB1354AA205A214F280A6766E30] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19/11/2011 - 06:17:57.) -- C:\Windows\system32\wininet.dll [1389056]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.19/11/2011 - 14:25:30.) -- C:\Windows\system32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.19/11/2011 - 14:27:26.) -- C:\Windows\system32\sppcomapi.dll [232448]

[MD5.0D57D091E06BB1E58E72E5D08479FDDF] - (....) (.19/11/2011 - 14:07:20.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480]

[MD5.D5B031C308A409A0A576BFF4CF083D30] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.19/11/2011 - 03:34:03.) -- C:\Windows\system32\drivers\AFD.sys [499200]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.19/11/2011 - 02:52:21.) -- C:\Windows\system32\drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/11/2011 - 00:19:47.) -- C:\Windows\system32\drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/11/2011 - 10:19:21.) -- C:\Windows\system32\drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/11/2011 - 10:26:32.) -- C:\Windows\system32\drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.19/11/2011 - 11:43:43.) -- C:\Windows\system32\drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.19/11/2011 - 00:19:57.) -- C:\Windows\system32\drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.19/11/2011 - 01:10:03.) -- C:\Windows\system32\drivers\IpNat.sys [116224]

[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.19/11/2011 - 03:40:40.) -- C:\Windows\system32\drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.19/11/2011 - 10:23:20.) -- C:\Windows\system32\drivers\netBT.sys [261632]

[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.19/11/2011 - 07:41:34.) -- C:\Windows\system32\drivers\ntfs.sys [1659776]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.19/11/2011 - 01:00:41.) -- C:\Windows\system32\drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/11/2011 - 11:52:35.) -- C:\Windows\system32\drivers\Rasl2tp.sys [129536]

[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.19/11/2011 - 12:06:41.) -- C:\Windows\system32\drivers\rdpdr.sys [165888]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.19/11/2011 - 01:09:09.) -- C:\Windows\system32\drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.19/11/2011 - 10:21:56.) -- C:\Windows\system32\drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.19/11/2011 - 14:34:02.) -- C:\Windows\system32\drivers\volsnap.sys [295808]

~ Scan Generic Processes in 00mn 00s

 

 

 

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 2/4

~ Mes musiques (My Musics) : 2/4

~ Mes Videos (My Videos) : 1/3

~ Mes Favoris (My Favorites) : 3/40

~ Mes Documents (My Documents) : 1/610

~ Menu demarrer (Programs) : 7/26

~ Scan Hidden Files in 00mn 01s

 

 

 

---\\ Processus lancés

[MD5.E5DEE383D8DA636382045CC09CA73AED] - (.ASUSTeK Computer Inc. - Pas de description.) -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [7275008] [PID.2140]

[MD5.7DFCCC67990B6DE7F30F553A4E4612A4] - (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe [495616] [PID.2760]

[MD5.478515FA22E17C4CA7177B3305630FA4] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [258512] [PID.3060]

[MD5.AF7E3264968EA4B864F78556515FB1CC] - (.ASUSTeK Computer Inc. - PC Probe II.) -- C:\Program Files (x86)\ASUS\PC Probe II\Probe2.exe [2166912] [PID.4068]

[MD5.F3FC2C8F5F02959489B9C8AF05173CC7] - (.ASUSTeK Computer Inc. - Pas de description.) -- C:\Program Files (x86)\ASUS\AASP\1.01.12\aaCenter.exe [632448] [PID.2436]

[MD5.4A0F6440634BE2B598E2F68DDA2C0129] - (.Mozilla Messaging - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [399512] [PID.4788]

[MD5.1EC63FD92C2A31EEC918BB88FDD9F7F0] - (...) -- C:\Program Files (x86)\Peer2Me\Peer2Me.exe [49152] [PID.4836]

[MD5.99C904854E154E903C8EAC4329DD48C2] - (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe [947056] [PID.2024]

[MD5.39D309E9E35725D11AADDE498032B911] - (.Philippe734 - VPN Lifeguard.) -- C:\Program Files (x86)\VPN Lifeguard\VpnLifeguard.exe [196608] [PID.3620]

[MD5.BCE1D8C2BFB38D9F26EFC5464A033533] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe [641400] [PID.5104]

[MD5.3851F104F5C445C6CDC77E1816E5174C] - (.TuneUp Software - TuneUp Utilities - Interface de démarrage.) -- C:\Program Files (x86)\TuneUp Utilities 2012\Integrator.exe [1116480] [PID.4468]

[MD5.A29999E6CF54648B4C9DA986A0AEB325] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [707072] [PID.292]

[MD5.72709089A54BDC1C5B16BC4A4B926567] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224] [PID.]

[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.]

[MD5.42F88BFBB76F7A63E381829479B18518] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032] [PID.]

[MD5.E781164C7D47950E3D218C84B2901CB2] - (...) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112] [PID.]

[MD5.3A2BDD76E7D2A5F40A7174793D1BA794] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [75136] [PID.]

~ Scan Processes Running in 00mn 00s

 

 

 

---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1)

B0 - SPO: operaprefs.ini [Lorak] Home URL=http://news.google.fr/

~ Scan Opera Browser in 00mn 00s

 

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll

~ Scan Firefox Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google Actualités

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search Microsoft.com

R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Search Microsoft.com

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0

R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0

~ Scan IE Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

 

 

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Redirection du fichier Hosts (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO [64Bits] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype Click to Call for Internet Explorer.) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

~ Scan BHO in 00mn 00s

 

 

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKCU\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe

O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

O4 - HKLM\..\Wow6432Node\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe

O4 - HKUS\S-1-5-21-3606147994-3904090742-1213292612-1001\..\Run: [RocketDock] . (...) -- C:\Program Files (x86)\RocketDock\RocketDock.exe

O4 - HKUS\S-1-5-21-3606147994-3904090742-1213292612-1001\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

~ Scan Application in 00mn 00s

 

 

 

---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Users\Lorak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Lorak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CrystalDiskInfo.lnk . (.Crystal Dew World.) -- C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe

O4 - Global Startup: C:\Users\Lorak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\Lorak\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk . (.Mozilla Messaging.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

~ Scan Global Startup in 00mn 00s

 

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: Google Sidewiki... - (.not file.) - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll

~ Scan IE Menu Contextuel in 00mn 00s

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corporation - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

~ Scan Winsock in 00mn 00s

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{0F8027F5-0AFC-4C24-B78D-5B3EFB32C4E6}: NameServer = 10.1.1.12

O17 - HKLM\System\CCS\Services\Tcpip\..\{67B002B7-10B5-4D83-A869-52C1D690549E}: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CS1\Services\Tcpip\..\{0F8027F5-0AFC-4C24-B78D-5B3EFB32C4E6}: NameServer = 10.1.1.12

O17 - HKLM\System\CS1\Services\Tcpip\..\{67B002B7-10B5-4D83-A869-52C1D690549E}: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CS2\Services\Tcpip\..\{67B002B7-10B5-4D83-A869-52C1D690549E}: DhcpNameServer = 212.27.40.240 212.27.40.241

~ Scan Domain in 00mn 00s

 

 

 

---\\ Protocole additionnel (O18)

O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll

O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll

O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll

O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: skype-ie-addon-data [64Bits] - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype Click to Call for Internet Explorer.) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll

O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll

O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll

O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll

~ Scan Protocole Additionnel in 00mn 00s

 

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

~ Scan SSODL in 00mn 00s

 

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe

O23 - Service: AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Avira Scheduler (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG - Avira Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Realtime Protection (AntiVirService) . (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) . (...) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\SysWOW64\PnkBstrA.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) . (.TuneUp Software - TuneUp Utilities Service.) - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

~ Scan Services in 00mn 00s

 

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

~ Scan Desktop Component in 00mn 00s

 

 

 

---\\ BootExecute (O34)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

~ Scan Keys in 00mn 00s

 

 

 

---\\ Tâches planifiées en automatique (O39)

[MD5.86619C72F17B6511DD05D5DCEF4C1BD4] [APT] [TuneUpUtilities_Task_BkGndMaintenance2012] (.TuneUp Software.) -- C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe

[MD5.9338A77C9FA83B346D3C32B0CE76DB52] [APT] [{22A6F29B-11A6-4742-AF53-6AEA5FC93333}] (.VSO Software SARL.) -- C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe

[MD5.A35B6619C5D1A519EC4B521F665414C1] [APT] [ASUS RegRun Loader] (.ASUSTeK Computer Inc..) -- C:\Program Files (x86)\ASUS\AASP\1.01.12\AsLoader.exe

[MD5.E5DEE383D8DA636382045CC09CA73AED] [APT] [ASUS SIX Engine] (.ASUSTeK Computer Inc..) -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe

[MD5.F4AD88FF508A573E3EC7C8E0E4760328] [APT] [ASUS Update Checker] (.ASUSTeK Computer Inc..) -- C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe

~ Scan Scheduled Task in 00mn 03s

 

 

 

---\\ Composants installés (ActiveSetup Installed Components) (O40)

O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d’IEAK.) -- C:\Windows\System32\iedkcs32.dll

O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll

O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll

O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll

~ Scan Active Setup in 00mn 00s

 

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (AsIO) . (...) - C:\Windows\Syswow64\drivers\AsIO.sys

O41 - Driver: (AsUpIO) . (...) - C:\Windows\Syswow64\drivers\AsUpIO.sys

O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\system32\DRIVERS\avipbb.sys

O41 - Driver: (avkmgr) . (.Avira GmbH - Avira Manager Driver.) - C:\Windows\system32\DRIVERS\avkmgr.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys

O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\system32\drivers\csc.sys

O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys

O41 - Driver: (dtsoftbus01) . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) - C:\Windows\system32\DRIVERS\dtsoftbus01.sys

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys

O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\system32\DRIVERS\serial.sys

O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys

~ Scan Drivers in 00mn 00s

 

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: AMD Catalyst Install Manager - (.Advanced Micro Devices, Inc..) [HKLM] -- {B858CA94-FAA0-3663-01AE-0B0798C61657}

O42 - Logiciel: ASUSUpdate - (.ASUSTeK Computer Inc..) [HKLM] -- {587178E7-B1DF-494E-9838-FA4DD36E873C}

O42 - Logiciel: Adobe Flash Player 11 ActiveX 64-bit - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 11 Plugin 64-bit - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Reader X (10.1.1) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}

O42 - Logiciel: Assassin's Creed Revelations - (.Ubisoft.) [HKLM] -- {33A22B2D-55BA-4508-B767-BF2E9C21A73F}

O42 - Logiciel: Avira Free Antivirus - (.Avira.) [HKLM] -- Avira AntiVir Desktop

O42 - Logiciel: Battlefield 3™ - (.Electronic Arts.) [HKLM] -- {76285C16-411A-488A-BCE3-C83CB933D8CF}

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1

O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {19A492A0-888F-44A0-9B21-D91700763F62}

O42 - Logiciel: ConvertXtoDVD 4.1.19.365 - (.Pas de propriétaire.) [HKLM] -- {DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1

O42 - Logiciel: CrystalDiskInfo 4.1.3 - (.Crystal Dew World.) [HKLM] -- CrystalDiskInfo_is1

O42 - Logiciel: DAEMON Tools Lite - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Lite

O42 - Logiciel: Driver Genius Professional Edition - (.Driver-Soft Inc..) [HKLM] -- Driver Genius Professional Edition_is1

O42 - Logiciel: EPSON Scan - (.Pas de propriétaire.) [HKLM] -- EPSON Scanner

O42 - Logiciel: EPU-6 Engine - (.Pas de propriétaire.) [HKLM] -- {56B83336-FBC1-4C46-8613-90A9E3B440D6}

O42 - Logiciel: F1 2010 - (.Codemasters.) [HKLM] -- {434D0831-A4CC-401A-9E74-621000018401}

O42 - Logiciel: F1 2010 - (.Codemasters.) [HKLM] -- {434D0831-A4CC-401A-9E74-621000018402}

O42 - Logiciel: F1 2010 - (.Codemasters.) [HKLM] -- {434D0831-A4CC-401A-9E74-621000018403}

O42 - Logiciel: F1 2011 - (.Codemasters.) [HKLM] -- {434D0FA1-A4CC-401A-9E74-621000018101}

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: ICQ7.6 - (.ICQ.) [HKLM] -- {7644E42D-B096-457F-8B5B-901238FC81AE}

O42 - Logiciel: Internet TV pour Windows Media Center - (.Microsoft Corporation.) [HKLM] -- {9D318C86-AF4C-409F-A6AC-7183FF4CF424}

O42 - Logiciel: Java 6 Update 29 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216026FF}

O42 - Logiciel: Ma-Config.com - (.Cybelsoft.) [HKLM] -- {A4EF9D8B-E19B-45ED-BFAF-CB4364574FFF}

O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.2.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}

O42 - Logiciel: Microsoft Games for Windows - LIVE Redistributable - (.Microsoft Corporation.) [HKLM] -- {F2508213-9989-4E85-A078-72BE483917EF}

O42 - Logiciel: Microsoft Games for Windows Marketplace - (.Microsoft Corporation.) [HKLM] -- {4CB0307C-565E-4441-86BE-0DF2E4FB828C}

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 - (.Microsoft Corporation.) [HKLM] -- {820B6609-4C97-3A2B-B644-573B06A0F0CC}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}

O42 - Logiciel: Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 - (.Microsoft Corporation.) [HKLM] -- {DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}

O42 - Logiciel: Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 - (.Microsoft Corporation.) [HKLM] -- {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack

O42 - Logiciel: Mozilla Thunderbird (8.0) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird (8.0)

O42 - Logiciel: Next Generation Visualisations - (. Microsoft.) [HKLM] -- {2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}

O42 - Logiciel: OpenAL - (.Pas de propriétaire.) [HKLM] -- OpenAL

O42 - Logiciel: OpenOffice.org 3.3 - (.OpenOffice.org.) [HKLM] -- {7E0610A2-E336-40B3-B685-C4905E97EC9A}

O42 - Logiciel: Opera 11.52 - (.Opera Software ASA.) [HKLM] -- Opera 11.52.1100

O42 - Logiciel: PC Probe II - (.ASUSTeK Computer Inc..) [HKLM] -- {F7338FA3-DAB5-49B2-900D-0AFB5760C166}

O42 - Logiciel: Peer2Me - (.Peer2Me.) [HKLM] -- {C783600B-C726-4481-9BBE-06F560CF8968}

O42 - Logiciel: PlayReady PC Runtime amd64 - (.Microsoft Corporation.) [HKLM] -- {BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}

O42 - Logiciel: PunkBuster Services - (.Pas de propriétaire.) [HKLM] -- PunkBusterSvc

O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}

O42 - Logiciel: Realtek HDMI Audio Driver for ATI - (.Realtek Semiconductor Corp..) [HKLM] -- {5449FB4F-1802-4D5B-A6D8-087DB1142147}

O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}

O42 - Logiciel: RocketDock 1.3.5 - (.Punk Software.) [HKLM] -- RocketDock_is1

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078

O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2478663

O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2518870

O42 - Logiciel: Skype Click to Call - (.Skype Technologies S.A..) [HKLM] -- {B6CF2967-C81E-40C0-9815-C05774FEF120}

O42 - Logiciel: Skype™ 5.5 - (.Skype Technologies S.A..) [HKLM] -- {AA59DDE4-B672-4621-A016-4C248204957A}

O42 - Logiciel: TuneUp Utilities 2012 - (.TuneUp Software.) [HKLM] -- TuneUp Utilities 2012

O42 - Logiciel: Ubisoft Game Launcher - (.UBISOFT.) [HKLM] -- {888F1505-C2B3-4FDE-835D-36353EBD4754}

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2473228) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523

O42 - Logiciel: VLC media player 1.1.11 - (.VideoLAN.) [HKLM] -- VLC media player

O42 - Logiciel: VPN Lifeguard - (.Pas de propriétaire.) [HKLM] -- VPN Lifeguard 1.4.12_is1

O42 - Logiciel: WinRAR 4.01 (64-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver

O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {9B48B0AC-C813-4174-9042-476A887592C7}

O42 - Logiciel: Windows Media Center Add-in for Silverlight - (.Microsoft Corporation.) [HKLM] -- {0EDBEB2B-7C8D-42E6-8312-0F84394A3223}

O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKLM] -- uTorrent

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\ASUS]

[HKCU\Software\ATI]

[HKCU\Software\Adobe]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Avira]

[HKCU\Software\BitTorrent]

[HKCU\Software\BlueRippleSound]

[HKCU\Software\Canneverbe Limited]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\Codemasters]

[HKCU\Software\DT Soft]

[HKCU\Software\EPSON]

[HKCU\Software\Eidos]

[HKCU\Software\Gabest]

[HKCU\Software\Google]

[HKCU\Software\JavaSoft]

[HKCU\Software\Local AppWizard-Generated Applications]

[HKCU\Software\Macromedia]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\Netscape]

[HKCU\Software\OpenOffice.org]

[HKCU\Software\Opera Software]

[HKCU\Software\Peer2Me]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\PopCap]

[HKCU\Software\Realtek]

[HKCU\Software\RocketDock]

[HKCU\Software\Skype]

[HKCU\Software\SoftVTU]

[HKCU\Software\SpinTop]

[HKCU\Software\THETA AnIn]

[HKCU\Software\Trolltech]

[HKCU\Software\TuneUp]

[HKCU\Software\VSO]

[HKCU\Software\Valve]

[HKCU\Software\WinRAR SFX]

[HKCU\Software\WinRAR]

[HKCU\Software\Wow6432Node]

[HKCU\Software\YahooPartnerToolbar]

[HKCU\Software\cybelsoft]

[HKLM\Software\AMD]

[HKLM\Software\ASUS]

[HKLM\Software\ATI Technologies]

[HKLM\Software\ATI]

[HKLM\Software\Aardwork]

[HKLM\Software\Adobe]

[HKLM\Software\Avira]

[HKLM\Software\BlueRippleSound]

[HKLM\Software\BrowserChoice]

[HKLM\Software\Canneverbe Limited]

[HKLM\Software\Caphyon]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\DICE]

[HKLM\Software\DT Soft]

[HKLM\Software\DTS]

[HKLM\Software\Dolby]

[HKLM\Software\Driver-Soft]

[HKLM\Software\EA Games]

[HKLM\Software\EPSON]

[HKLM\Software\Electronic Arts]

[HKLM\Software\Even Balance]

[HKLM\Software\Gabest]

[HKLM\Software\Google]

[HKLM\Software\ICQ]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\Knowles]

[HKLM\Software\Licenses]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\Mirabilis]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\Netscape]

[HKLM\Software\ODBC]

[HKLM\Software\OpenOffice.org]

[HKLM\Software\Opera Software]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\RTLSetup]

[HKLM\Software\Realtek Semiconductor Corp.]

[HKLM\Software\Realtek]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\SRS Labs]

[HKLM\Software\Skype]

[HKLM\Software\SonicFocus]

[HKLM\Software\Sonic]

[HKLM\Software\TrendMicro]

[HKLM\Software\TuneUp]

[HKLM\Software\Ubisoft]

[HKLM\Software\VSO]

[HKLM\Software\VideoLAN]

[HKLM\Software\Volatile]

[HKLM\Software\Waves Audio]

[HKLM\Software\WinRAR]

[HKLM\Software\Windows]

[HKLM\Software\Wow6432Node]

[HKLM\Software\X-AVCSD]

[HKLM\Software\cybelsoft]

[HKLM\Software\mozilla.org]

~ Scan Softwares in 00mn 00s

 

 

 

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 17/06/2011 - 16:00:56 - [23,096] ----D- C:\Program Files\ATI

O43 - CFD: 15/11/2011 - 23:37:26 - [5,104] ----D- C:\Program Files\ATI Technologies

O43 - CFD: 29/11/2011 - 20:48:08 - [8,443] ----D- C:\Program Files\CCleaner

O43 - CFD: 14/07/2009 - 04:20:10 - [67,725] ----D- C:\Program Files\Common Files

O43 - CFD: 08/04/2011 - 16:42:08 - [86,076] ----D- C:\Program Files\DVD Maker

O43 - CFD: 08/04/2011 - 15:08:44 - [0] -SH-D- C:\Program Files\Fichiers communs

O43 - CFD: 25/07/2011 - 15:39:28 - [0] ----D- C:\Program Files\Google

O43 - CFD: 12/10/2011 - 14:59:06 - [6,345] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 14/07/2009 - 16:35:14 - [142,324] ----D- C:\Program Files\Microsoft Games

O43 - CFD: 14/07/2009 - 06:32:40 - [0,025] ----D- C:\Program Files\MSBuild

O43 - CFD: 26/04/2011 - 00:48:26 - [2,078] ----D- C:\Program Files\PlayReady

O43 - CFD: 21/08/2011 - 18:16:42 - [36,730] ----D- C:\Program Files\Realtek

O43 - CFD: 14/07/2009 - 06:32:40 - [35,109] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 14/07/2009 - 06:09:28 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 08/04/2011 - 16:42:06 - [3,853] ----D- C:\Program Files\Windows Defender

O43 - CFD: 08/04/2011 - 16:42:08 - [8,797] ----D- C:\Program Files\Windows Journal

O43 - CFD: 08/04/2011 - 16:42:08 - [6,359] ----D- C:\Program Files\Windows Mail

O43 - CFD: 08/04/2011 - 16:42:08 - [7,331] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 08/04/2011 - 15:08:44 - [12,043] ----D- C:\Program Files\Windows NT

O43 - CFD: 08/04/2011 - 16:42:08 - [5,261] ----D- C:\Program Files\Windows Photo Viewer

O43 - CFD: 08/04/2011 - 16:42:08 - [0,233] ----D- C:\Program Files\Windows Portable Devices

O43 - CFD: 08/04/2011 - 16:42:08 - [7,041] ----D- C:\Program Files\Windows Sidebar

O43 - CFD: 18/07/2011 - 15:43:44 - [5,689] ----D- C:\Program Files\WinRAR

O43 - CFD: 17/04/2011 - 19:45:04 - [55,512] ----D- C:\Program Files\Common Files\Microsoft Shared

O43 - CFD: 14/07/2009 - 04:20:10 - [0,003] ----D- C:\Program Files\Common Files\Services

O43 - CFD: 14/07/2009 - 04:20:10 - [0,581] ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 08/11/2011 - 19:14:38 - [11,629] ----D- C:\Program Files\Common Files\System

O43 - CFD: 19/06/2011 - 17:16:10 - [0,000] ----D- C:\ProgramData\Adobe

O43 - CFD: 15/11/2011 - 23:37:22 - [0,001] ----D- C:\ProgramData\AMD

O43 - CFD: 14/07/2009 - 06:08:58 - [0] -SH-D- C:\ProgramData\Application Data

O43 - CFD: 15/11/2011 - 23:11:36 - [1,098] ----D- C:\ProgramData\ATI

O43 - CFD: 30/10/2011 - 13:01:02 - [5,123] ----D- C:\ProgramData\Avira

O43 - CFD: 08/04/2011 - 15:08:44 - [0] -SH-D- C:\ProgramData\Bureau

O43 - CFD: 12/04/2011 - 17:13:20 - [0] ----D- C:\ProgramData\Canneverbe Limited

O43 - CFD: 22/09/2011 - 16:24:20 - [-96,484] ----D- C:\ProgramData\Codemasters

O43 - CFD: 28/04/2011 - 15:02:48 - [0,001] ----D- C:\ProgramData\DAEMON Tools Lite

O43 - CFD: 14/07/2009 - 06:08:58 - [0] -SH-D- C:\ProgramData\Desktop

O43 - CFD: 14/07/2009 - 06:08:58 - [0] -SH-D- C:\ProgramData\Documents

O43 - CFD: 24/07/2011 - 14:41:02 - [0,004] -SH-D- C:\ProgramData\DSS

O43 - CFD: 08/04/2011 - 15:08:44 - [0] -SH-D- C:\ProgramData\Favoris

O43 - CFD: 14/07/2009 - 06:08:58 - [0] -SH-D- C:\ProgramData\Favorites

O43 - CFD: 30/09/2011 - 16:23:06 - [1,226] ----D- C:\ProgramData\ma-config.com

O43 - CFD: 08/04/2011 - 18:49:46 - [16,504] ----D- C:\ProgramData\Malwarebytes

O43 - CFD: 08/04/2011 - 15:08:44 - [0] -SH-D- C:\ProgramData\Menu Démarrer

O43 - CFD: 16/04/2011 - 15:16:24 - [123,750] -S--D- C:\ProgramData\Microsoft

O43 - CFD: 08/04/2011 - 15:08:44 - [0] -SH-D- C:\ProgramData\Modèles

O43 - CFD: 26/09/2011 - 17:54:50 - [40,053] ----D- C:\ProgramData\Skype

O43 - CFD: 13/06/2011 - 16:09:40 - [78,065] ----D- C:\ProgramData\SpinTop Games

O43 - CFD: 14/07/2009 - 06:08:58 - [0] -SH-D- C:\ProgramData\Start Menu

O43 - CFD: 07/07/2011 - 13:07:52 - [0,000] ----D- C:\ProgramData\Sun

O43 - CFD: 01/08/2011 - 18:47:34 - [0] ---AD- C:\ProgramData\TEMP

O43 - CFD: 14/07/2009 - 06:08:58 - [0] -SH-D- C:\ProgramData\Templates

O43 - CFD: 20/10/2011 - 14:11:30 - [46,763] ----D- C:\ProgramData\TuneUp Software

O43 - CFD: 27/11/2011 - 00:09:36 - [0] ----D- C:\ProgramData\Ubisoft

O43 - CFD: 15/04/2011 - 22:32:46 - [0,000] ----D- C:\ProgramData\vsosdk

O43 - CFD: 08/04/2011 - 22:26:20 - [17,617] -SH-D- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

O43 - CFD: 20/10/2011 - 14:10:38 - [22,677] -SH-D- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

O43 - CFD: 12/04/2011 - 13:23:46 - [4,692] ----D- C:\Users\Lorak\AppData\Roaming\Adobe

O43 - CFD: 08/04/2011 - 19:29:54 - [0] ----D- C:\Users\Lorak\AppData\Roaming\ATI

O43 - CFD: 30/10/2011 - 13:05:38 - [0] ----D- C:\Users\Lorak\AppData\Roaming\Avira

O43 - CFD: 12/04/2011 - 17:13:20 - [0,002] ----D- C:\Users\Lorak\AppData\Roaming\Canneverbe Limited

O43 - CFD: 30/11/2011 - 01:23:12 - [0,000] ----D- C:\Users\Lorak\AppData\Roaming\DAEMON Tools Lite

O43 - CFD: 24/04/2011 - 01:37:44 - [0,000] ----D- C:\Users\Lorak\AppData\Roaming\dvdcss

O43 - CFD: 22/07/2011 - 14:16:24 - [0] ----D- C:\Users\Lorak\AppData\Roaming\Google

O43 - CFD: 29/11/2011 - 19:08:16 - [0,087] ----D- C:\Users\Lorak\AppData\Roaming\ICQ

O43 - CFD: 08/04/2011 - 15:09:06 - [0] ----D- C:\Users\Lorak\AppData\Roaming\Identities

O43 - CFD: 10/04/2011 - 14:15:20 - [0] ----D- C:\Users\Lorak\AppData\Roaming\InstallShield

O43 - CFD: 08/04/2011 - 17:08:02 - [0,010] ----D- C:\Users\Lorak\AppData\Roaming\Macromedia

O43 - CFD: 08/04/2011 - 18:49:50 - [0,004] ----D- C:\Users\Lorak\AppData\Roaming\Malwarebytes

O43 - CFD: 14/07/2009 - 16:35:04 - [0] ----D- C:\Users\Lorak\AppData\Roaming\Media Center Programs

O43 - CFD: 10/05/2011 - 14:47:54 - [0] ----D- C:\Users\Lorak\AppData\Roaming\Media Player Classic

O43 - CFD: 13/04/2011 - 16:24:52 - [1,092] -S--D- C:\Users\Lorak\AppData\Roaming\Microsoft

O43 - CFD: 08/04/2011 - 21:11:28 - [0] ----D- C:\Users\Lorak\AppData\Roaming\Mozilla

O43 - CFD: 07/07/2011 - 13:02:18 - [1,447] ----D- C:\Users\Lorak\AppData\Roaming\OpenOffice.org

O43 - CFD: 08/04/2011 - 17:42:24 - [0,460] ----D- C:\Users\Lorak\AppData\Roaming\Opera

O43 - CFD: 27/11/2011 - 00:05:58 - [2,979] ----D- C:\Users\Lorak\AppData\Roaming\PunkBuster

O43 - CFD: 29/11/2011 - 18:52:16 - [1,600] ----D- C:\Users\Lorak\AppData\Roaming\Skype

O43 - CFD: 08/04/2011 - 21:11:54 - [114,445] ----D- C:\Users\Lorak\AppData\Roaming\Thunderbird

O43 - CFD: 20/10/2011 - 14:11:30 - [0,081] ----D- C:\Users\Lorak\AppData\Roaming\TuneUp Software

O43 - CFD: 30/11/2011 - 21:27:16 - [3,643] ----D- C:\Users\Lorak\AppData\Roaming\uTorrent

O43 - CFD: 21/08/2011 - 18:32:30 - [1,037] ----D- C:\Users\Lorak\AppData\Roaming\vlc

O43 - CFD: 15/11/2011 - 18:54:44 - [0,412] ----D- C:\Users\Lorak\AppData\Roaming\Vso

O43 - CFD: 18/07/2011 - 15:44:10 - [1,180] ----D- C:\Users\Lorak\AppData\Roaming\WinRAR

O43 - CFD: 26/08/2011 - 17:54:50 - [0,001] ----D- C:\Users\Lorak\AppData\Local\28050

O43 - CFD: 28/06/2011 - 15:20:06 - [0,000] ----D- C:\Users\Lorak\AppData\Local\Activision

O43 - CFD: 12/04/2011 - 13:23:46 - [14,442] ----D- C:\Users\Lorak\AppData\Local\Adobe

O43 - CFD: 08/04/2011 - 19:30:00 - [0,000] ----D- C:\Users\Lorak\AppData\Local\AMD

O43 - CFD: 08/04/2011 - 15:08:56 - [0] -SH-D- C:\Users\Lorak\AppData\Local\Application Data

O43 - CFD: 08/04/2011 - 19:29:54 - [0,105] ----D- C:\Users\Lorak\AppData\Local\ATI

O43 - CFD: 17/06/2011 - 17:39:40 - [0,001] ----D- C:\Users\Lorak\AppData\Local\Darksiders

O43 - CFD: 18/11/2011 - 16:37:22 - [14,406] ----D- C:\Users\Lorak\AppData\Local\Downloaded Installations

O43 - CFD: 25/09/2011 - 13:08:56 - [0,002] ----D- C:\Users\Lorak\AppData\Local\dxhr

O43 - CFD: 22/07/2011 - 17:37:18 - [0] ----D- C:\Users\Lorak\AppData\Local\Google

O43 - CFD: 08/04/2011 - 15:08:56 - [0] -SH-D- C:\Users\Lorak\AppData\Local\Historique

O43 - CFD: 16/04/2011 - 20:52:40 - [146,127] ----D- C:\Users\Lorak\AppData\Local\Microsoft

O43 - CFD: 08/04/2011 - 17:42:24 - [91,037] ----D- C:\Users\Lorak\AppData\Local\Opera

O43 - CFD: 28/06/2011 - 15:20:06 - [0,000] ----D- C:\Users\Lorak\AppData\Local\SKIDROW

O43 - CFD: 30/11/2011 - 21:27:40 - [1,313] ----D- C:\Users\Lorak\AppData\Local\Temp

O43 - CFD: 08/04/2011 - 15:08:56 - [0] -SH-D- C:\Users\Lorak\AppData\Local\Temporary Internet Files

O43 - CFD: 01/05/2011 - 15:02:46 - [5,241] ----D- C:\Users\Lorak\AppData\Local\Thunderbird

O43 - CFD: 27/11/2011 - 00:45:02 - [0,000] ----D- C:\Users\Lorak\AppData\Local\Ubisoft Game Launcher

O43 - CFD: 06/10/2011 - 17:30:12 - [0] ----D- C:\Users\Lorak\AppData\Local\uTorrent

O43 - CFD: 08/04/2011 - 15:09:04 - [0] ----D- C:\Users\Lorak\AppData\Local\VirtualStore

O43 - CFD: 19/06/2011 - 17:16:06 - [157,103] ----D- C:\Program Files (x86)\Adobe

O43 - CFD: 28/07/2011 - 17:26:22 - [60,493] ----D- C:\Program Files (x86)\ASUS

O43 - CFD: 01/11/2011 - 14:53:44 - [41,087] ----D- C:\Program Files (x86)\ATI Technologies

O43 - CFD: 30/10/2011 - 13:01:02 - [158,677] ----D- C:\Program Files (x86)\Avira

O43 - CFD: 14/11/2011 - 15:42:16 - [-255,311] ----D- C:\Program Files (x86)\Battlefield 3

O43 - CFD: 28/11/2011 - 15:55:50 - [12,250] ----D- C:\Program Files (x86)\CDBurnerXP

O43 - CFD: 13/11/2011 - 17:04:26 - [77,863] ----D- C:\Program Files (x86)\Common Files

O43 - CFD: 22/10/2011 - 13:37:58 - [3,397] ----D- C:\Program Files (x86)\CrystalDiskInfo

O43 - CFD: 10/11/2011 - 21:32:08 - [23,312] ----D- C:\Program Files (x86)\DAEMON Tools Lite

O43 - CFD: 08/04/2011 - 17:37:56 - [23,576] ----D- C:\Program Files (x86)\Driver-Soft

O43 - CFD: 10/04/2011 - 14:16:16 - [5,481] ----D- C:\Program Files (x86)\epson

O43 - CFD: 08/11/2011 - 16:06:32 - [47,887] ----D- C:\Program Files (x86)\ICQ7.6

O43 - CFD: 27/11/2011 - 00:05:26 - [40,595] --H-D- C:\Program Files (x86)\InstallShield Installation Information

O43 - CFD: 12/10/2011 - 14:59:06 - [4,915] ----D- C:\Program Files (x86)\Internet Explorer

O43 - CFD: 06/11/2011 - 14:53:12 - [84,496] ----D- C:\Program Files (x86)\Java

O43 - CFD: 30/09/2011 - 16:23:06 - [6,210] ----D- C:\Program Files (x86)\ma-config.com

O43 - CFD: 13/09/2011 - 05:33:18 - [6,720] ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware

O43 - CFD: 06/05/2011 - 11:30:10 - [8,929] ----D- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

O43 - CFD: 12/10/2011 - 15:03:06 - [36,633] ----D- C:\Program Files (x86)\Microsoft Silverlight

O43 - CFD: 08/04/2011 - 16:51:08 - [0,015] ----D- C:\Program Files (x86)\Microsoft.NET

O43 - CFD: 24/11/2011 - 15:48:52 - [39,645] ----D- C:\Program Files (x86)\Mozilla Thunderbird

O43 - CFD: 14/07/2009 - 06:32:40 - [0,025] ----D- C:\Program Files (x86)\MSBuild

O43 - CFD: 16/04/2011 - 15:25:00 - [0,772] ----D- C:\Program Files (x86)\OpenAL

O43 - CFD: 07/07/2011 - 13:00:48 - [338,128] ----D- C:\Program Files (x86)\OpenOffice.org 3

O43 - CFD: 20/10/2011 - 13:57:10 - [32,526] ----D- C:\Program Files (x86)\Opera

O43 - CFD: 19/11/2011 - 18:33:12 - [0,678] ----D- C:\Program Files (x86)\Peer2Me

O43 - CFD: 24/10/2011 - 11:48:28 - [5,745] ----D- C:\Program Files (x86)\Realtek

O43 - CFD: 14/07/2009 - 06:32:40 - [37,345] ----D- C:\Program Files (x86)\Reference Assemblies

O43 - CFD: 08/04/2011 - 21:15:52 - [26,523] ----D- C:\Program Files (x86)\RocketDock

O43 - CFD: 16/10/2011 - 10:19:58 - [31,089] R---D- C:\Program Files (x86)\Skype

O43 - CFD: 24/10/2011 - 11:51:30 - [0] --H-D- C:\Program Files (x86)\Temp

O43 - CFD: 28/11/2011 - 15:54:42 - [75,297] ----D- C:\Program Files (x86)\TuneUp Utilities 2012

O43 - CFD: 27/11/2011 - 00:05:26 - [705,679] ----D- C:\Program Files (x86)\Ubisoft

O43 - CFD: 14/07/2009 - 05:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information

O43 - CFD: 20/10/2011 - 10:45:04 - [0,612] ----D- C:\Program Files (x86)\uTorrent

O43 - CFD: 06/06/2011 - 16:38:14 - [81,156] ----D- C:\Program Files (x86)\VideoLAN

O43 - CFD: 30/10/2011 - 12:26:20 - [0,916] ----D- C:\Program Files (x86)\VPN Lifeguard

O43 - CFD: 15/04/2011 - 17:56:06 - [65,156] ----D- C:\Program Files (x86)\VSO

O43 - CFD: 14/07/2009 - 16:24:10 - [0,500] ----D- C:\Program Files (x86)\Windows Defender

O43 - CFD: 08/04/2011 - 16:42:08 - [5,895] ----D- C:\Program Files (x86)\Windows Mail

O43 - CFD: 09/04/2011 - 17:23:24 - [19,335] ----D- C:\Program Files (x86)\Windows Media Player

O43 - CFD: 14/07/2009 - 06:32:40 - [11,632] ----D- C:\Program Files (x86)\Windows NT

O43 - CFD: 08/04/2011 - 16:42:08 - [4,213] ----D- C:\Program Files (x86)\Windows Photo Viewer

O43 - CFD: 08/04/2011 - 16:42:08 - [0,181] ----D- C:\Program Files (x86)\Windows Portable Devices

O43 - CFD: 08/04/2011 - 16:42:08 - [6,209] ----D- C:\Program Files (x86)\Windows Sidebar

O43 - CFD: 30/11/2011 - 21:27:40 - [8,423] ----D- C:\Program Files (x86)\ZHPDiag

O43 - CFD: 19/06/2011 - 17:16:16 - [3,439] ----D- C:\Program Files (x86)\Common Files\Adobe

O43 - CFD: 10/11/2011 - 21:59:08 - [0,957] --H-D- C:\Program Files (x86)\Common Files\EAInstaller

O43 - CFD: 15/04/2011 - 17:14:52 - [3,111] ----D- C:\Program Files (x86)\Common Files\InstallShield

O43 - CFD: 06/11/2011 - 14:53:36 - [1,201] ----D- C:\Program Files (x86)\Common Files\Java

O43 - CFD: 17/04/2011 - 19:45:04 - [20,183] ----D- C:\Program Files (x86)\Common Files\microsoft shared

O43 - CFD: 14/07/2009 - 04:20:10 - [0,003] ----D- C:\Program Files (x86)\Common Files\Services

O43 - CFD: 14/07/2009 - 04:20:10 - [39,200] ----D- C:\Program Files (x86)\Common Files\SpeechEngines

O43 - CFD: 08/11/2011 - 19:14:38 - [9,771] ----D- C:\Program Files (x86)\Common Files\System

~ Scan Program Folder in 00mn 05s

 

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/11/2011 - 15:59:15 ---A- . (...) -- C:\Windows\setupact.log [0]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 30/11/2011 - 15:59:15 ---A- . (...) -- C:\Windows\setuperr.log [0]

O44 - LFC:[MD5.195B520D6182000F1662394EA45CF27E] - 30/11/2011 - 14:25:46 ---A- . (...) -- C:\Windows\WindowsUpdate.log [103621]

O44 - LFC:[MD5.8FD0EA0B96A59A863A6D6E8BC153CA34] - 30/11/2011 - 03:13:34 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1549700]

O44 - LFC:[MD5.3208D87061818EBA7F1F42564275041D] - 30/11/2011 - 03:13:34 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [106190]

O44 - LFC:[MD5.0045FB5FBAE75778DE2EB044807EE178] - 30/11/2011 - 03:13:34 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [130548]

O44 - LFC:[MD5.81DA7632873A8CEEBAFABA4F442D6702] - 30/11/2011 - 03:13:34 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [615810]

O44 - LFC:[MD5.2133BDDF97414D06729F41DEB4936859] - 30/11/2011 - 03:13:34 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [704242]

O44 - LFC:[MD5.8FD0EA0B96A59A863A6D6E8BC153CA34] - 30/11/2011 - 03:13:34 RSHAD . (...) -- C:\Windows\system32\PerfStringBackup.INI [1549700]

O44 - LFC:[MD5.3208D87061818EBA7F1F42564275041D] - 30/11/2011 - 03:13:34 RSHAD . (...) -- C:\Windows\system32\perfc009.dat [106190]

O44 - LFC:[MD5.0045FB5FBAE75778DE2EB044807EE178] - 30/11/2011 - 03:13:34 RSHAD . (...) -- C:\Windows\system32\perfc00C.dat [130548]

O44 - LFC:[MD5.81DA7632873A8CEEBAFABA4F442D6702] - 30/11/2011 - 03:13:34 RSHAD . (...) -- C:\Windows\system32\perfh009.dat [615810]

O44 - LFC:[MD5.2133BDDF97414D06729F41DEB4936859] - 30/11/2011 - 03:13:34 RSHAD . (...) -- C:\Windows\system32\perfh00C.dat [704242]

O44 - LFC:[MD5.BB5CEB74EEB13DE70C9470F09A1ED8D3] - 30/11/2011 - 03:08:46 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.1A387DE325899061AEF4EB25A83D35D3] - 29/11/2011 - 15:31:33 RSH-- . (...) -- C:\AZRYF [472149]

O44 - LFC:[MD5.5885F8E7B91A29B6D673FAD0B36A2DE5] - 22/11/2011 - 17:02:18 ---A- . (.TuneUp Software - TuneUp Registry Optimization Boot Applicati.) -- C:\Windows\SysNative\TURegOpt.exe [34624]

O44 - LFC:[MD5.CBF7577849773BBCABAC627CD653B8B1] - 22/11/2011 - 17:02:18 ---A- . (.TuneUp Software - TuneUp Theme Extension.) -- C:\Windows\SysNative\uxtuneup.dll [35648]

O44 - LFC:[MD5.CBF7577849773BBCABAC627CD653B8B1] - 22/11/2011 - 17:02:18 ---A- . (.TuneUp Software - TuneUp Theme Extension.) -- C:\Windows\system32\uxtuneup.dll [35648]

O44 - LFC:[MD5.BD471E04BF93D2B9D4F926C3D9690806] - 22/11/2011 - 17:02:18 ---A- . (.TuneUp Software - TuneUp WinLogon Extension.) -- C:\Windows\SysNative\authuitu.dll [25920]

O44 - LFC:[MD5.BD471E04BF93D2B9D4F926C3D9690806] - 22/11/2011 - 17:02:18 ---A- . (.TuneUp Software - TuneUp WinLogon Extension.) -- C:\Windows\system32\authuitu.dll [25920]

O44 - LFC:[MD5.5885F8E7B91A29B6D673FAD0B36A2DE5] - 22/11/2011 - 17:02:18 RSHAD . (.TuneUp Software - TuneUp Registry Optimization Boot Applicati.) -- C:\Windows\system32\TURegOpt.exe [34624]

O44 - LFC:[MD5.A4B8D951D2E0C75926040E8768DF1B4A] - 15/11/2011 - 17:00:30 ---A- . (...) -- C:\Windows\SysNative\Xxx Divx Porno Anal British Housewife Fantasies 3 - Exhib Amateur Mature Mure Mère Maman Mother Mummy Older Des Vraies Vieilles Salopes Se Fon

O44 - LFC:[MD5.A4B8D951D2E0C75926040E8768DF1B4A] - 15/11/2011 - 17:00:30 RSHAD . (...) -- C:\Windows\system32\Xxx Divx Porno Anal British Housewife Fantasies 3 - Exhib Amateur Mature Mure Mère Maman Mother Mummy Older Des Vraies Vieilles Salopes Se Font

O44 - LFC:[MD5.400582B09E0BB557D0EC28A945150EEB] - 10/11/2011 - 21:32:07 RSHAD . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\system32\drivers\dtsoftbus01.sys [279616]

O44 - LFC:[MD5.9837038DB503DC92C9880C6F81195533] - 08/11/2011 - 19:15:50 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [292872]

O44 - LFC:[MD5.9837038DB503DC92C9880C6F81195533] - 08/11/2011 - 19:15:50 RSHAD . (...) -- C:\Windows\system32\FNTCACHE.DAT [292872]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/11/2011 - 17:45:40 RSHAD . (...) -- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [0]

O44 - LFC:[MD5.B7037444DC5138FC7D3D3968B4DE5C4B] - 04/11/2011 - 17:43:05 RSHAD . (.Advanced Micro Devices - AMD USB Filter Driver.) -- C:\Windows\system32\drivers\usbfilter.sys [53376]

O44 - LFC:[MD5.259525CFB422E6AC8E87BC9777B1DF73] - 20/11/2010 - 13:40:07 RSHA- . (...) -- C:\bootmgr [383786]

~ Scan Files in 01mn 21s

 

 

 

---\\ Déni du service (Local Security Authority) (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\system32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\system32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\system32\kerberos.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\system32\msv1_0.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\system32\schannel.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\system32\wdigest.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\system32\tspkg.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\system32\pku2u.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - LiveSSP.) -- C:\Windows\system32\livessp.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Contrôle du Safe Boot (CSB) (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys

~ Scan CSB in 00mn 00s

 

 

 

---\\ MountPoints2 Shell Key (O51) (None)

 

---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

~ Scan Keys in 00mn 00s

 

 

 

---\\ ShareTools MSconfig StartupReg (O53) (None)

 

---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies Explorer (O56)

O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1

O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 19/11/2011 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [491088]

O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 19/11/2011 - 02:52:21 RSHAD . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339536]

O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 19/11/2011 - 02:52:21 RSHAD . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [182864]

O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 19/11/2011 - 02:52:21 RSHAD . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15440]

O58 - SDL:[MD5.6A2EEB0C4133B20773BB3DD0B7B377B4] - 19/11/2011 - 08:18:24 RSHAD . (.Advanced Micro Devices - AMD IO Driver.) -- C:\Windows\system32\drivers\amdiox64.sys [46136]

O58 - SDL:[MD5.D4121AE6D0C0E7E13AA221AA57EF2D49] - 19/11/2011 - 07:41:12 RSHAD . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [107904]

O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 19/11/2011 - 02:52:20 RSHAD . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys [194128]

O58 - SDL:[MD5.540DAF1CEA6094886D72126FD7C33048] - 19/11/2011 - 07:41:12 RSHAD . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [27008]

O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 19/11/2011 - 02:52:21 RSHAD . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [87632]

O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 19/11/2011 - 02:52:21 RSHAD . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [97856]

O58 - SDL:[MD5.19B006B181E3875FD254F7B67ACF1E7C] - 19/11/2011 - 10:38:40 RSHAD . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [15416]

O58 - SDL:[MD5.DBB487D09F56C674430AC454FD8BCAB9] - 19/11/2011 - 23:07:00 RSHAD . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\AtihdW76.sys [231440]

O58 - SDL:[MD5.0415FFE1B6A6EA141FEAFCA57567F57F] - 19/11/2011 - 04:05:10 RSHAD . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [10496512]

O58 - SDL:[MD5.DC24D6F38F17C0D643D9AA8A6852F8D0] - 19/11/2011 - 02:21:58 RSHAD . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys [326656]

O58 - SDL:[MD5.E82E61F46D1336447F4DEFF8C074F13E] - 19/11/2011 - 11:15:36 RSHAD . (.Advanced Micro Devices Inc. - AMD PCIE Filter Driver for ATI PCIE chipset.) -- C:\Windows\system32\drivers\AtiPcie64.sys [16440]

O58 - SDL:[MD5.AA8F79A1BDFC03B3BC70C44AB00589B4] - 19/11/2011 - 16:56:49 RSHAD . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [97312]

O58 - SDL:[MD5.D959309ECECCA73FC79F8EF8521346B2] - 19/11/2011 - 16:56:49 RSHAD . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [130760]

O58 - SDL:[MD5.248DB59FC86DE44D2779F4C7FB1A567D] - 19/11/2011 - 16:56:50 RSHAD . (.Avira GmbH - Avira Manager Driver.) -- C:\Windows\system32\drivers\avkmgr.sys [27760]

O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 19/11/2011 - 21:34:23 RSHAD . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys [270848]

O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 19/11/2011 - 21:41:06 RSHAD . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432]

O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 19/11/2011 - 21:41:06 RSHAD . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704]

O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 19/11/2011 - 02:19:07 RSHAD . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [286720]

O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 19/11/2011 - 21:41:10 RSHAD . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104]

O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 19/11/2011 - 21:41:10 RSHAD . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976]

O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 19/11/2011 - 21:41:10 RSHAD . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720]

O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 19/11/2011 - 21:34:28 RSHAD . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys [468480]

O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 19/11/2011 - 02:52:31 RSHAD . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [17488]

O58 - SDL:[MD5.400582B09E0BB557D0EC28A945150EEB] - 19/11/2011 - 21:32:07 RSHAD . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\system32\drivers\dtsoftbus01.sys [279616]

O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 19/11/2011 - 02:47:48 RSHAD . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [530496]

O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 19/11/2011 - 21:34:33 RSHAD . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys [3286016]

O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 19/11/2011 - 21:31:59 RSHAD . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [31232]

O58 - SDL:[MD5.39D2ABCD392F3D8A6DCE7B60AE7B8EFC] - 19/11/2011 - 14:33:35 RSHAD . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [78720]

O58 - SDL:[MD5.AAAF44DB3BD0B9D1FB6969B23ECC8366] - 19/11/2011 - 07:41:26 RSHAD . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys [410496]

O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 19/11/2011 - 02:48:04 RSHAD . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44112]

O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 19/11/2011 - 02:48:04 RSHAD . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [114752]

O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 19/11/2011 - 02:48:04 RSHAD . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [106560]

O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 19/11/2011 - 02:48:04 RSHAD . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [65600]

O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 19/11/2011 - 02:48:04 RSHAD . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [115776]

O58 - SDL:[MD5.23A854450DAB5C9B7A42AB9BE6F2E4BD] - 19/11/2011 - 16:00:50 RSHAD . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [25416]

O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 19/11/2011 - 02:48:04 RSHAD . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys [35392]

O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 19/11/2011 - 02:48:04 RSHAD . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [284736]

O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 19/11/2011 - 02:48:26 RSHAD . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51264]

O58 - SDL:[MD5.0A92CB65770442ED0DC44834632F66AD] - 19/11/2011 - 07:41:34 RSHAD . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [148352]

O58 - SDL:[MD5.DAB0E87525C10052BF65F06152F37E4A] - 19/11/2011 - 07:41:34 RSHAD . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [166272]

O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 19/11/2011 - 02:45:46 RSHAD . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1524816]

O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 19/11/2011 - 02:45:45 RSHAD . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [128592]

O58 - SDL:[MD5.9140DB0911DE035FED0A9A77A2D156EA] - 19/11/2011 - 02:57:24 RSHAD . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver.) -- C:\Windows\system32\drivers\Rt64win7.sys [565352]

O58 - SDL:[MD5.2E7D1CA91D62501713C9D6E6704395C6] - 19/11/2011 - 17:12:50 RSHAD . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RtHDMIVX.sys [367976]

O58 - SDL:[MD5.F2744FD54BE1580BE05916D1C755C92A] - 19/11/2011 - 18:53:14 RSHAD . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHD64.sys [2957544]

O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 19/11/2011 - 21:37:19 RSHAD . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040]

O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 19/11/2011 - 02:45:45 RSHAD . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [43584]

O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 19/11/2011 - 02:45:46 RSHAD . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [80464]

O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 19/11/2011 - 02:45:55 RSHAD . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [24656]

O58 - SDL:[MD5.B7037444DC5138FC7D3D3968B4DE5C4B] - 19/11/2011 - 21:44:46 RSHAD . (.Advanced Micro Devices - AMD USB Filter Driver.) -- C:\Windows\system32\drivers\usbfilter.sys [53376]

O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 19/11/2011 - 02:45:55 RSHAD . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [17488]

O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 19/11/2011 - 02:45:55 RSHAD . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [161872]

O58 - SDL:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] - 19/11/2011 - 12:34:42 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]

O58 - SDL:[MD5.EDAA17CE771C696655B6585F7CAD2100] - 19/11/2011 - 12:34:48 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832]

O58 - SDL:[MD5.F6BDA026E4157DC4E321CA391E9D9BC6] - 19/11/2011 - 18:20:46 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [13440]

O58 - SDL:[MD5.26D66E32E78D3059715B3A17BC679CD9] - 19/11/2011 - 09:48:34 ---A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [13368]

~ Scan Drivers in 00mn 02s

 

 

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis

O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

~ Scan ADS in 00mn 00s

 

 

 

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - 26/10/2011 - C:\Windows\system32\DRIVERS\atikmdag.sys (amdkmdag) .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG

O64 - Services: CurCS - 24/06/2011 - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys (AODDriver4.01) .(.Advanced Micro Devices - AMD OverDrive Service Driver.) - LEGACY_AODDRIVER4.01

O64 - Services: CurCS - 22/04/2010 - C:\Windows\Syswow64\drivers\AsIO.sys - AsIO (AsIO) .(...) - LEGACY_ASIO

O64 - Services: CurCS - 06/07/2009 - C:\Windows\Syswow64\drivers\AsUpIO.sys - AsUpIO (AsUpIO) .(...) - LEGACY_ASUPIO

O64 - Services: CurCS - 19/10/2011 - C:\Windows\system32\DRIVERS\avgntflt.sys (avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT

O64 - Services: CurCS - 19/10/2011 - C:\Windows\system32\DRIVERS\avipbb.sys (avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB

O64 - Services: CurCS - 19/10/2011 - C:\Windows\system32\DRIVERS\avkmgr.sys (avkmgr) .(.Avira GmbH - Avira Manager Driver.) - LEGACY_AVKMGR

O64 - Services: CurCS - 21/07/2011 - C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys (driverhardwarev2x64) .(.CybelSoft - Driver NT Ma-Config.com.) - LEGACY_DRIVERHARDWAREV2X64

O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV

O64 - Services: CurCS - 13/10/2011 - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUpUtilitiesDrv) .(.TuneUp Software - TuneUp Utilities Driver.) - LEGACY_TUNEUPUTILITIESDRV

~ Scan Services in 00mn 02s

 

 

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Opera.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe

O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\InstallInfo\ShowIconsCommand] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Opera.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe

O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\InstallInfo\ReinstallCommand] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Opera.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe

O68 - StartMenuInternet: <Opera> <Opera>[HKLM\..\InstallInfo\HideIconsCommand] (.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\Opera.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - Google

O69 - SBI: SearchScopes [HKCU] {A6C4554E-0AFA-4245-A17B-36B6F2CC772F} - (Google) - Google

~ Scan Keys in 00mn 00s

 

 

 

---\\ Recherche des services démarrés par Svchost (O83)

O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [72192]

O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [80384]

O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [80384]

O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\system32\srvsvc.dll [236032]

O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [777728]

O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [853504]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [679424]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [99328]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\System32\rasmans.dll [344064]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [97792]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [64512]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [359424]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [316928]

O83 - Search Svchost Services: UxTuneUp (UxTuneUp) . (.TuneUp Software - TuneUp Theme Extension.) -- C:\Windows\System32\uxtuneup.dll [35648]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\System32\termsrv.dll [680960]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\system32\wuaueng.dll [2420736]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [849920]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [370688]

O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [569344]

O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [30720]

O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [70656]

O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [156672]

O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\system32\mmcss.dll [67584]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [242688]

O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\system32\sessenv.dll [121856]

O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [136192]

O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [111104]

O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [1110016]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\system32\kmsvc.dll [90624]

O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [84480]

O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [209920]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\system32\themeservice.dll [44544]

O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [100864]

O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- C:\Windows\System32\appmgmts.dll [193536]

~ Scan Services in 00mn 00s

 

 

 

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.16E53BFC96CE14021C0E07EB1C198478] [sPRF][20/04/2011] (...) -- C:\Users\Lorak\AppData\Roaming\inst.exe [99384]

[MD5.AF7CE12C4F3DC8CB2B07685C916BBCFE] [sPRF][20/04/2011] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Users\Lorak\AppData\Roaming\pcouffin.sys [82816]

[MD5.9149E19DB451DF6C7735942DC71451C8] [sPRF][21/12/2009] (.Pas de propriétaire - asusTek_sys_ctrl Module.) -- C:\Windows\Downloaded Program Files\asusTek_sys_ctrl.dll [139776]

[MD5.C23D44716A9D800E85ACD19AA51BEF94] [sPRF][10/02/2010] (.Symantec Corporation - Symantec Security Check Virus Detection Scan.) -- C:\Windows\Downloaded Program Files\avsniff.dll [337808]

[MD5.E6401B99A94A21A98C0E4C699A14A8C2] [sPRF][10/02/2010] (.TODO: <Company name> - TODO: <File description>.) -- C:\Windows\Downloaded Program Files\avsniffdlgs.dll [264080]

[MD5.4C124A94D0DD39B2D6939CC6CD7E3217] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\catalog.dat [2584]

[MD5.03CA4A509E1B0E59005A731F54EB9481] [sPRF][10/02/2010] (.Symantec Corp. - Symantec Engine Common Object Model Loader.) -- C:\Windows\Downloaded Program Files\ecmldr32.dll [42112]

[MD5.A6E4C541FB166237F85FE757CE183B12] [sPRF][26/10/2011] (.Symantec Corporation - Symantec Engine Common Object Model Server.) -- C:\Windows\Downloaded Program Files\ecmsvr32.dll [279992]

[MD5.7D7B1F8578F2F946A61A015AA44ADCF5] [sPRF][10/03/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.2 r153.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2872992]

[MD5.CA74A39806ECD04FD412EABCB70473C9] [sPRF][10/02/2010] (.Symantec Corp. - Symantec AntiVirus Engine API.) -- C:\Windows\Downloaded Program Files\navapi32.dll [201896]

[MD5.1D340BF30C4BA80D86C4FBAEC5D582E9] [sPRF][26/10/2011] (.Symantec Corporation - AV Engine.) -- C:\Windows\Downloaded Program Files\naveng32.dll [177520]

[MD5.30C92D9540816E1BECB303B4E50A28A0] [sPRF][26/10/2011] (.Symantec Corporation - AV Engine.) -- C:\Windows\Downloaded Program Files\navex32a.dll [1934704]

[MD5.698239F4373767BAAC984E5511B137CA] [sPRF][10/02/2010] (.Symantec Corporation - Symantec Security Check Registry and File Information control.) -- C:\Windows\Downloaded Program Files\rufsi.dll [284048]

[MD5.384350958A2801B5B38D82C7ED52786D] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\scrauth.dat [98112]

[MD5.D1D73DAED82659D7EE4066F03BC7D8E6] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\tcdefs.dat [22921321]

[MD5.9589C06C6CCB4C7BAF7C6AA86734EA12] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\tcscan7.dat [22991018]

[MD5.A2E18D7EEC17BEEA8F56FDA41F514F84] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\tcscan8.dat [178189]

[MD5.7C50C13698DB3A3C39F5373DE18D986C] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\tcscan9.dat [652942]

[MD5.CF214896000FF599373A4687389D1FF4] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\tinf.dat [453]

[MD5.F482930D99D74BCD79CB09F2E88BB7F7] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\tinfidx.dat [148]

[MD5.66E00B2AE5A9923B46DA9C802235C7D0] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\tinfl.dat [1957]

[MD5.44009C0B07E5B04D4EA0E8AD53ECADA7] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\tscan1.dat [74646]

[MD5.44C7CE785BF1CFD02E75CAF4D7E8BF23] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\tscan1hd.dat [3934]

[MD5.EB6AA2397F094AD693F3F22291815A92] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\virscan1.dat [1061529]

[MD5.C70981C9BCF365C2C83B1B1B077CABB5] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\virscan2.dat [574068]

[MD5.5D1931134EE63E9225A4414E44433D2A] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\virscan3.dat [157916]

[MD5.BDFB2177F890B422CDC1DDB9AB2202A6] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\virscan4.dat [320391]

[MD5.73456A45254FB9E336B2DE5EA8046C44] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\virscan5.dat [16185581]

[MD5.BDE2BD0EEA846F3A58FE8D17517C0D77] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\virscan6.dat [398711]

[MD5.C3572D29D1B17C51B3946FC6865CE167] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\virscan7.dat [196883146]

[MD5.E61438986718F4E798954E493B308689] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\virscan8.dat [1009960]

[MD5.B8E7929890D96E7124CC744CD79ED752] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\virscan9.dat [6410151]

[MD5.ABA9D890ACB343EE58F02562B8D1B74D] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\virscant.dat [32]

[MD5.2EA09C8B4B4669C516433AE31982E259] [sPRF][26/10/2011] (...) -- C:\Windows\Downloaded Program Files\zdone.dat [224]

~ Scan Files in 00mn 07s

 

 

 

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "{A489C6A2-265D-422F-AFBC-9E94CB9A15CC}" | In - Private - P6 - TRUE | .(.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe

O87 - FAEL: "{A345D9A5-A1A2-4307-B7B1-FDC237C7E671}" | In - Private - P17 - TRUE | .(.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe

O87 - FAEL: "{6614A2C6-AD70-4F2E-80F5-A090C4AAEBF8}" | In - Public - P6 - TRUE | .(.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe

O87 - FAEL: "{FCF029C2-C7DF-4EC9-B7ED-22B43851680C}" | In - Public - P17 - TRUE | .(.Opera Software - Opera Internet Browser.) -- C:\Program Files (x86)\Opera\opera.exe

O87 - FAEL: "{ABC351AE-7089-404C-B0E4-A4BEE2D78BBD}" | In - Private - P6 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files (x86)\ma-config.com\maconfservice.exe

O87 - FAEL: "{6EFB4B45-704E-4D1E-BE6E-370A21E2E1AF}" | In - Private - P17 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files (x86)\ma-config.com\maconfservice.exe

O87 - FAEL: "{D2A885FB-AFE4-4EFA-BD13-D42F1E261139}" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

O87 - FAEL: "{8B6490D8-F239-4D22-BC9C-F9F981A0BDE1}" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe

O87 - FAEL: "{DC83D784-EA89-48A5-8F47-B9683B821134}" |Out - Domain - P17 - TRUE | .(...) -- C:\Program Files\ (x86)\uTorrent\uTorrent.exe (.not file.)

O87 - FAEL: "{53EEA510-9555-4EF9-BA63-7A4F90FCF3BE}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe

O87 - FAEL: "{549FE3C3-A34D-440E-AA8B-E3FE9F663FEE}" | In - Public - P6 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files (x86)\ma-config.com\maconfservice.exe

O87 - FAEL: "{00FAC727-D251-4A43-8591-6C99BABCDEC4}" | In - Public - P17 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files (x86)\ma-config.com\maconfservice.exe

O87 - FAEL: "{E9B6D60F-F1F7-4E07-8039-A2089EFC1F7D}" | In - Domain - P6 - TRUE | .(.ICQ, LLC. - ICQ.) -- C:\Program Files (x86)\ICQ7.6\ICQ.exe

O87 - FAEL: "{7D64F48B-1262-40EE-A4C3-128A9BBED186}" | In - Domain - P17 - TRUE | .(.ICQ, LLC. - ICQ.) -- C:\Program Files (x86)\ICQ7.6\ICQ.exe

O87 - FAEL: "{89D271D4-D482-410D-9DE8-96459F60CD54}" | In - Private - P6 - TRUE | .(.ICQ, LLC. - ICQ.) -- C:\Program Files (x86)\ICQ7.6\ICQ.exe

O87 - FAEL: "{0A61B311-2017-45B0-B919-D8FA599106EF}" | In - Private - P17 - TRUE | .(.ICQ, LLC. - ICQ.) -- C:\Program Files (x86)\ICQ7.6\ICQ.exe

O87 - FAEL: "{4E76CCCD-95E6-4CB5-8513-0B59F984FABA}" | In - Public - P6 - TRUE | .(.ICQ, LLC. - ICQ.) -- C:\Program Files (x86)\ICQ7.6\ICQ.exe

O87 - FAEL: "{BF5366B9-E2B7-4525-815A-FCE4D89B4B0D}" | In - Public - P17 - TRUE | .(.ICQ, LLC. - ICQ.) -- C:\Program Files (x86)\ICQ7.6\ICQ.exe

O87 - FAEL: "{0AE2A124-8249-4CD9-9E3E-E4653EAD50AC}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe

O87 - FAEL: "{099ED0DA-2128-4241-8FA2-C7FDC82218B3}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe

O87 - FAEL: "{F277DA23-0767-47D4-B86D-D509F29ED7B3}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\SysWOW64\PnkBstrA.exe

O87 - FAEL: "{779CC544-9E06-44A2-8528-D54B2E88FFC8}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\PnkBstrA.exe

O87 - FAEL: "{9911945D-F6F2-4AD1-8FC7-89629DCE1148}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\SysWOW64\PnkBstrB.exe

O87 - FAEL: "{247D61CD-3987-4364-BE1B-27D3E135100F}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\PnkBstrB.exe

O87 - FAEL: "{5CB56FC5-333F-49A9-8110-5F0C3A8EFB3A}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe

O87 - FAEL: "{17D639C0-AB18-4A88-A72C-45D052A59EE4}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe

O87 - FAEL: "{691A89D7-EC2E-49A8-8AAE-D432A32F201C}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe

O87 - FAEL: "{1A237891-7330-4545-997B-CA79567FFAFD}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe

O87 - FAEL: "{EE85E6C8-191D-4EF3-A9E5-395B5E9EC51C}" | In - Public - P6 - FALSE | .(.Ubisoft - Autopatch system.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe

O87 - FAEL: "{151755A6-64E7-4455-8964-9274BD905159}" | In - Public - P17 - FALSE | .(.Ubisoft - Autopatch system.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe

~ Scan Firewall in 00mn 05s

 

 

 

---\\ Scan Additionnel (O88)

Database Version : 8852 - (27/11/2011)

Clés trouvées (Keys found) : 1

Valeurs trouvées (Values found) : 0

Dossiers trouvés (Folders found) : 0

Fichiers trouvés (Files found) : 0

 

[HKCU\Software\PopCap] =>Adware.PopCap

~ Scan Additionnel in 00mn 18s

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 19/11/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Auto 19/11/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe

SR - | Auto 19/11/2011 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

SR - | Auto 19/11/2011 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

SR - | Auto 19/11/2011 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 90112 | (AsSysCtrlService) . (...) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

SS - | Demand 19/11/2011 311928 | (maconfservice) . (.CybelSoft.) - C:\Program Files (x86)\ma-config.com\maconfservice.exe

SR - | Auto 0 | (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe

SR - | Auto 28/11/2011 2118976 | (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

SR - | Auto 19/11/2011 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe

SR - | Auto 19/11/2011 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Scan Services in 00mn 19s

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by Lorak at 30/11/2011 21:30:04

 

device: opened successfully

user: error reading MBR

 

Disk trace:

error: Read Descripteur non valide

kernel: error reading MBR

~ Scan MBR in 00mn 02s

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by Lorak at 30/11/2011 21:30:06

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ Scan MBR in 00mn 04s

 

 

 

---\\ Liste des émulateurs de CD/DVD (Hook du MBR)

O42 - Logiciel: DAEMON Tools Lite - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Lite

~ Scan Emulateurs in 00mn 04s

 

 

 

End of the scan (1154 lines in 02mn 54s)(0)

[Apollo]

Re,

 

Télécharge AdwCleaner par Xplode: Les Téléchargements - Outils de Xplode - AdwCleaner

 

Enregistre-le sur le bureau (et pas ailleurs).

 

Si tu es sous XP double clique sur AdwCleaner pour lancer l'outil.

Si tu es sous Vista/Seven, clique droit sur AdwCleaner et choisis exécuter en temps qu'administrateur.

 

Clique sur Suppression et laisse travailler l'outil.

 

Le rapport va s'ouvrir en fichier texte; copie la totalité de son contenu et colle-le dans ta réponse.

 

Le rapport est en outre sauvegardé sous C:\AdwCleaner[s1]

 

-------------------------

 

+++

[Lorak]

je suis désolé pour le temps perdu

j'ai du redemarrer merci prendre de ton temps voici le dernier rapport:

 

# AdwCleaner v1.319 - Rapport créé le 30/11/2011 à 22:06:26

# Mis à jour le 20/11/11 à 11h par Xplode

# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)

# Nom d'utilisateur : Lorak - LORAK-PC (Administrateur)

# Exécuté depuis : C:\Users\Lorak\Desktop\adwcleaner.exe

# Option [suppression]

 

 

***** [services] *****

 

 

***** [Fichiers / Dossiers] *****

 

 

***** [Registre] *****

 

 

***** [Registre (x64)] *****

 

 

***** [Navigateurs] *****

 

-\\ Internet Explorer v9.0.8112.16421

 

[OK] Le registre ne contient aucune entrée illégitime.

 

-\\ Opera v11.52.1100.0

 

Fichier : C:\Users\Lorak\AppData\Roaming\Opera\Opera\operaprefs.ini

 

[OK] Le fichier ne contient aucune entrée illégitime.

 

*************************

 

AdwCleaner[s1].txt - [760 octets] - [30/11/2011 22:06:26]

 

*************************

 

Dossier Temporaire : 6 dossier(s)et 15 fichier(s) supprimés

 

########## EOF - C:\AdwCleaner[s1].txt - [979 octets] ##########

[Apollo]

Je ne crois pas ton pc infecté mais on va vérifier tout de même.

 

1) Télécharger ATF Cleaner par Atribune.

• Installe-le sur le bureau. (A conserver car très utile après chaque séance de surf)
   
  

Archive-Host | Hébergement de fichiers et Solutions Web
 
|MG| ATF Cleaner 3.0.0.2 Download
 
Double-clique ATF-Cleaner.exe afin de lancer le programme.
--> Sous Vista/7: Clic droit/exécuter en temps qu'administrateur.
 
Sous l'onglet Main, choisis : Select All
Cliquer sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

• Clique Firefox au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.
  

Si tu utilises le navigateur Opera :

• Clique Opera au haut et choisis : Select All
  Cliquer le bouton Empty Selected
  NOTE : Si tu veux conserver tes mots de passe sauvegardés, cliquer No à l'invite.
  

Clique Exit, du menu principal, afin de fermer le programme.

Pour obtenir du Support technique, double-clique l'adresse électronique située au bas de chacun des menus.

------------------

2) Télécharge Malwarebytes' Anti-Malware (MBAM).

 

Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and trojans, plus it protects your computer clique pour la version FREE et enregistre l'exécutable sur le bureau.

 

A la proposition d'évaluation de la version Pro, refuser. Ceci évitera les éventuels conflits avec l'une ou l'autre suite de sécurité.

 

 

Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.

 

Ce logiciel est à garder.

 

Uniquement en cas de problème de mise à jour:

 

Télécharger mises à jour MBAM

 

Exécute le fichier après l'installation de MBAM

 

Connecter les supports amovibles (clés usb etc.) avant de lancer l'analyse.

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen complet"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

Si MBAM demande à redémarrer le pc, fais-le.

 

Si au redémarrage Windows te dit qu'il a bloqué certains programmes de démarrage, clique sur la bulle puis sur Exécuter les programmes bloqués/Malwarebytes Anti-Malware.

 

@++