Windows infecté

[rital94]

Bonjour,

depuis 2 semaines mon écran se coupe quand je joue a trackmania ou CoD4 .J'ai amené mon pc chez celui qui me l'a monté (il est sous garanti)il m'a dit que windows était virussé et que je devais le réinstaller.

Avant de me lancer dans une réinstallation je voulais voir avec vous s'il n'était pas possible de se défaire des virus avant.

Connaissaissant votre fonctionnement je vous poste dores et déjà le rapport malwarebytes et HijackThis.En esperant que vous pourrez faire quelque chose pour moi car réinstaller windows ne m'enchante pas .Merci

 

 

 

Rapport malwarebytes:

 

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre détecté(s): 0

(Aucun élément nuisible détecté)

 

Dossier(s) détecté(s): 0

(Aucun élément nuisible détecté)

 

Fichier(s) détecté(s): 20

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée.

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Aucune action effectuée.

C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée.

C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée.

C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée.

C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Aucune action effectuée.

C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Aucune action effectuée.

F:\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Aucune action effectuée.

F:\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée.

F:\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée.

F:\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée.

F:\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Aucune action effectuée.

F:\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Aucune action effectuée.

F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée.

F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Aucune action effectuée.

F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée.

F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée.

F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Aucune action effectuée.

F:\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Aucune action effectuée.

F:\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Aucune action effectuée.

 

(fin)

 

Rapport HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:26:23, on 01/03/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\TeamViewer\Version7\TeamViewer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\CyberLink\Shared files\brs.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe

F:\Logiciel Maintenance & dvd Shrink,\HiJackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

 

--

End of file - 5888 bytes

Modifié le 1 mars 2012 par rital94

[pear]

Bonjour,

 

Nettoyage

Relancez Mbam(Malewares'Bytes)

Sélectionnez "Exécuter un examen complet"

Cliquez sur "Rechercher"

L' analyse prendra un certain temps, soyez patient !

A la fin , un message affichera :

L'examen s'est terminé normalement.

Sélectionnez tout et cliquez sur Supprimer la sélection ,

MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

puis ouvrir le Bloc-notes et y copier le rapport d'analyse qui peut être retrouvé sous l'onglet Rapports/logs.

Copiez-collez ce rapport dans la prochaine réponse.

 

Hijackthis ne vaut plus guère!

 

Lancez cet outil de diagnostic:

Téléchargez ZhpDiag de Coolman

Double-cliquer sur ZHPDiag.exe pour installer l'outil

Sur le bureau ,il y aura 3 icônes

 

Sous XP, double clic sur l'icône ZhpDiag

Sous Vista/7, faire un clic droit et Exécuter en tant qu'administrateur

Cliquez sur le tournevis et choisissez Tous

En cas de blocage, sur O80 par exemple, cliquez sur le tournevis pour le décocher

 

Clic sur la Loupe pour lancer le scan

Postez le rapport ZhpDiag.txt qui apparait sur le bureau

 

Comment poster les rapports

Copiez/collez tout ou partie des rapports dans un ou plusieurs messages.

Autre solution à privilégier pour un rapport lourd

Aller sur le site :Ci-Joint

Appuyez sur Parcourir et chercher les rapports sur le disque,

Cliquer sur Ouvrir

Cliquer sur Créer le lien CJoint,

>> dans la page suivante --> ,,

une adresse http//.. sera créée

Copier /coller cette adresse dans votre prochain message.

 

[rital94]

mon rapport de malxarebites que j'ai poster je dois le refaire ??

dois-je cocher toutes les case pour l'analyse ou simplement le disque c et F

[rital94]

Rapport de ZHPDiag v1.28.32 par Nicolas Coolman, Update du 05/02/2012

Run by CELSO at 01/03/2012 13:14:32

Web site : ZHPDiag Outil de diagnostic

Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com

Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)

State : Version à jour.

 

Boot mode: Normal (Normal boot)

Logged in as Administrator

 

 

---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421

MFIE: Mozilla Firefox 10.0.2 v10.0.2 (Defaut)

 

---\\ Processus lancés

[MD5.FB9DFE1D04DFA81ABBD8493A52A23773] - (.Symantec Corporation - Symantec CMC SmcGui.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe [1459528] [PID.2360]

[MD5.C687C23E093782DA238F6B972FCB717C] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820480] [PID.2612]

[MD5.F7BA07E85A37CA30FFED726001754951] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe [10871680] [PID.3304]

[MD5.BF1FF06F5434AFAEAB6C3279E3BD2250] - (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560] [PID.3964]

[MD5.F40E80C04475731C6ED5D19C48E45E3C] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160] [PID.3984]

[MD5.16E288B32BC5ED1A73D8D266B354AD5F] - (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe [75048] [PID.4004]

[MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.1916]

[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.5748]

[MD5.5AC757AE411CBC603C33C85F81F8657D] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.4400]

[MD5.196F6E8FBC7043A867C8F428E40530E8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [PID.5884]

[MD5.B8F49232247D0825B2B82E08A9E10753] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [981680] [PID.5524]

[MD5.4309B75F125067EF805F3125B01FCC30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.5984]

~ Scan Processes Running in 00mn 00s

 

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\prefs.js

M3 - MFPP: Plugins - [CELSO] -- C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\searchplugins\askcom.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml

M0 - MFSP: prefs.js [CELSO - y5f7xqok.default] Google

M2 - MFEP: prefs.js [CELSO - y5f7xqok.default\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}] [] Garmin Communicator v4.0.1.0 (.Garmin International.)

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll

P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.9.620.) -- C:\Windows\System32\Adobe\Director\np32dsw.dll

P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.1.10111.0.) -- C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

~ Scan Firefox Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

~ Scan IE Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

 

 

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Redirection du fichier Hosts (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

~ Nombre de lignes (Lines number): 21

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} . (.TechSmith Corporation - SnagIt Browser Helper Object for Internet E.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

~ Scan BHO in 00mn 00s

 

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - SnagIt Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll

~ Scan Toolbar in 00mn 00s

 

 

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe

O4 - HKLM\..\Run: [ccApp] . (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

O4 - HKLM\..\Run: [bDRegion] . (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\System32\nvmctray.dll

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

~ Scan Application in 00mn 00s

 

 

 

---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\CELSO\Desktop\everest.exe - Raccourci.lnk . (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe

O4 - Global Startup: C:\Users\CELSO\Desktop\HijackThis.exe - Raccourci.lnk . (.Trend Micro Inc..) -- F:\Logiciel Maintenance & dvd Shrink,\HiJackThis\HijackThis.exe

O4 - Global Startup: C:\Users\CELSO\Desktop\Jouer à ManiaPlanet.lnk . (...) -- C:\Program Files\ManiaPlanet\ManiaPlanetLauncher.exe

O4 - Global Startup: C:\Users\CELSO\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - Global Startup: C:\Users\CELSO\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\photofiltre.exe

O4 - Global Startup: C:\Users\CELSO\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

~ Scan Global Startup in 00mn 00s

 

 

 

---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)

O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no

~ Scan IE Control Panel in 00mn 00s

 

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe

~ Scan IE Menu Contextuel in 00mn 00s

 

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO

~ Scan IE Extra Buttons in 00mn 00s

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll

O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll

~ Scan Winsock in 00mn 00s

 

 

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

~ Scan Objets ActiveX in 00mn 00s

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4

~ Scan Domain in 00mn 00s

 

 

 

---\\ Protocole additionnel (O18)

O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll

O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll

O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll

O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll

O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll

~ Scan Protocole Additionnel in 00mn 00s

 

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll

~ Scan Winlogon in 00mn 00s

 

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

~ Scan SSODL in 00mn 00s

 

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) - C:\Windows\System32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe

O23 - Service: Client de gestion Symantec (SmcService) . (.Symantec Corporation - Symantec CMC Smc.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) . (.Symantec Corporation - Symantec AntiVirus.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: TeamViewer 6 (TeamViewer6) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: Power Control [2011/02/26 16:42:22] ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp. - Pas de description.) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl

~ Scan Services in 00mn 00s

 

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

~ Scan Desktop Component in 00mn 00s

 

 

 

End of the scan (256 lines in 00mn 01s)(0)

[pear]

C'est pourtant simple.

 

Vous faites un scan approfondi de Mbam, et vous supprimez tout ce qu'il trouve.

 

Ensuite un scan Zhpdiag en suivant bien la procédure car le rapport que vous présentez est très incomplet.

 

La procédure dit:

Cliquez sur le tournevis et choisissez Tous

En cas de blocage, sur O80 par exemple, cliquez sur le tournevis pour le décocher

 

Clic sur la Loupe pour lancer le scan

Postez le rapport ZhpDiag.txt qui apparait sur le bureau

[rital94]

Malwarebytes Anti-Malware (Essai) 1.60.1.1000

www.malwarebytes.org

 

Version de la base de données: v2012.02.29.05

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

CELSO :: CELSO-PC [administrateur]

 

Protection: Activé

 

01/03/2012 12:49:21

mbam-log-2012-03-01 (12-49-21).txt

 

Type d'examen: Examen complet

Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM

Options d'examen désactivées: P2P

Elément(s) analysé(s): 376010

Temps écoulé: 1 heure(s), 12 minute(s), 52 seconde(s)

 

Processus mémoire détecté(s): 0

(Aucun élément nuisible détecté)

 

Module(s) mémoire détecté(s): 0

(Aucun élément nuisible détecté)

 

Clé(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre détectée(s): 0

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre détecté(s): 0

(Aucun élément nuisible détecté)

 

Dossier(s) détecté(s): 0

(Aucun élément nuisible détecté)

 

Fichier(s) détecté(s): 20

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès.

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès.

C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès.

C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès.

C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès.

C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Mis en quarantaine et supprimé avec succès.

C:\Users\CELSO\Desktop\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Mis en quarantaine et supprimé avec succès.

F:\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès.

F:\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès.

F:\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès.

F:\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès.

F:\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Mis en quarantaine et supprimé avec succès.

F:\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Mis en quarantaine et supprimé avec succès.

F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès.

F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\changer de voix\KeyGen.exe (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès.

F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès.

F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès.

F:\Sauvegarde\Logiciels 2011 Kevin\Cod4fr\COD4\cod4\cod4\rzr-cod4.exe (Trojan.Agent.CK) -> Mis en quarantaine et supprimé avec succès.

F:\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\CORE10k.EXE (Dont.Steal.Our.Software) -> Mis en quarantaine et supprimé avec succès.

F:\Sauvegarde\Logiciels 2011 Kevin\PowerDVD v9\keygen.exe (Trojan.Dropper.PGen) -> Mis en quarantaine et supprimé avec succès.

 

(fin)

 

20:51:49 CELSO MESSAGE Protection started successfully

20:51:52 CELSO MESSAGE IP Protection started successfully

 

/02/29 22:38:20 +0100 CELSO-PC CELSO MESSAGE Starting protection

2012/02/29 22:38:22 +0100 CELSO-PC CELSO MESSAGE Protection started successfully

2012/02/29 22:38:25 +0100 CELSO-PC CELSO MESSAGE Starting IP protection

2012/02/29 22:38:26 +0100 CELSO-PC CELSO MESSAGE IP Protection started successfully

2012/02/29 22:43:56 +0100 CELSO-PC CELSO DETECTION F:\Logiciel Maintenance & dvd Shrink,\cdkey-rzr-cod4.exe Trojan.Agent.CK QUARANTINE

2012/02/29 22:47:26 +0100 CELSO-PC CELSO MESSAGE Executing scheduled update: Daily

2012/02/29 22:47:28 +0100 CELSO-PC CELSO MESSAGE Database already up-to-date

2012/02/29 23:57:47 +0100 CELSO-PC CELSO DETECTION

[rital94]

Rapport de ZHPDiag v1.28.32 par Nicolas Coolman, Update du 05/02/2012

Run by CELSO at 01/03/2012 15:56:50

Web site : ZHPDiag Outil de diagnostic

Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com

State : Version à jour.

 

 

---\\ Web Browser

MSIE: Internet Explorer v9.0.8112.16421

MFIE: Mozilla Firefox 10.0.2 v10.0.2 (Defaut)

 

---\\ Windows Product Information

~ Langage: Français

Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

~ Windows® 7, OEM_COA_NSLP channel

Windows ID Activation : OK

~ Windows Partial Key : RCRT4

Windows License : OK

~ Windows Remaining Initializations Number : 4

Software Protection Service (Protection logicielle) : OK

Windows Automatic Updates : OK

Windows Activation Technologies : OK

 

---\\ System Information

~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel

~ Operating System: 32 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3071 MB (61% free)

System Restore: Activé (Enable)

System drive C: has 343 GB (73%) free of 466 GB

 

---\\ Logged in mode

~ Computer Name: CELSO-PC

~ User Name: CELSO

~ All Users Names: UpdatusUser, HomeGroupUser$, CELSO, Administrateur,

~ Unselected Option: None

Logged in as Administrator

 

---\\ Environnement Variables

~ System Unit : C:\

~ %AppData% : C:\Users\CELSO\AppData\Roaming\

~ %Desktop% : C:\Users\CELSO\Desktop\

~ %Favorites% : C:\Users\CELSO\Favorites\

~ %LocalAppData% : C:\Users\CELSO\AppData\Local\

~ %StartMenu% : C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\system32\

 

---\\ DOS/Devices

C:\ Hard drive, Flash drive, Thumb drive (Free 343 Go of 466 Go)

D:\ CD-ROM drive (Not Inserted)

E:\ CD-ROM drive (Free 0 Go of 0 Go)

F:\ Hard drive, Flash drive, Thumb drive (Free 613 Go of 932 Go)

G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)

 

 

 

---\\ Security Center & Tools Informations

[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK

[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK

[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

~ Scan Security Center in 00mn 00s

 

 

 

---\\ Recherche particulière de fichiers génériques

[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]

[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) (.14/07/2009 - 02:14:31.) -- C:\Windows\system32\rundll32.exe [44544]

[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256]

[MD5.1D94FA7C81D2FFE494AF094619BA706F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/12/2011 - 03:57:18.) -- C:\Windows\system32\wininet.dll [1127424]

[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\system32\Winlogon.exe [286720]

[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\system32\sppcomapi.dll [193536]

[MD5.129F80D7868E30DF3E3DE33A1D3132B4] - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows multi-utilisateurs.) (.20/11/2010 - 13:08:50.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480]

[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\drivers\AFD.sys [338944]

[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]

[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\drivers\Cdfs.sys [70656]

[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\drivers\Cdrom.sys [108544]

[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\drivers\DfsC.sys [78336]

[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\drivers\HDAudBus.sys [108544]

[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896]

[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\drivers\IpNat.sys [101888]

[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\drivers\MRxSmb.sys [123904]

[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\drivers\netBT.sys [187904]

[MD5.81189C3D7763838E55C397759D49007A] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/03/2011 - 06:39:00.) -- C:\Windows\system32\drivers\ntfs.sys [1211264]

[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\drivers\Parport.sys [79360]

[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\drivers\Rasl2tp.sys [78848]

[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168]

[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\drivers\tdx.sys [74752]

[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\drivers\volsnap.sys [245632]

~ Scan Generic Processes in 00mn 01s

 

 

 

---\\ Etat des fichiers cachés (Caché/Total)

~ Mes images (My Pictures) : 119/6239

~ Mes Videos (My Videos) : 2/58

~ Mes Favoris (My Favorites) : Non accessible (Not found)

~ Mes Documents (My Documents) : 12/4903

~ Mon Bureau (My Desktop) : 221/15712

~ Menu demarrer (Programs) : 7/32

~ Scan Hidden Files in 00mn 35s

 

 

 

---\\ Processus lancés

[MD5.BF1FF06F5434AFAEAB6C3279E3BD2250] - (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560] [PID.1724]

[MD5.F40E80C04475731C6ED5D19C48E45E3C] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [85160] [PID.2088]

[MD5.16E288B32BC5ED1A73D8D266B354AD5F] - (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe [75048] [PID.2108]

[MD5.C687C23E093782DA238F6B972FCB717C] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1820480] [PID.2364]

[MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.2376]

[MD5.FB9DFE1D04DFA81ABBD8493A52A23773] - (.Symantec Corporation - Symantec CMC SmcGui.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe [1459528] [PID.2964]

[MD5.F7BA07E85A37CA30FFED726001754951] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe [10871680] [PID.3516]

[MD5.5AC757AE411CBC603C33C85F81F8657D] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.4424]

[MD5.4309B75F125067EF805F3125B01FCC30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2210816] [PID.5124]

~ Scan Processes Running in 00mn 00s

 

 

 

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)

C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\prefs.js

M3 - MFPP: Plugins - [CELSO] -- C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\searchplugins\askcom.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml

M3 - MFPP: Plugins - [CELSO] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml

M0 - MFSP: prefs.js [CELSO - y5f7xqok.default] Google

M2 - MFEP: prefs.js [CELSO - y5f7xqok.default\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}] [] Garmin Communicator v4.0.1.0 (.Garmin International.)

P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll

P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll

P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.9.620.) -- C:\Windows\System32\Adobe\Director\np32dsw.dll

P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_26 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.1.10111.0.) -- C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

P2 - FPN: [HKLM] [@nvidia.com/3DVision] - (.NVIDIA Corporation - NVIDIA 3D Vision plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

P2 - FPN: [HKLM] [@nvidia.com/3DVisionStreaming] - (.NVIDIA Corporation - NVIDIA 3D Vision Streaming plugin for Mozilla browsers.) -- C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.2.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

~ Scan Firefox Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)

R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk

R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll

R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1

~ Scan IE Browser in 00mn 00s

 

 

 

---\\ Internet Explorer, Proxy Management (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Scan Proxy management in 00mn 00s

 

 

 

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Redirection du fichier Hosts (O1)

~ Le fichier hosts est sain (The hosts file is clean).

~ Scan Hosts File in 00mn 00s

~ Nombre de lignes (Lines number): 21

 

 

 

---\\ Browser Helper Objects de navigateur (O2)

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} . (.TechSmith Corporation - SnagIt Browser Helper Object for Internet E.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

~ Scan BHO in 00mn 00s

 

 

 

---\\ Internet Explorer Toolbars (O3)

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} . (.TechSmith Corporation - SnagIt Add-in for Internet Explorer.) -- C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll

~ Scan Toolbar in 00mn 00s

 

 

 

---\\ Applications démarrées par registre & par dossier (O4)

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe

O4 - HKLM\..\Run: [ccApp] . (.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O4 - HKLM\..\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

O4 - HKLM\..\Run: [bDRegion] . (.cyberlink - brs.) -- C:\Program Files\CyberLink\Shared files\brs.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\System32\nvmctray.dll

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe

~ Scan Application in 00mn 00s

 

 

 

---\\ Autres liens utilisateurs (O4)

O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\CELSO\Desktop\everest.exe - Raccourci.lnk . (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe

O4 - Global Startup: C:\Users\CELSO\Desktop\HijackThis.exe - Raccourci.lnk . (.Trend Micro Inc..) -- F:\Logiciel Maintenance & dvd Shrink,\HiJackThis\HijackThis.exe

O4 - Global Startup: C:\Users\CELSO\Desktop\Jouer à ManiaPlanet.lnk . (...) -- C:\Program Files\ManiaPlanet\ManiaPlanetLauncher.exe

O4 - Global Startup: C:\Users\CELSO\Desktop\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O4 - Global Startup: C:\Users\CELSO\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.) -- C:\Program Files\PhotoFiltre\photofiltre.exe

O4 - Global Startup: C:\Users\CELSO\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

O4 - Global Startup: C:\Users\CELSO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe

~ Scan Global Startup in 00mn 00s

 

 

 

---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)

O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no

~ Scan IE Control Panel in 00mn 00s

 

 

 

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe

~ Scan IE Menu Contextuel in 00mn 00s

 

 

 

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO

~ Scan IE Extra Buttons in 00mn 00s

 

 

 

---\\ Winsock hijacker (Layered Service Provider) (O10)

O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll

O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll

O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll

O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll

O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll

O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll

O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll

O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.dll

~ Scan Winsock in 00mn 00s

 

 

 

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

~ Scan Objets ActiveX in 00mn 00s

 

 

 

---\\ Modification Domaine/Adresses DNS (O17)

O17 - HKLM\System\CCS\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS1\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4

O17 - HKLM\System\CS2\Services\Tcpip\..\{2B015339-CF8E-4E76-9AF8-3D0CC9B1E0FA}: NameServer = 8.8.8.8,8.8.4.4

~ Scan Domain in 00mn 00s

 

 

 

---\\ Protocole additionnel (O18)

O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll

O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll

O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll

O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll

O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll

O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll

O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll

O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll

O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll

O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll

~ Scan Protocole Additionnel in 00mn 00s

 

 

 

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll

~ Scan Winlogon in 00mn 00s

 

 

 

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

~ Scan SSODL in 00mn 00s

 

 

 

---\\ Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) - C:\Windows\System32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe

O23 - Service: Client de gestion Symantec (SmcService) . (.Symantec Corporation - Symantec CMC Smc.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) . (.Symantec Corporation - Symantec AntiVirus.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: TeamViewer 6 (TeamViewer6) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: TeamViewer 7 (TeamViewer7) . (.TeamViewer GmbH - TeamViewer Remote Control Application.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: Power Control [2011/02/26 16:42:22] ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp. - Pas de description.) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl

~ Scan Services in 00mn 00s

 

 

 

---\\ Enumération Active Desktop & MHTML Editor (O24)

O24 - Default MHTML Editor: Last - .(...) - (.not file.)

~ Scan Desktop Component in 00mn 00s

 

 

 

---\\ BootExecute (O34)

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

~ Scan Keys in 00mn 00s

 

 

 

---\\ Tâches planifiées en automatique (O39)

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000Core.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000UA.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[MD5.FCC7C432FBF465C38FD5D940580EF9B7] [APT] [FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000Core] (.Facebook Inc..) -- C:\Users\CELSO\AppData\Local\Facebook\Update\FacebookUpdate.exe

[MD5.FCC7C432FBF465C38FD5D940580EF9B7] [APT] [FacebookUpdateTaskUserS-1-5-21-501933425-2476989565-1232407324-1000UA] (.Facebook Inc..) -- C:\Users\CELSO\AppData\Local\Facebook\Update\FacebookUpdate.exe

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe

[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe

[MD5.00000000000000000000000000000000] [APT] [{3297A559-5B5F-4C7C-B424-1361C06D20FE}] (...) -- D:\Directx\dxsetup.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{87C5EE51-F534-4BED-BEB0-CF23AD2C062F}] (...) -- C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrinké\pacht cod2\pbsetup.exe (.not file.)

[MD5.00000000000000000000000000000000] [APT] [{97FAB673-36A2-4CD2-BA32-68A669238929}] (...) -- D:\setup.exe (.not file.)

[MD5.028CD3C6E95FF807859FA47A96604890] [APT] [{9C1D237C-593F-4628-9A9E-507628D61569}] (...) -- F:\Logiciels 2011 Kevin\Everest.Corporate.Edtion.v2.80\everest.exe

[MD5.B8F49232247D0825B2B82E08A9E10753] [APT] [{BDF7492F-AD9E-4DB2-A57A-F3F0436E4635}] (.Malwarebytes Corporation.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

[MD5.00000000000000000000000000000000] [APT] [{C544CD80-0710-4A00-B5B5-9B489786A3FD}] (...) -- D:\setup.exe (.not file.)

[MD5.5BC75CB78D32CC34428FC8584A3BD167] [APT] [{CFD75BF0-4D55-4DDC-A7EA-B3C0F143E5F4}] (.NVIDIA Corporation.) -- C:\Users\CELSO\Downloads\295.73-desktop-win7-winvista-32bit-international-whql.exe

[MD5.028CD3C6E95FF807859FA47A96604890] [APT] [{D7E0FBA8-3269-4FAB-AC5B-FEF3502D6084}] (...) -- C:\Users\CELSO\Desktop\Everest\everest.exe

[MD5.00000000000000000000000000000000] [APT] [{F07B0A95-A454-472A-B4B2-880372743DFF}] (...) -- D:\setup.exe (.not file.)

~ Scan Scheduled Task in 00mn 07s

 

 

 

---\\ Composants installés (ActiveSetup Installed Components) (O40)

O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d’IEAK.) -- C:\Windows\System32\iedkcs32.dll

O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll

O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll

O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll

O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe

O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll

~ Scan Active Setup in 00mn 00s

 

 

 

---\\ Pilotes lancés au démarrage (O41)

O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys

O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys

O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys

O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys

O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys

O41 - Driver: (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

O41 - Driver: (ElbyCDIO) . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - C:\Windows\system32\Drivers\ElbyCDIO.sys

O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys

O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys

O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys

O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys

O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys

O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys

O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys

O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys

O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys

O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\system32\DRIVERS\serial.sys

O41 - Driver: (SPBBCDrv) . (.Symantec Corporation - SPBBC Driver.) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

O41 - Driver: (SRTSP) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\system32\Drivers\SRTSP.sys

O41 - Driver: (SRTSPX) . (.Symantec Corporation - Symantec AutoProtect.) - C:\Windows\system32\Drivers\SRTSPX.sys

O41 - Driver: (SYMTDI) . (.Symantec Corporation - Network Dispatch Driver.) - C:\Windows\system32\Drivers\SYMTDI.sys

O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys

O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys

O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys

O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys

O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys

~ Scan Drivers in 00mn 00s

 

 

 

---\\ Logiciels installés (O42)

O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX

O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin

O42 - Logiciel: Adobe Reader X (10.1.2) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}

O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player

O42 - Logiciel: Ashampoo Burning Studio 10 v.10.0.15 - (.Ashampoo GmbH & Co. KG.) [HKLM] -- Ashampoo Burning Studio 10_is1

O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner

O42 - Logiciel: Call of Duty® 2 - (.Activision.) [HKLM] -- InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}

O42 - Logiciel: Call of Duty® 4 - Modern Warfare - (.Activision.) [HKLM] -- InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}

O42 - Logiciel: Call of Duty® 4 - Modern Warfare 1.7 Patch - (.Pas de propriétaire.) [HKLM] -- InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}

O42 - Logiciel: CyberLink PowerDVD 9 - (.CyberLink Corp..) [HKLM] -- InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}

O42 - Logiciel: CyberLink PowerDVD 9 - (.CyberLink Corp..) [HKLM] -- {A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}

O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}

O42 - Logiciel: Diz&Nfo v1.7d - (.Pas de propriétaire.) [HKLM] -- Diz&Nfo v1.7d_is1

O42 - Logiciel: FTPRush 2.1.4 - (.wftpserver.com.) [HKLM] -- FTP Rush_is1

O42 - Logiciel: Facebook Video Calling 1.1.1.1 - (.Skype Limited.) [HKLM] -- {624E54D0-E4F4-434F-9EF6-D4D066EE4348}

O42 - Logiciel: Google Earth Plug-in - (.Google.) [HKLM] -- {2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}

O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

O42 - Logiciel: HomePlayer 1.5.9d - (.HomePlayer.) [HKLM] -- HomePlayer

O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI

O42 - Logiciel: Intel® TV Wizard - (.Intel Corporation.) [HKLM] -- TVWiz

O42 - Logiciel: Java 6 Update 26 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216024FF}

O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {8E5233E1-7495-44FB-8DEB-4BE906D59619}

O42 - Logiciel: Les Sims 2 - (.Pas de propriétaire.) [HKLM] -- {6E7DD182-9FC6-4651-0095-2E666CC6AF35}

O42 - Logiciel: Les Sims 2 Fun en Famille Kit - (.Pas de propriétaire.) [HKLM] -- {6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}

O42 - Logiciel: LiveUpdate 3.3 (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveUpdate

O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver

O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

O42 - Logiciel: Malwarebytes Anti-Malware version 1.60.1.1000 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1

O42 - Logiciel: ManiaPlanet - (.Nadeo.) [HKLM] -- ManiaPlanet_is1

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}

O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}

O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}

O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}

O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}

O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}

O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}

O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}

O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}

O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}

O42 - Logiciel: Microsoft Office 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}

O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office File Validation Add-In - (.Microsoft Corporation.) [HKLM] -- {90140000-2005-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS

O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}

O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}

O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}

O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}

O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}

O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}

O42 - Logiciel: Mises à jour NVIDIA 1.7.11 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update

O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack

O42 - Logiciel: Mozilla Firefox 10.0.2 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 10.0.2 (x86 fr)

O42 - Logiciel: NVIDIA Logiciel système PhysX 9.12.0209 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX

O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM] -- {4EAE665D-957A-4D04-9679-3AD582008877}

O42 - Logiciel: NVIDIA Pilote 3D Vision 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision

O42 - Logiciel: NVIDIA Pilote audio HD : 1.3.12.0 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver

O42 - Logiciel: NVIDIA Pilote du contrôleur 3D Vision 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB

O42 - Logiciel: NVIDIA Pilote graphique 295.73 - (.NVIDIA Corporation.) [HKLM] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver

O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM] -- NVIDIAStereo

O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) [HKLM] -- {3D3E663D-4E7E-4577-A560-7ECDDD45548A}

O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKCU] -- PhotoFiltre

O42 - Logiciel: Playviz 1.7.7 - (.Previznet.) [HKCU] -- Playviz 1.7.7

O42 - Logiciel: QuickPar 0.9 - (.Peter B. Clements.) [HKLM] -- QuickPar

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870

O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351

O42 - Logiciel: Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}

O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AEA16A27-0B97-4670-818F-A98D06EC0A6F}

O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}

O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}

O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663

O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870

O42 - Logiciel: SnagIt 9 - (.TechSmith Corporation.) [HKLM] -- {2FADA80A-5D89-4CC8-9ED7-445527754A83}

O42 - Logiciel: Symantec Endpoint Protection - (.Symantec Corporation.) [HKLM] -- {3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}

O42 - Logiciel: TeamSpeak 3 Client - (.TeamSpeak Systems GmbH.) [HKLM] -- TeamSpeak 3 Client

O42 - Logiciel: TeamViewer 6 - (.TeamViewer GmbH.) [HKLM] -- TeamViewer 6

O42 - Logiciel: TeamViewer 7 - (.TeamViewer.) [HKLM] -- TeamViewer 7

O42 - Logiciel: TmNationsForever - (.Nadeo.) [HKLM] -- TmNationsForever_is1

O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523

O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2600217) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217

O42 - Logiciel: Update for Microsoft Office 2007 (KB2508958) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}

O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}

O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C20964A7-5181-45E5-9E82-72F5D400DEBF}

O42 - Logiciel: Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{97FF6C46-CE3A-47F6-BA6B-3D743ACA4054}

O42 - Logiciel: Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{567103D1-96CD-4B76-93B9-2681A187DEFF}

O42 - Logiciel: VLC media player 1.1.5 - (.VideoLAN.) [HKLM] -- VLC media player

O42 - Logiciel: Virtual Plastic Surgery Software - VPSS v1.0 - (.Kaeria SARL.) [HKLM] -- Virtual Plastic Surgery Software - VPSS_is1

O42 - Logiciel: VirtualCloneDrive - (.Elaborate Bytes.) [HKLM] -- VirtualCloneDrive

O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite

O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}

O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}

O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}

O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}

O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {E5B21F11-6933-4E0B-A25C-7963E3C07D11}

O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM] -- {83C292B7-38A5-440B-A731-07070E81A64F}

O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}

O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}

O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}

O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {05E379CC-F626-4E7D-8354-463865B303BF}

O42 - Logiciel: Xfire (remove only) - (.Pas de propriétaire.) [HKLM] -- Xfire

 

---\\ HKCU & HKLM Software Keys

[HKCU\Software\ASProtect]

[HKCU\Software\ASUS]

[HKCU\Software\Adobe]

[HKCU\Software\AppDataLow\Software\Adobe]

[HKCU\Software\AppDataLow\Software\Microsoft]

[HKCU\Software\AppDataLow\Software]

[HKCU\Software\AppDataLow]

[HKCU\Software\Ashampoo]

[HKCU\Software\Classes]

[HKCU\Software\Clients]

[HKCU\Software\CyberLink]

[HKCU\Software\Digital River]

[HKCU\Software\DivXNetworks]

[HKCU\Software\Elaborate Bytes]

[HKCU\Software\FTPRush]

[HKCU\Software\Facebook]

[HKCU\Software\Garmin]

[HKCU\Software\Google]

[HKCU\Software\Hewlett-Packard]

[HKCU\Software\HookNetwork]

[HKCU\Software\IM Providers]

[HKCU\Software\INTEL]

[HKCU\Software\ImInstaller]

[HKCU\Software\IncrediMail]

[HKCU\Software\JEDI-VCL]

[HKCU\Software\JavaSoft]

[HKCU\Software\Lake]

[HKCU\Software\Lavalys]

[HKCU\Software\Macromedia]

[HKCU\Software\Malwarebytes' Anti-Malware]

[HKCU\Software\MozillaPlugins]

[HKCU\Software\Mozilla]

[HKCU\Software\Mumble]

[HKCU\Software\NVIDIA Corporation]

[HKCU\Software\Netscape]

[HKCU\Software\ODBC]

[HKCU\Software\Piriform]

[HKCU\Software\Policies]

[HKCU\Software\SkypeRS]

[HKCU\Software\Softonic]

[HKCU\Software\Symantec]

[HKCU\Software\Sysinternals]

[HKCU\Software\TeamSpeak 3 Client]

[HKCU\Software\TeamViewer]

[HKCU\Software\TechSmith]

[HKCU\Software\Trolltech]

[HKCU\Software\Virtual Plastic Surgery Software - VPSS]

[HKCU\Software\WinRAR]

[HKCU\Software\Xfire]

[HKCU\Software\YahooPartnerToolbar]

[HKLM\Software\AGEIA Technologies]

[HKLM\Software\ASUS]

[HKLM\Software\ATI Technologies]

[HKLM\Software\Activision]

[HKLM\Software\Adobe]

[HKLM\Software\AppDataLow]

[HKLM\Software\Ashampoo]

[HKLM\Software\BrowserChoice]

[HKLM\Software\C07ft5Y]

[HKLM\Software\Classes]

[HKLM\Software\Clients]

[HKLM\Software\CyberLink]

[HKLM\Software\EA GAMES]

[HKLM\Software\Elaborate Bytes]

[HKLM\Software\Electronic Arts]

[HKLM\Software\Even Balance]

[HKLM\Software\Garmin]

[HKLM\Software\Google]

[HKLM\Software\Hewlett-Packard]

[HKLM\Software\ImInstaller]

[HKLM\Software\InstallShield]

[HKLM\Software\Intel]

[HKLM\Software\JavaSoft]

[HKLM\Software\JreMetrics]

[HKLM\Software\Khronos]

[HKLM\Software\Lake]

[HKLM\Software\Licenses]

[HKLM\Software\Logitech]

[HKLM\Software\Macromedia]

[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]

[HKLM\Software\Malwarebytes' Anti-Malware]

[HKLM\Software\MozillaPlugins]

[HKLM\Software\Mozilla]

[HKLM\Software\NVIDIA Corporation]

[HKLM\Software\ODBC]

[HKLM\Software\Piriform]

[HKLM\Software\Policies]

[HKLM\Software\RegisteredApplications]

[HKLM\Software\Sonic]

[HKLM\Software\Symantec]

[HKLM\Software\TeamViewer]

[HKLM\Software\TechSmith]

[HKLM\Software\Uniblue]

[HKLM\Software\VideoLAN]

[HKLM\Software\Volatile]

[HKLM\Software\WinRAR]

[HKLM\Software\Windows]

[HKLM\Software\Wow6432Node]

[HKLM\Software\mozilla.org]

~ Scan Softwares in 00mn 00s

 

 

 

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 19/05/2011 - 14:55:28 - [-669,815] ----D- C:\Program Files\Activision

O43 - CFD: 17/06/2011 - 09:11:28 - [158,508] ----D- C:\Program Files\Adobe

O43 - CFD: 17/05/2011 - 10:18:54 - [187,007] ----D- C:\Program Files\Ashampoo

O43 - CFD: 16/05/2011 - 09:14:54 - [0,398] ----D- C:\Program Files\Call of Duty

O43 - CFD: 25/02/2011 - 00:08:36 - [3,484] ----D- C:\Program Files\CCleaner

O43 - CFD: 02/07/2011 - 01:15:00 - [383,219] ----D- C:\Program Files\Common Files

O43 - CFD: 26/02/2011 - 16:42:44 - [192,712] ----D- C:\Program Files\CyberLink

O43 - CFD: 26/02/2011 - 16:36:18 - [0,312] ----D- C:\Program Files\Diz&Nfo

O43 - CFD: 02/03/2011 - 11:02:48 - [79,371] ----D- C:\Program Files\DVD Maker

O43 - CFD: 11/07/2011 - 20:21:46 - [-1074,294] ----D- C:\Program Files\EA GAMES

O43 - CFD: 24/02/2011 - 19:40:56 - [2,029] ----D- C:\Program Files\Elaborate Bytes

O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\Program Files\Fichiers communs

O43 - CFD: 11/04/2011 - 19:30:34 - [0,002] ----D- C:\Program Files\FileZilla FTP Client

O43 - CFD: 11/04/2011 - 19:22:22 - [9,973] ----D- C:\Program Files\FTPRush

O43 - CFD: 17/11/2011 - 00:58:02 - [58,807] ----D- C:\Program Files\Google

O43 - CFD: 24/02/2011 - 19:44:56 - [135,712] ----D- C:\Program Files\HomePlayer

O43 - CFD: 27/04/2011 - 11:40:52 - [45,979] ----D- C:\Program Files\HP

O43 - CFD: 19/05/2011 - 15:11:36 - [20,592] ----D- C:\Program Files\InstallShield Installation Information

O43 - CFD: 22/02/2011 - 17:16:46 - [11,571] ----D- C:\Program Files\Intel

O43 - CFD: 15/02/2012 - 13:51:48 - [4,935] ----D- C:\Program Files\Internet Explorer

O43 - CFD: 02/07/2011 - 01:14:30 - [84,449] ----D- C:\Program Files\Java

O43 - CFD: 29/02/2012 - 22:31:50 - [11,412] ----D- C:\Program Files\Malwarebytes' Anti-Malware

O43 - CFD: 20/10/2011 - 15:42:14 - [61,736] ----D- C:\Program Files\ManiaPlanet

O43 - CFD: 14/07/2009 - 10:00:58 - [140,966] ----D- C:\Program Files\Microsoft Games

O43 - CFD: 03/07/2011 - 06:55:04 - [479,611] ----D- C:\Program Files\Microsoft Office

O43 - CFD: 24/02/2012 - 22:21:30 - [36,634] ----D- C:\Program Files\Microsoft Silverlight

O43 - CFD: 22/02/2011 - 17:38:38 - [0,014] ----D- C:\Program Files\Microsoft Visual Studio

O43 - CFD: 26/02/2011 - 16:46:36 - [3,554] ----D- C:\Program Files\Microsoft Works

O43 - CFD: 03/03/2011 - 08:39:56 - [7,789] ----D- C:\Program Files\Microsoft.NET

O43 - CFD: 26/02/2012 - 23:40:12 - [37,531] ----D- C:\Program Files\Mozilla Firefox

O43 - CFD: 24/02/2011 - 19:14:18 - [0,025] ----D- C:\Program Files\MSBuild

O43 - CFD: 24/02/2012 - 22:00:00 - [1004,957] ----D- C:\Program Files\NVIDIA Corporation

O43 - CFD: 30/04/2011 - 13:40:44 - [3,528] ----D- C:\Program Files\PhotoFiltre

O43 - CFD: 26/02/2011 - 16:33:38 - [0,898] ----D- C:\Program Files\QuickPar

O43 - CFD: 14/07/2009 - 05:52:30 - [37,345] ----D- C:\Program Files\Reference Assemblies

O43 - CFD: 24/02/2011 - 19:29:36 - [49,065] ----D- C:\Program Files\Symantec

O43 - CFD: 14/02/2012 - 17:41:14 - [55,344] ----D- C:\Program Files\TeamSpeak 3 Client

O43 - CFD: 06/12/2011 - 09:34:56 - [146,431] ----D- C:\Program Files\TeamViewer

O43 - CFD: 24/02/2011 - 21:30:36 - [45,323] ----D- C:\Program Files\TechSmith

O43 - CFD: 24/02/2011 - 21:53:26 - [713,725] ----D- C:\Program Files\TmNationsForever

O43 - CFD: 14/07/2009 - 05:53:24 - [0] --H-D- C:\Program Files\Uninstall Information

O43 - CFD: 22/02/2011 - 17:35:18 - [76,799] ----D- C:\Program Files\VideoLAN

O43 - CFD: 17/07/2011 - 15:08:46 - [5,227] ----D- C:\Program Files\VPSS

O43 - CFD: 11/04/2011 - 18:53:28 - [0] ----D- C:\Program Files\Wikikou

O43 - CFD: 02/03/2011 - 11:02:44 - [2,909] ----D- C:\Program Files\Windows Defender

O43 - CFD: 02/03/2011 - 11:02:48 - [6,689] ----D- C:\Program Files\Windows Journal

O43 - CFD: 06/09/2011 - 16:01:34 - [62,208] ----D- C:\Program Files\Windows Live

O43 - CFD: 02/03/2011 - 11:02:48 - [5,895] ----D- C:\Program Files\Windows Mail

O43 - CFD: 02/03/2011 - 11:02:48 - [6,298] ----D- C:\Program Files\Windows Media Player

O43 - CFD: 22/02/2011 - 17:00:46 - [11,632] ----D- C:\Program Files\Windows NT

O43 - CFD: 02/03/2011 - 11:02:48 - [4,213] ----D- C:\Program Files\Windows Photo Viewer

O43 - CFD: 02/03/2011 - 11:02:46 - [0,181] ----D- C:\Program Files\Windows Portable Devices

O43 - CFD: 02/03/2011 - 11:02:48 - [6,374] ----D- C:\Program Files\Windows Sidebar

O43 - CFD: 24/02/2011 - 19:18:30 - [4,827] ----D- C:\Program Files\WinRAR

O43 - CFD: 18/12/2011 - 12:42:34 - [19,529] ----D- C:\Program Files\Xfire

O43 - CFD: 01/03/2012 - 15:57:36 - [10,100] ----D- C:\Program Files\ZHPDiag

O43 - CFD: 17/06/2011 - 09:11:32 - [3,651] ----D- C:\Program Files\Common Files\Adobe

O43 - CFD: 24/02/2011 - 18:57:54 - [0] ----D- C:\Program Files\Common Files\BitDefender

O43 - CFD: 26/02/2011 - 16:41:30 - [0,115] ----D- C:\Program Files\Common Files\CyberLink

O43 - CFD: 22/02/2011 - 17:38:38 - [0,089] ----D- C:\Program Files\Common Files\DESIGNER

O43 - CFD: 14/05/2011 - 00:43:46 - [2,770] ----D- C:\Program Files\Common Files\InstallShield

O43 - CFD: 02/07/2011 - 01:15:00 - [1,201] ----D- C:\Program Files\Common Files\Java

O43 - CFD: 24/02/2011 - 17:26:18 - [0,410] ----D- C:\Program Files\Common Files\logishrd

O43 - CFD: 26/10/2011 - 10:19:44 - [273,937] ----D- C:\Program Files\Common Files\microsoft shared

O43 - CFD: 14/07/2009 - 03:37:06 - [0,003] ----D- C:\Program Files\Common Files\Services

O43 - CFD: 14/07/2009 - 03:37:06 - [39,200] ----D- C:\Program Files\Common Files\SpeechEngines

O43 - CFD: 24/02/2011 - 19:30:46 - [19,589] ----D- C:\Program Files\Common Files\Symantec Shared

O43 - CFD: 09/11/2011 - 10:23:44 - [42,256] ----D- C:\Program Files\Common Files\System

O43 - CFD: 22/02/2011 - 17:40:38 - [0] ----D- C:\Program Files\Common Files\Windows Live

O43 - CFD: 17/06/2011 - 09:11:30 - [0,000] ----D- C:\ProgramData\Adobe

O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Application Data

O43 - CFD: 17/05/2011 - 10:19:20 - [0,344] ----D- C:\ProgramData\ashampoo

O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Bureau

O43 - CFD: 26/02/2011 - 16:43:54 - [1,447] ----D- C:\ProgramData\CyberLink

O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Desktop

O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Documents

O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Favoris

O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Favorites

O43 - CFD: 24/02/2011 - 18:34:58 - [0,000] ----D- C:\ProgramData\IM

O43 - CFD: 19/05/2011 - 17:20:58 - [15,396] ----D- C:\ProgramData\Malwarebytes

O43 - CFD: 04/02/2012 - 02:12:02 - [681,954] ----D- C:\ProgramData\ManiaPlanet

O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Menu Démarrer

O43 - CFD: 25/02/2012 - 17:10:48 - [341,524] -S--D- C:\ProgramData\Microsoft

O43 - CFD: 15/02/2012 - 13:07:46 - [0,061] ----D- C:\ProgramData\Microsoft Help

O43 - CFD: 22/02/2011 - 17:00:46 - [0] -SH-D- C:\ProgramData\Modèles

O43 - CFD: 01/03/2012 - 15:54:24 - [2,623] ----D- C:\ProgramData\NVIDIA

O43 - CFD: 19/05/2011 - 14:40:56 - [0,909] ----D- C:\ProgramData\NVIDIA Corporation

O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Start Menu

O43 - CFD: 01/03/2011 - 15:00:44 - [0,000] ----D- C:\ProgramData\Sun

O43 - CFD: 24/02/2011 - 19:30:36 - [852,586] ----D- C:\ProgramData\Symantec

O43 - CFD: 24/02/2011 - 21:30:40 - [0,888] ----D- C:\ProgramData\TechSmith

O43 - CFD: 26/02/2011 - 16:37:48 - [0,051] ----D- C:\ProgramData\Temp

O43 - CFD: 14/07/2009 - 05:53:56 - [0] -SH-D- C:\ProgramData\Templates

O43 - CFD: 26/02/2011 - 21:33:28 - [551,981] ----D- C:\ProgramData\TmForever

O43 - CFD: 18/12/2011 - 18:41:24 - [134,809] ----D- C:\ProgramData\Xfire

O43 - CFD: 25/02/2011 - 09:45:56 - [3,856] ----D- C:\Users\CELSO\AppData\Roaming\Adobe

O43 - CFD: 17/05/2011 - 10:20:08 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Ashampoo

O43 - CFD: 26/02/2011 - 16:43:54 - [0,002] ----D- C:\Users\CELSO\AppData\Roaming\CyberLink

O43 - CFD: 11/04/2011 - 18:54:48 - [0,016] ----D- C:\Users\CELSO\AppData\Roaming\FileZilla

O43 - CFD: 24/02/2012 - 21:40:38 - [0,175] ----D- C:\Users\CELSO\AppData\Roaming\FTPRush

O43 - CFD: 29/11/2011 - 15:26:16 - [0,105] ----D- C:\Users\CELSO\AppData\Roaming\Garmin

O43 - CFD: 22/02/2011 - 17:01:00 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Identities

O43 - CFD: 24/02/2011 - 18:37:26 - [0,055] ----D- C:\Users\CELSO\AppData\Roaming\Macromedia

O43 - CFD: 19/05/2011 - 17:21:06 - [2,229] ----D- C:\Users\CELSO\AppData\Roaming\Malwarebytes

O43 - CFD: 14/07/2009 - 10:00:24 - [0] ----D- C:\Users\CELSO\AppData\Roaming\Media Center Programs

O43 - CFD: 01/02/2012 - 20:06:36 - [2,825] -S--D- C:\Users\CELSO\AppData\Roaming\Microsoft

O43 - CFD: 24/02/2011 - 17:34:00 - [108,977] ----D- C:\Users\CELSO\AppData\Roaming\Mozilla

O43 - CFD: 19/12/2011 - 18:55:54 - [1,087] ----D- C:\Users\CELSO\AppData\Roaming\Mumble

O43 - CFD: 26/02/2011 - 16:45:08 - [0] ----D- C:\Users\CELSO\AppData\Roaming\NVIDIA

O43 - CFD: 26/02/2011 - 18:57:26 - [8,253] ----D- C:\Users\CELSO\AppData\Roaming\OpenCandy

O43 - CFD: 30/04/2011 - 13:52:22 - [0,002] ----D- C:\Users\CELSO\AppData\Roaming\PhotoFiltre

O43 - CFD: 22/02/2011 - 17:21:16 - [0] ----D- C:\Users\CELSO\AppData\Roaming\QuickScan

O43 - CFD: 24/02/2011 - 18:49:48 - [0,215] ----D- C:\Users\CELSO\AppData\Roaming\TeamViewer

O43 - CFD: 24/02/2012 - 21:40:38 - [3,332] ----D- C:\Users\CELSO\AppData\Roaming\TS3Client

O43 - CFD: 26/02/2011 - 19:04:34 - [0,192] ----D- C:\Users\CELSO\AppData\Roaming\Uniblue

O43 - CFD: 27/10/2011 - 15:19:30 - [1,808] ----D- C:\Users\CELSO\AppData\Roaming\vlc

O43 - CFD: 24/02/2011 - 19:19:00 - [1,180] ----D- C:\Users\CELSO\AppData\Roaming\WinRAR

O43 - CFD: 29/01/2012 - 20:25:26 - [0,009] ----D- C:\Users\CELSO\AppData\Roaming\Xfire

O43 - CFD: 25/02/2011 - 09:45:56 - [15,213] ----D- C:\Users\CELSO\AppData\Local\Adobe

O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Application Data

O43 - CFD: 17/05/2011 - 10:20:02 - [0,344] ----D- C:\Users\CELSO\AppData\Local\ashampoo

O43 - CFD: 26/02/2011 - 16:45:02 - [0,007] ----D- C:\Users\CELSO\AppData\Local\Cyberlink

O43 - CFD: 26/02/2012 - 01:59:02 - [0,425] ----D- C:\Users\CELSO\AppData\Local\Diagnostics

O43 - CFD: 06/09/2011 - 16:42:20 - [0,093] ----D- C:\Users\CELSO\AppData\Local\Downloader

O43 - CFD: 23/02/2012 - 21:36:50 - [0,299] ----D- C:\Users\CELSO\AppData\Local\ElevatedDiagnostics

O43 - CFD: 03/12/2011 - 17:22:00 - [6,511] ----D- C:\Users\CELSO\AppData\Local\Facebook

O43 - CFD: 30/04/2011 - 14:44:28 - [0] ----D- C:\Users\CELSO\AppData\Local\Google

O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Historique

O43 - CFD: 24/02/2011 - 18:37:20 - [8,655] ----D- C:\Users\CELSO\AppData\Local\IM

O43 - CFD: 25/02/2012 - 17:10:48 - [562,774] ----D- C:\Users\CELSO\AppData\Local\Microsoft

O43 - CFD: 22/09/2011 - 19:15:24 - [0,161] ----D- C:\Users\CELSO\AppData\Local\Microsoft Games

O43 - CFD: 01/02/2012 - 20:06:34 - [0,101] ----D- C:\Users\CELSO\AppData\Local\Microsoft Help

O43 - CFD: 05/10/2011 - 10:41:32 - [0,179] ----D- C:\Users\CELSO\AppData\Local\MigWiz

O43 - CFD: 24/02/2011 - 17:33:30 - [374,556] ----D- C:\Users\CELSO\AppData\Local\Mozilla

O43 - CFD: 27/02/2011 - 10:06:50 - [0] ----D- C:\Users\CELSO\AppData\Local\OpenCandy

O43 - CFD: 20/05/2011 - 21:52:28 - [5,830] ----D- C:\Users\CELSO\AppData\Local\PunkBuster

O43 - CFD: 24/02/2011 - 19:30:40 - [16,387] ----D- C:\Users\CELSO\AppData\Local\Symantec

O43 - CFD: 24/02/2011 - 21:30:36 - [11,797] ----D- C:\Users\CELSO\AppData\Local\TechSmith

O43 - CFD: 01/03/2012 - 15:54:52 - [5,908] ----D- C:\Users\CELSO\AppData\Local\Temp

O43 - CFD: 22/02/2011 - 17:00:52 - [0] -SH-D- C:\Users\CELSO\AppData\Local\Temporary Internet Files

O43 - CFD: 26/02/2011 - 17:30:34 - [-895,550] ----D- C:\Users\CELSO\AppData\Local\VirtualStore

O43 - CFD: 01/03/2012 - 11:57:28 - [0,063] ----D- C:\Users\CELSO\AppData\Local\Windows Live

O43 - CFD: 26/02/2012 - 12:36:26 - [0] ----D- C:\Users\CELSO\AppData\Local\{21323798-F0F1-46C1-93F5-4D78751EDA46}

O43 - CFD: 27/02/2012 - 00:37:40 - [0] ----D- C:\Users\CELSO\AppData\Local\{68DB5F03-B576-48F7-85FE-84B19F380F95}

O43 - CFD: 29/02/2012 - 19:37:48 - [0] ----D- C:\Users\CELSO\AppData\Local\{83DA3416-C940-4A57-800C-0BC28D0F7B1B}

O43 - CFD: 01/03/2012 - 11:56:40 - [0] ----D- C:\Users\CELSO\AppData\Local\{A8D7FA30-AE5A-4015-90E3-7A07465B2017}

O43 - CFD: 27/02/2012 - 13:24:00 - [0] ----D- C:\Users\CELSO\AppData\Local\{DCCAC3E5-0625-43BD-9A0A-BCABC323C64F}

~ Scan Program Folder in 01mn 45s

 

 

 

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)

O44 - LFC:[MD5.1A913E8696E8F2CD758CDB0C9C0D22C2] - 01/03/2012 - 15:58:39 ---A- . (...) -- C:\Windows\WindowsUpdate.log [124493]

O44 - LFC:[MD5.8E6310F248C4B6CCAD05C42287356DDD] - 01/03/2012 - 15:54:26 ---A- . (...) -- C:\Windows\setupact.log [843]

O44 - LFC:[MD5.5F81096EC16A3977668FFE7893758BC1] - 01/03/2012 - 15:54:22 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]

O44 - LFC:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 01/03/2012 - 14:43:07 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]

O44 - LFC:[MD5.8E4A4137D4AFAE5A101E7DB18AA26848] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1549700]

O44 - LFC:[MD5.459DCA304BF29FF3E81C6F774A79D707] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\perfc009.dat [106190]

O44 - LFC:[MD5.18CDC094A676FE47080CCD860EB295ED] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [130548]

O44 - LFC:[MD5.99DEAE2A78FC7BC5B0BE5E775F904533] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\perfh009.dat [615810]

O44 - LFC:[MD5.F706069057D460C50F0D4C9F4B85C387] - 01/03/2012 - 14:20:57 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [704242]

O44 - LFC:[MD5.02440C2665C6DE0E48321979042C3BB0] - 01/03/2012 - 14:15:35 ---A- . (...) -- C:\Windows\PFRO.log [5612]

O44 - LFC:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 29/02/2012 - 22:29:43 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464]

O44 - LFC:[MD5.24097AF73562086C5DC1B48412F02DA0] - 29/02/2012 - 22:27:34 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\system32\FlashPlayerCPLApp.cpl [414368]

O44 - LFC:[MD5.1B6CABCAE393257233F0F916F7D99D4E] - 29/02/2012 - 22:27:10 ---A- . (...) -- C:\Windows\system32\lvcoinst.log [10700]

O44 - LFC:[MD5.628BA691C30D52309016F01D011BE900] - 29/02/2012 - 17:53:41 ---A- . (...) -- C:\Windows\system32\FNTCACHE.DAT [409992]

O44 - LFC:[MD5.F7CD5E9902D3B778759B467046A104F4] - 26/02/2012 - 14:37:22 ---A- . (...) -- C:\Windows\MEMORY.DMP [407791962]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 26/02/2012 - 11:40:31 ---A- . (...) -- C:\Windows\setuperr.log [0]

O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/02/2012 - 21:59:58 ---A- . (...) -- C:\Windows\system32\nvdrssel.bin [0]

O44 - LFC:[MD5.0195003E40E6EBB9B684C2FD1D13E38D] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\system32\nvhdagenco3220103.dll [876864]

O44 - LFC:[MD5.3D7FB57354703809B5F0C23287FAC1D6] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [148800]

O44 - LFC:[MD5.A435BA6A5146800CC0335972A37CD7FD] - 23/02/2012 - 22:29:34 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\nvhdap32.dll [27968]

O44 - LFC:[MD5.188A70B814F4C77EA093A1CA34CC8F2D] - 10/02/2012 - 05:13:00 ---A- . (...) -- C:\Windows\system32\nvinfo.pb [8772]

O44 - LFC:[MD5.1992D479AC7B804B699EFA8573230C94] - 10/02/2012 - 05:13:00 ---A- . (.Khronos Group - OpenCL Client DLL.) -- C:\Windows\system32\OpenCL.dll [61248]

O44 - LFC:[MD5.2941DA00EFD5F801EFE442BABD8B3B6D] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - Display Driver Coinstaller.) -- C:\Windows\system32\nvdispco32.dll [1000256]

O44 - LFC:[MD5.5055CA6E2C7041C1557B48CC1E487CAA] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - Generic Coinstaller.) -- C:\Windows\system32\nvgenco32.dll [881984]

O44 - LFC:[MD5.9FD158015EE8F3B4971A76BC6E3B520F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Driver, Version 295.73.) -- C:\Windows\system32\nvcuda.dll [5892928]

O44 - LFC:[MD5.D592EA592BFC42BBAA64B9A36E11A956] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Decode API, Version 295.7.) -- C:\Windows\system32\nvcuvid.dll [2517312]

O44 - LFC:[MD5.680BF097C8D195109590E8078C71F989] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA CUDA Video Encoder, Version 295.73.) -- C:\Windows\system32\nvcuvenc.dll [2437440]

O44 - LFC:[MD5.7E6E761D5C5A4BCF19BA3149310770D2] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Compatible OpenGL ICD.) -- C:\Windows\system32\nvoglv32.dll [19443520]

O44 - LFC:[MD5.AD5DAA753919D0EBCC8CE85031E11550] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Compiler, Version 295.73.) -- C:\Windows\system32\nvcompiler.dll [17543488]

O44 - LFC:[MD5.C2B076639017CAB78DD63FF8F94BDD7C] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA D3D10 Driver, Version 295.73.) -- C:\Windows\system32\nvwgf2um.dll [7713088]

O44 - LFC:[MD5.E9511F7F35D6A144C1B5F067209C1CBA] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA NVAPI Library, Version 295.73.) -- C:\Windows\system32\nvapi.dll [2301248]

O44 - LFC:[MD5.91C8B1471CD7BDAE2FF6F062E25228BD] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA WDDM D3D Driver, Version 295.73.) -- C:\Windows\system32\nvd3dum.dll [15009600]

O44 - LFC:[MD5.F452E6AD3EDA2852F44BE492E283C40F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version.) -- C:\Windows\system32\drivers\nvlddmkm.sys [10816832]

O44 - LFC:[MD5.CCDCF296BF51DD66F6341B188373A78E] - 10/02/2012 - 04:02:06 ---A- . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\nvcpl.dll [3881792]

O44 - LFC:[MD5.788FCC23961A7D65372D6BF3709DD39B] - 10/02/2012 - 04:00:44 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvsvc.dll [2719040]

O44 - LFC:[MD5.70145ADE9EFE2CE296DD5FC761B4969B] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvvsvc.exe [645440]

O44 - LFC:[MD5.A9EF3534BFF340D2FEFB052B0DD7C4DB] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\nvmctray.dll [108352]

O44 - LFC:[MD5.216CD1ABF4CEDB5F4554D1E9DC2E4FF6] - 10/02/2012 - 04:00:26 ---A- . (.NVIDIA Corporation - Pas de description.) -- C:\Windows\system32\nvshext.dll [62272]

O44 - LFC:[MD5.31C523B4181F48BA6B7DC23EC1861433] - 10/02/2012 - 04:00:25 ---A- . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.7.) -- C:\Windows\system32\nvsvcr.dll [2561344]

O44 - LFC:[MD5.F86A49D72D156947AB4B1F398F6B98EA] - 09/02/2012 - 20:05:44 ---A- . (...) -- C:\Windows\system32\nvStreaming.exe [416064]

~ Scan Files in 01mn 30s

 

 

 

---\\ Derniers fichiers créés dans Windows Prefetcher (O45)

O45 - LFCP:[MD5.D1455CB244C17F3C1C65F4C8C37AB0F9] - 01/03/2012 - 00:00:32 ---A- - C:\Windows\Prefetch\IGFXSRVC.EXE-67E7A62F.pf

O45 - LFCP:[MD5.66EC6C9259E3629EE562EA4382822DA6] - 01/03/2012 - 10:00:04 ---A- - C:\Windows\Prefetch\SDCLT.EXE-2D2C4DDD.pf

O45 - LFCP:[MD5.AF1846277C34292616C5085D193BCBC8] - 01/03/2012 - 10:47:19 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-501933425-2476989565-1232407324-1000.db

O45 - LFCP:[MD5.BE7D3D5D7A5EB25EE9B1670514BFFD8C] - 01/03/2012 - 10:47:19 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-501933425-2476989565-1232407324-1000.db

O45 - LFCP:[MD5.033ED07152FD57EE2550BA4CFC7C166D] - 01/03/2012 - 11:15:36 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-6202E8F2.pf

O45 - LFCP:[MD5.66B0868507D65A5280382A10CF9F7922] - 01/03/2012 - 11:33:31 ---A- - C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf

O45 - LFCP:[MD5.3F5ECAF35CC4DA8E9E25D6477967E139] - 01/03/2012 - 11:35:24 ---A- - C:\Windows\Prefetch\SAVUI.EXE-24D69985.pf

O45 - LFCP:[MD5.1457C57F0ED10A783D231975CC9AC1A9] - 01/03/2012 - 11:36:00 ---A- - C:\Windows\Prefetch\RTVSCAN.EXE-C249E232.pf

O45 - LFCP:[MD5.A458A60B690FE85CAAB2F8EA34425B4D] - 01/03/2012 - 11:55:35 ---A- - C:\Windows\Prefetch\Layout.ini

O45 - LFCP:[MD5.1658BA17A31F9DF1A9B97BCC506D64E7] - 01/03/2012 - 11:55:42 ---A- - C:\Windows\Prefetch\DEFRAG.EXE-738093E8.pf

O45 - LFCP:[MD5.552395E86CF2536BC0AE58E7378B824A] - 01/03/2012 - 11:55:46 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8DA0BAAD.pf

O45 - LFCP:[MD5.770E51B33B322558188FCABF1E7506C7] - 01/03/2012 - 12:05:24 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf

O45 - LFCP:[MD5.48B094BB8948FB7530D78B652BF402B1] - 01/03/2012 - 12:32:56 ---A- - C:\Windows\Prefetch\SYMCORPUI.EXE-9552AFDC.pf

O45 - LFCP:[MD5.57C0BA3A6E03B761D3EC2F9003100360] - 01/03/2012 - 12:33:11 ---A- - C:\Windows\Prefetch\SESCLU.EXE-3C84D030.pf

O45 - LFCP:[MD5.AB32680DE97764346233E01E07DDB479] - 01/03/2012 - 12:33:42 ---A- - C:\Windows\Prefetch\DWHWIZRD.EXE-3820D06C.pf

O45 - LFCP:[MD5.ECEE279E98A97F37127159C6ED859DD1] - 01/03/2012 - 12:33:57 ---A- - C:\Windows\Prefetch\LUCALLBACKPROXY.EXE-9EFD4A00.pf

O45 - LFCP:[MD5.F42A5770FD721C5165D19773C327D05F] - 01/03/2012 - 12:34:02 ---A- - C:\Windows\Prefetch\LUALL.EXE-C73A48CA.pf

O45 - LFCP:[MD5.CAED425DE3EF7D7DF2EC14F9B5F09AAC] - 01/03/2012 - 12:34:04 ---A- - C:\Windows\Prefetch\LUCOMS~1.EXE-95D7A512.pf

O45 - LFCP:[MD5.E50588886F551443D9F862D831109CFE] - 01/03/2012 - 13:13:01 ---A- - C:\Windows\Prefetch\WINDOWSLIVEPHOTOVIEWER.EXE-6106E219.pf

O45 - LFCP:[MD5.0E362D054BEB2FDB2F21225685FE0915] - 01/03/2012 - 13:14:40 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf

O45 - LFCP:[MD5.48352CCA6FD22F7EADDE2A10F111940D] - 01/03/2012 - 13:19:11 ---A- - C:\Windows\Prefetch\MSNMSGR.EXE-DD43BBF4.pf

O45 - LFCP:[MD5.16A3EDF15B88C108F74B682459B12B45] - 01/03/2012 - 13:27:28 ---A- - C:\Windows\Prefetch\WLCOMM.EXE-648065CA.pf

O45 - LFCP:[MD5.6396441F8C5833761FA2F6AB10AE136E] - 01/03/2012 - 14:11:07 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-437C05A8.pf

O45 - LFCP:[MD5.23690CC18E519D622F79661D7CB4B9A9] - 01/03/2012 - 14:13:17 ---A- - C:\Windows\Prefetch\SMCGUI.EXE-3A816A45.pf

O45 - LFCP:[MD5.F91958A425723E65962542B0C220F072] - 01/03/2012 - 14:14:03 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin

O45 - LFCP:[MD5.BA919E067236E62387CA4ECBAED2AFE6] - 01/03/2012 - 14:17:26 ---A- - C:\Windows\Prefetch\ATBROKER.EXE-FF58B71D.pf

O45 - LFCP:[MD5.AA7B9BE4CA2BBBCA1320EFE98AAEE991] - 01/03/2012 - 14:17:26 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf

O45 - LFCP:[MD5.2E7E3988E771E5A302DEA97CD560D1D0] - 01/03/2012 - 14:17:44 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-DB4C36D7.pf

O45 - LFCP:[MD5.67E78FCC5C64790CA40E9F573F5879CA] - 01/03/2012 - 14:20:01 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-031B6478.pf

O45 - LFCP:[MD5.FD1916240921849CAE6E4F6142FFA816] - 01/03/2012 - 14:26:01 ---A- - C:\Windows\Prefetch\FACEBOOKUPDATE.EXE-956D9D42.pf

O45 - LFCP:[MD5.A390832436D67BE393174902135C8FC5] - 01/03/2012 - 14:29:32 ---A- - C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf

O45 - LFCP:[MD5.71171B892E97F5A509F0A3B5BB69EA27] - 01/03/2012 - 14:29:37 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D40FB18A.pf

O45 - LFCP:[MD5.D474CADE406451590DE9E2BAD84949EE] - 01/03/2012 - 14:31:38 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-E2054E7F.pf

O45 - LFCP:[MD5.73F92170944857ED43D93BE042045C30] - 01/03/2012 - 14:43:07 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf

O45 - LFCP:[MD5.FA2A94819CF7BD01CE5E884E2C1FB822] - 01/03/2012 - 14:44:34 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf

O45 - LFCP:[MD5.741ECE1B33098A0E6F95FF47C69F878C] - 01/03/2012 - 14:57:31 ---A- - C:\Windows\Prefetch\AgRobust.db

O45 - LFCP:[MD5.5917F9DD5A3FBA1270A1814C387F5508] - 01/03/2012 - 14:57:32 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db

O45 - LFCP:[MD5.61DD173EF1D7BAB171C119732752B2B3] - 01/03/2012 - 14:57:34 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db

O45 - LFCP:[MD5.7E3459B0BC331D817905B86772DF8868] - 01/03/2012 - 14:57:39 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db

O45 - LFCP:[MD5.09FC76687539940E5F5824834EBB1548] - 01/03/2012 - 15:02:10 ---A- - C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf

O45 - LFCP:[MD5.C39A9C64377A4301D255098CCDD9D6B2] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-D0D776AC.pf

O45 - LFCP:[MD5.50EF1165A2B5713890241C20EAF24603] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf

O45 - LFCP:[MD5.B4FE636460758CE872554C42443F07A6] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\MPNOTIFY.EXE-55171BA9.pf

O45 - LFCP:[MD5.319DFEC7F0BC9ABF455B9D722319F29D] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\NVVSVC.EXE-261BA731.pf

O45 - LFCP:[MD5.84622CC93602BFD931CB6DC70AEDD31B] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\NVXDSYNC.EXE-297C5BB3.pf

O45 - LFCP:[MD5.D0E5DD10D9BBE46C55A03797E24B71AE] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\SMC.EXE-6A4099C4.pf

O45 - LFCP:[MD5.C7C47F671923C4D31F33AA76AD1F9303] - 01/03/2012 - 15:55:32 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7643E300.pf

O45 - LFCP:[MD5.705010C4B12B6D632747886440D58C48] - 01/03/2012 - 15:55:58 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-53B78AD0.pf

O45 - LFCP:[MD5.712BAFCBCFED7F9ACF7CE66413948AF2] - 01/03/2012 - 15:56:07 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf

O45 - LFCP:[MD5.EC2F0B40CD50A2D185BD269C30E56AFC] - 01/03/2012 - 15:56:39 ---A- - C:\Windows\Prefetch\CONSENT.EXE-65F6206D.pf

O45 - LFCP:[MD5.B20501FB8B6ECFC6CCDEECFD6522C36D] - 01/03/2012 - 15:56:44 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf

O45 - LFCP:[MD5.CFEE0A94A47BC6C28DF56A27F80C04D7] - 01/03/2012 - 15:56:54 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-FAA88858.pf

O45 - LFCP:[MD5.A3867A1CB6C40D2A9D4CB24400810DEF] - 01/03/2012 - 15:56:55 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-8973CEDD.pf

O45 - LFCP:[MD5.D840C0836643E437A48F4A6A9C3E341C] - 01/03/2012 - 15:56:56 ---A- - C:\Windows\Prefetch\CONHOST.EXE-3218E401.pf

O45 - LFCP:[MD5.61B2E5B1021932E913306170C6AF1187] - 01/03/2012 - 15:57:01 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf

O45 - LFCP:[MD5.B2F31767D7F711C6A76E9988BBD32D58] - 01/03/2012 - 15:57:02 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-CBE91656.pf

O45 - LFCP:[MD5.DF8001E24715C13250C993BB42A57EE1] - 01/03/2012 - 15:57:11 ---A- - C:\Windows\Prefetch\DAEMONU.EXE-71078F74.pf

O45 - LFCP:[MD5.5A141FE46FB4E7BB0A93C17B1E3B83A6] - 01/03/2012 - 15:58:25 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-93CEEE07.pf

O45 - LFCP:[MD5.7B6CD4CF19C875949D007659C4927C3A] - 01/03/2012 - 15:59:01 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf

O45 - LFCP:[MD5.A4BE90A66BB86EE842387B5B9018257A] - 01/03/2012 - 16:00:31 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf

O45 - LFCP:[MD5.EE71A8BA81F85D821F21F22D5CC0FFE7] - 01/03/2012 - 16:00:31 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf

O45 - LFCP:[MD5.D718AFAE0178C28ECDFABDAE98BCBB41] - 26/02/2012 - 01:17:03 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf

O45 - LFCP:[MD5.37A795C43426DC3899B266373DEBA6AB] - 26/02/2012 - 01:19:05 ---A- - C:\Windows\Prefetch\AgCx_SC4.db

O45 - LFCP:[MD5.EFDEDB0650EE819A315A17727E79429C] - 26/02/2012 - 01:55:55 ---A- - C:\Windows\Prefetch\MSDT.EXE-3D8E9353.pf

O45 - LFCP:[MD5.6EB7FF03D6F6AED5857A350FE3375096] - 26/02/2012 - 12:37:14 ---A- - C:\Windows\Prefetch\HCHNZI0V.EXE-AF52E1C1.pf

O45 - LFCP:[MD5.5DC05BF34206CB64208287A7E6A7FC5F] - 26/02/2012 - 13:20:34 ---A- - C:\Windows\Prefetch\ACRORD32.EXE-33939BD1.pf

O45 - LFCP:[MD5.40CE1179A49429E7AA34E0ED5D286714] - 26/02/2012 - 13:20:58 ---A- - C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf

O45 - LFCP:[MD5.D165DA6516F7647364B31222CE7271F2] - 26/02/2012 - 14:41:08 ---A- - C:\Windows\Prefetch\SC.EXE-BC6DAF49.pf

O45 - LFCP:[MD5.5DA4E2AA91516F0DC1D68C10A33C0A8A] - 26/02/2012 - 17:42:26 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-85E123DD.pf

O45 - LFCP:[MD5.40E3549A7DD8D13B92DE50669533BBBA] - 26/02/2012 - 17:58:54 ---A- - C:\Windows\Prefetch\FTPRUSH.EXE-91557209.pf

O45 - LFCP:[MD5.F89C4586170974646D3F4607A4B8FB04] - 26/02/2012 - 19:28:55 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-B6C9169C.pf

O45 - LFCP:[MD5.973B90477200CD4334737367E885243E] - 26/02/2012 - 19:40:19 ---A- - C:\Windows\Prefetch\TEAMVIEWER_DESKTOP.EXE-80FF783D.pf

O45 - LFCP:[MD5.77BADE0B22DD74497A70DF98D845B8B3] - 26/02/2012 - 20:42:01 ---A- - C:\Windows\Prefetch\WINRAR.EXE-6F42D4E7.pf

O45 - LFCP:[MD5.D9F534785F33E8CF862272DC65103C66] - 26/02/2012 - 20:50:36 ---A- - C:\Windows\Prefetch\VLC.EXE-CE8E9BE1.pf

O45 - LFCP:[MD5.46C0F6104C6BF5EE5AA037CC814D9BBA] - 26/02/2012 - 23:40:11 ---A- - C:\Windows\Prefetch\UPDATER.EXE-CE019E81.pf

O45 - LFCP:[MD5.234666BA890272ED97261245A275BB22] - 26/02/2012 - 23:40:14 ---A- - C:\Windows\Prefetch\HELPER.EXE-36267E56.pf

O45 - LFCP:[MD5.E9905E9F099DD55B1C622A226D9CB280] - 27/02/2012 - 00:38:26 ---A- - C:\Windows\Prefetch\WPBXI4ES.EXE-A21BCFAC.pf

O45 - LFCP:[MD5.07AB1871F65DFAD2E7D07D8291CFF8A9] - 27/02/2012 - 12:25:00 ---A- - C:\Windows\Prefetch\PNKBSTRA.EXE-C7CBC1AC.pf

O45 - LFCP:[MD5.03BCE3FDF70D4C74015051AB41884030] - 27/02/2012 - 12:25:00 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-7488A139.pf

O45 - LFCP:[MD5.37B79138545EE1C62B6E52632465C14A] - 27/02/2012 - 13:19:07 ---A- - C:\Windows\Prefetch\NTVDM.EXE-42770598.pf

O45 - LFCP:[MD5.B044EAA4ABA086FD29876D2B8B8D39BF] - 27/02/2012 - 13:24:47 ---A- - C:\Windows\Prefetch\D2QDACY9.EXE-A0D40668.pf

O45 - LFCP:[MD5.BABE80A355C683E4F2BFD6AD6232C43B] - 27/02/2012 - 13:40:37 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-5408F669.pf

O45 - LFCP:[MD5.5A55EE2DE132ED0F9D82303F175EE5C8] - 27/02/2012 - 13:40:40 ---A- - C:\Windows\Prefetch\OUTLOOK.EXE-B9F191EB.pf

O45 - LFCP:[MD5.AE6887AC571CEAFC466F42D84D9329D7] - 27/02/2012 - 13:41:28 ---A- - C:\Windows\Prefetch\VCDMOUNT.EXE-6E08686D.pf

O45 - LFCP:[MD5.D830E649E4B76E00675AEED046F44134] - 27/02/2012 - 13:42:06 ---A- - C:\Windows\Prefetch\EVEREST.EXE-2253DFA1.pf

O45 - LFCP:[MD5.642EFD781B70E89850B55ACA5165ABAC] - 27/02/2012 - 13:42:16 ---A- - C:\Windows\Prefetch\EVEREST.BIN-15E1F87C.pf

O45 - LFCP:[MD5.4F84A466C0450DB74842888076B83737] - 27/02/2012 - 13:55:30 ---A- - C:\Windows\Prefetch\PREVHOST.EXE-205F609A.pf

O45 - LFCP:[MD5.6DA29E4EA6A331BD0ACBF046851D80A5] - 29/02/2012 - 16:01:03 ---A- - C:\Windows\Prefetch\CCSVCHST.EXE-18A52415.pf

O45 - LFCP:[MD5.2A13743E3CBFC263F3B5C97EE8543C9D] - 29/02/2012 - 16:01:03 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-2A6E95B3.pf

O45 - LFCP:[MD5.C42959DDE04BF4C6DAB36CB5FB3CBACF] - 29/02/2012 - 16:01:25 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-1C4796DF.pf

O45 - LFCP:[MD5.29BE153F149E09EE5B3AA1B144B5056E] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\LSASS.EXE-8DBFE3B9.pf

O45 - LFCP:[MD5.D63960C85509EEBB1233147D1704FF63] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\LSM.EXE-20DE9C3F.pf

O45 - LFCP:[MD5.6F728761911DFF761A1F9F8ACC0AE547] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\NVSCPAPISVR.EXE-5AFC19BA.pf

O45 - LFCP:[MD5.D081717DF5B4603AF13CAEBC804C42AE] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\SERVICES.EXE-2260497F.pf

O45 - LFCP:[MD5.6957322F32EE0FA49434DED454FF9172] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-F4BAF363.pf

O45 - LFCP:[MD5.8D71787A793FF8781F845D940512C0CB] - 29/02/2012 - 17:54:42 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-F5AA802A.pf

O45 - LFCP:[MD5.46607303B2AFABCF43FF9CA40A2D3157] - 29/02/2012 - 19:33:20 ---A- - C:\Windows\Prefetch\DINOTIFY.EXE-06EB7C61.pf

O45 - LFCP:[MD5.5DCC2C4454C31F7355EE7D132EDA95D6] - 29/02/2012 - 19:33:20 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-903E43EF.pf

O45 - LFCP:[MD5.43B5137AD7DC8004FD600F047F7D3705] - 29/02/2012 - 19:33:20 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-4D8DA32A.pf

O45 - LFCP:[MD5.77702A0BC875DD3AA3EF3D49812B70BC] - 29/02/2012 - 19:33:20 ---A- - C:\Windows\Prefetch\WUDFHOST.EXE-81420B07.pf

O45 - LFCP:[MD5.A1ED1EF21376C509EBD97D218CA51EFB] - 29/02/2012 - 19:33:42 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-C300C0AC.pf

O45 - LFCP:[MD5.EDFA2A097F58D186392735C956A75A9A] - 29/02/2012 - 19:34:01 ---A- - C:\Windows\Prefetch\REGEDIT.EXE-4748FE01.pf

O45 - LFCP:[MD5.2CAF10BB738494353C37295C2E52B172] - 29/02/2012 - 19:34:05 ---A- - C:\Windows\Prefetch\DRVINST.EXE-5F8E77CD.pf

O45 - LFCP:[MD5.8EE67C3D496346EF1DC68B0442231A0D] - 29/02/2012 - 19:34:45 ---A- - C:\Windows\Prefetch\WUAUCLT.EXE-830BCC14.pf

O45 - LFCP:[MD5.C2236A45C90D85D4C9AFE73A5107A9C1] - 29/02/2012 - 19:35:00 ---A- - C:\Windows\Prefetch\HELPPANE.EXE-D1016F9E.pf

O45 - LFCP:[MD5.79BC080A3A2043817BD27B0E79D9F192] - 29/02/2012 - 19:35:35 ---A- - C:\Windows\Prefetch\SNAGIT32.EXE-8916D00C.pf

O45 - LFCP:[MD5.77A02E92F5CAC4DE452504FD55C5B72E] - 29/02/2012 - 19:35:35 ---A- - C:\Windows\Prefetch\TSCHELP.EXE-C62FC814.pf

O45 - LFCP:[MD5.B7DF72B4AB03952B4ED544AE2575DE2A] - 29/02/2012 - 19:35:36 ---A- - C:\Windows\Prefetch\SNAGPRIV.EXE-D57D688F.pf

O45 - LFCP:[MD5.9A519052DE042569FDCEB734713A557D] - 29/02/2012 - 19:35:40 ---A- - C:\Windows\Prefetch\SNAGITEDITOR.EXE-2A4D5296.pf

O45 - LFCP:[MD5.DFDF02F1ECF34599373B7159899954C3] - 29/02/2012 - 19:35:42 ---A- - C:\Windows\Prefetch\COMUPDATUS.EXE-CCAFFC58.pf

O45 - LFCP:[MD5.7B51C28B7A8B12460ED7632397A4A935] - 29/02/2012 - 19:38:46 ---A- - C:\Windows\Prefetch\TQDTG1Q5.EXE-E074CAFD.pf

O45 - LFCP:[MD5.FC91F1AD341B149856261E2F58FB56B5] - 29/02/2012 - 20:05:10 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-125D4518.pf

O45 - LFCP:[MD5.154102003CE4A28E6BB66A93A85D9883] - 29/02/2012 - 20:12:12 ---A- - C:\Windows\Prefetch\CSC.EXE-4EF173D0.pf

O45 - LFCP:[MD5.B4BBB2DC94E0EEDEDA3176834FA6C4F2] - 29/02/2012 - 20:12:12 ---A- - C:\Windows\Prefetch\CVTRES.EXE-419E4E46.pf

O45 - LFCP:[MD5.CA2770A900524A45D17DD02E439C523B] - 29/02/2012 - 20:12:15 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf

O45 - LFCP:[MD5.84B743278A36149F17374BB056482FFC] - 29/02/2012 - 20:12:19 ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-67CD1457.pf

O45 - LFCP:[MD5.4E40F309CD626AE059CD8783AD8E975E] - 29/02/2012 - 20:12:22 ---A- - C:\Windows\Prefetch\W32TM.EXE-5D2265F4.pf

O45 - LFCP:[MD5.4089679E826C50251DFB7ACB79262C41] - 29/02/2012 - 20:12:23 ---A- - C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf

O45 - LFCP:[MD5.E650C3B99C2420E5B311224D577A3C90] - 29/02/2012 - 20:12:24 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf

O45 - LFCP:[MD5.4B626E4A3B4EB439625276AA8254AF35] - 29/02/2012 - 20:12:31 ---A- - C:\Windows\Prefetch\PING.EXE-B29F6629.pf

O45 - LFCP:[MD5.A234896963CE4220F4A250F82FDAA19C] - 29/02/2012 - 20:37:24 ---A- - C:\Windows\Prefetch\MSFEEDSSYNC.EXE-1F01ED17.pf

O45 - LFCP:[MD5.5C16F08AC9859E3F07D3C68BFC11CEB7] - 29/02/2012 - 20:39:26 ---A- - C:\Windows\Prefetch\IELOWUTIL.EXE-79D45B69.pf

O45 - LFCP:[MD5.BA7C6AD302FC0C7E2C5BAC957A0888E9] - 29/02/2012 - 20:45:29 ---A- - C:\Windows\Prefetch\TS3CLIENT_WIN32.EXE-875B5789.pf

O45 - LFCP:[MD5.050D1E8A2494AFAEEE25EFAEB5C7C897] - 29/02/2012 - 20:59:32 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-40C05CA3.pf

O45 - LFCP:[MD5.D3094B0E2E354596C4C0D9654C173F78] - 29/02/2012 - 20:59:36 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-24C4200B.pf

O45 - LFCP:[MD5.A03FAE84C2FEA18516645E0226C76D4D] - 29/02/2012 - 22:23:12 ---A- - C:\Windows\Prefetch\CCLEANER.EXE-CC440CDB.pf

O45 - LFCP:[MD5.40A51DCDAEF83613B53EC6BC6BEB0881] - 29/02/2012 - 22:27:13 ---A- - C:\Windows\Prefetch\IGFXTRAY.EXE-95873609.pf

O45 - LFCP:[MD5.420EFBB3D72226E532471E5935F9F9C7] - 29/02/2012 - 22:27:13 ---A- - C:\Windows\Prefetch\TEAMVIEWER_SERVICE.EXE-5B4FF1FB.pf

O45 - LFCP:[MD5.3A99A7DDCC24900A01D9CAF2DE26E1CA] - 29/02/2012 - 22:33:45 ---A- - C:\Windows\Prefetch\DOSCAN.EXE-94F878AD.pf

O45 - LFCP:[MD5.A9693F3EAEBAFB9190EC8862468F98AE] - 29/02/2012 - 22:33:45 ---A- - C:\Windows\Prefetch\NVTRAY.EXE-7D357916.pf

O45 - LFCP:[MD5.AE1EE7509336813152FB52B93C27C2CC] - 29/02/2012 - 22:33:45 ---A- - C:\Windows\Prefetch\WLIDSVCM.EXE-AD2DE5FA.pf

O45 - LFCP:[MD5.EE674F908DC2CECE2E11493D8FBABA90] - 29/02/2012 - 22:33:47 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-A9688DD8.pf

O45 - LFCP:[MD5.EB25C8C52CE15964F7E58FD677C754B6] - 29/02/2012 - 22:33:50 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-98B8E418.pf

O45 - LFCP:[MD5.8E11CF4AE900364788CBC5FA7D9C5B61] - 29/02/2012 - 22:34:05 ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-DF1DD51A.pf

O45 - LFCP:[MD5.57AFDC86A36EB0666E45CD80D6F4EF3D] - 29/02/2012 - 22:34:22 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-135A30D8.pf

O45 - LFCP:[MD5.8B9BF8DFE6A8C2E766943DF3F925C2AA] - 29/02/2012 - 22:34:22 ---A- - C:\Windows\Prefetch\WMPNETWK.EXE-BD0344CA.pf

O45 - LFCP:[MD5.B9C900D1E0E6AD92CDF016B0A2324BF3] - 29/02/2012 - 22:36:04 ---A- - C:\Windows\Prefetch\TEAMVIEWER.EXE-6CB91050.pf

O45 - LFCP:[MD5.FF8FA5F6AB5160EFF17A18726CBA6514] - 29/02/2012 - 22:57:16 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-AFD98684.pf

~ Scan Prefetcher in 00mn 03s

 

 

 

---\\ Déni du service (Local Security Authority) (O48)

O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll

O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\LIVESSP.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Contrôle du Safe Boot (CSB) (O49)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys

O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys

~ Scan CSB in 00mn 00s

 

 

 

---\\ MountPoints2 Shell Key (O51) (None)

 

---\\ Trojan Driver Search Data (HKLM) (O52)

O52 - TDSD: \Drivers32\"VIDC.I420"="lvcodec2.dll" . (.Logitech Inc. - Video Codec.) -- C:\Windows\System32\lvcodec2.dll

O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll

O52 - TDSD: \Drivers32\"VIDC.XFR1"="xfcodec.dll" . (.Pas de propriétaire - Xfire Video Codec.) -- C:\Windows\System32\xfcodec.dll

O52 - TDSD: \Drivers32\"vidc.VP60"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll

O52 - TDSD: \Drivers32\"vidc.VP61"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll

O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm

O52 - TDSD: \drivers.desc\"xfcodec.dll"="Xfire video codec [XFR1]" . (.Pas de propriétaire - Xfire Video Codec.) -- C:\Windows\System32\xfcodec.dll

O52 - TDSD: \drivers.desc\"vp6vfw.dll"="EA VP6 Codec" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ ShareTools MSconfig StartupReg (O53) (None)

 

---\\ Microsoft Control Security Providers (O54)

O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll

~ Scan Keys in 00mn 00s

 

 

 

---\\ Microsoft Windows Policies System (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5

O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3

O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1

O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0

O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=

O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=

O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0

O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ Scan Keys in 00mn 00s

 

 

 

---\\ Liste des Drivers Système (O58)

O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]

O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 14/07/2009 - 02:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]

O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]

O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 14/07/2009 - 02:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]

O58 - SDL:[MD5.D320BF87125326F996D4904FE24300FC] - 11/03/2011 - 06:38:37 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [80256]

O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 14/07/2009 - 02:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]

O58 - SDL:[MD5.46387FB17B086D16DEA267D5BE23A2F2] - 11/03/2011 - 06:38:37 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [22400]

O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]

O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]

O58 - SDL:[MD5.CBE71C122434805CB73FFB6619F60598] - 16/07/2009 - 04:36:30 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [13216]

O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 02/04/2009 - 13:30:14 ---A- . (...) -- C:\Windows\system32\drivers\ASUSHWIO.SYS [10296]

O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 13/07/2009 - 23:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]

O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 13/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]

O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 13/07/2009 - 23:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]

O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 14/07/2009 - 01:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]

O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 13/07/2009 - 23:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]

O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 13/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]

O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 13/07/2009 - 23:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]

O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 13/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]

O58 - SDL:[MD5.0F5CA31BB3FDB5C1E63C170CFBECC93B] - 03/02/2007 - 10:25:56 ---A- . (.Logitech Inc. - Universal Serial Bus Camera Driver.) -- C:\Windows\system32\drivers\Camdrl.sys [1075360]

O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 14/07/2009 - 02:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]

O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 14/07/2009 - 02:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]

O58 - SDL:[MD5.44996A2ADDD2DB7454F2CA40B67D8941] - 17/12/2009 - 23:25:12 ---A- . (.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) -- C:\Windows\system32\drivers\ElbyCDIO.sys [26024]

O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]

O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 13/07/2009 - 23:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]

O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]

O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 14/07/2009 - 02:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]

O58 - SDL:[MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - 11/03/2011 - 06:38:51 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332160]

O58 - SDL:[MD5.9467514EA189475A6E7FDC5D7BDE9D3F] - 23/09/2009 - 19:18:14 ---A- . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) -- C:\Windows\system32\drivers\igdkmd32.sys [4808192]

O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 14/07/2009 - 02:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]

O58 - SDL:[MD5.F7CDABA15C7E853F0A11AF6D77FCA990] - 23/08/2009 - 04:06:38 ---A- . (.Atheros Communications, Inc. - Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20.) -- C:\Windows\system32\drivers\L1E62x86.sys [48640]

O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]

O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 14/07/2009 - 02:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]

O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]

O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]

O58 - SDL:[MD5.64BC29C3A0388BFC580BB8B1346F7659] - 03/02/2007 - 10:32:36 ---A- . (.Logitech Inc. - USB Statistic Driver.) -- C:\Windows\system32\drivers\LVUSBSta.sys [41504]

O58 - SDL:[MD5.B7CA8CC3F978201856B6AB82F40953C3] - 10/12/2011 - 15:24:06 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [20464]

O58 - SDL:[MD5.0DB7527DB188C7D967A37BB51BBF3963] - 01/03/2012 - 14:43:07 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbamswissarmy.sys [40776]

O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]

O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 14/07/2009 - 02:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]

O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 14/07/2009 - 02:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]

O58 - SDL:[MD5.3D7FB57354703809B5F0C23287FAC1D6] - 17/01/2012 - 13:45:56 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [148800]

O58 - SDL:[MD5.F452E6AD3EDA2852F44BE492E283C40F] - 10/02/2012 - 05:13:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 295.73.) -- C:\Windows\system32\drivers\nvlddmkm.sys [10816832]

O58 - SDL:[MD5.B3E25EE28883877076E0E1FF877D02E0] - 11/03/2011 - 06:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117120]

O58 - SDL:[MD5.4380E59A170D88C4F1022EFF6719A8A4] - 11/03/2011 - 06:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [143744]

O58 - SDL:[MD5.8BB94087CEF0256F5EAD973D7524BF58] - 29/12/2011 - 18:17:23 ---A- . (...) -- C:\Windows\system32\drivers\PnkBstrK.sys [22328]

O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]

O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 14/07/2009 - 02:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064]

O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/07/2009 - 21:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]

O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016]

O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 14/07/2009 - 02:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [77888]

O58 - SDL:[MD5.5A293729E1F9FCE3A2106D1F5DC5E98A] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtsp.sys [283184]

O58 - SDL:[MD5.0DDB7FBA32BE09D8057063C0CEE24137] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtspl.sys [320944]

O58 - SDL:[MD5.A99719DFB61B61AA5026341BBB733C0A] - 08/03/2010 - 12:59:14 ---A- . (.Symantec Corporation - Symantec AutoProtect.) -- C:\Windows\system32\drivers\srtspx.sys [43696]

O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [21072]

O58 - SDL:[MD5.51B57CDA977170AC608D839DBFA1D3EE] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - DNS Filter Driver.) -- C:\Windows\system32\drivers\symdns.sys [12720]

O58 - SDL:[MD5.A54FF04BD6E75DC4D8CB6F3E352635E0] - 24/02/2011 - 19:29:35 ---A- . (.Symantec Corporation - Symantec Event Library.) -- C:\Windows\system32\drivers\SYMEVENT.SYS [124976]

O58 - SDL:[MD5.A131D8360B01044517AA44529E2137D6] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Firewall Filter Driver.) -- C:\Windows\system32\drivers\symfw.sys [145968]

O58 - SDL:[MD5.2B77868F02DAE02103380B824431B798] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - IDS Filter Driver.) -- C:\Windows\system32\drivers\symids.sys [39856]

O58 - SDL:[MD5.7D3ADDFE63E5227BD2DBD5692BAFB688] - 03/09/2009 - 16:03:52 ---A- . (.Symantec Corporation - NDIS Filter Driver.) -- C:\Windows\system32\drivers\symndisv.sys [38448]

O58 - SDL:[MD5.394B2368212114D538316812AF60FDDD] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Redirector Filter Driver.) -- C:\Windows\system32\drivers\symredrv.sys [26416]

O58 - SDL:[MD5.D46676BB414C7531BDFFE637A33F5033] - 03/09/2009 - 16:03:48 ---A- . (.Symantec Corporation - Network Dispatch Driver.) -- C:\Windows\system32\drivers\symtdi.sys [188080]

O58 - SDL:[MD5.94D73B62E458FB56C9CE60AA96D914F9] - 09/08/2009 - 22:25:56 ---A- . (.Elaborate Bytes AG - VirtualCloneCD Driver.) -- C:\Windows\system32\drivers\VClone.sys [29696]

O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 14/07/2009 - 02:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [16976]

O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 14/07/2009 - 02:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [141904]

O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]

O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\system32\country.sys [27097]

O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]

O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]

O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]

O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]

O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]

O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]

O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]

O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]

O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]

O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]

O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]

O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]

O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]

~ Scan Drivers in 00mn 02s

 

 

 

---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)

O61 - LFC:Last File Created 01/03/2012 - 11:30:42 ---A- C:\Users\CELSO\AppData\Local\Temp\VBE\MSForms.exd [147284]

O61 - LFC:Last File Created 01/03/2012 - 11:31:04 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\VB12.pip [144]

O61 - LFC:Last File Created 01/03/2012 - 11:35:23 ---A- C:\Users\CELSO\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\03012012.Log [12633729]

O61 - LFC:Last File Created 01/03/2012 - 12:03:58 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Recent\Bureau.LNK [869]

O61 - LFC:Last File Created 01/03/2012 - 12:03:58 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Recent\analyse symantec.csv.LNK [1046]

O61 - LFC:Last File Created 01/03/2012 - 12:04:08 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Excel12.pip [1548]

O61 - LFC:Last File Created 01/03/2012 - 12:10:51 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\6PcbXvOYPGrYpF1J8uz+rIO5qJ8= [31583]

O61 - LFC:Last File Created 01/03/2012 - 12:33:18 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\1330588303jtun_nav2k8en120229002.m25 [760506]

O61 - LFC:Last File Created 01/03/2012 - 12:33:18 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\sesc$20virus$20definitions$20win32$20v11_microdefsb.curdefs_symalllanguages_livetri.zip [3743]

O61 - LFC:Last File Created 01/03/2012 - 12:33:30 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\definfo.dat [34]

O61 - LFC:Last File Created 01/03/2012 - 12:33:39 ---A- C:\Users\All Users\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate [3040]

O61 - LFC:Last File Created 01/03/2012 - 12:33:39 R--A- C:\Users\All Users\Symantec\LiveUpdate\3.Settings.LiveUpdate [510528]

O61 - LFC:Last File Created 01/03/2012 - 12:33:40 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\usage.dat [54]

O61 - LFC:Last File Created 01/03/2012 - 12:34:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\umcat_01.db [1312051]

O61 - LFC:Last File Created 01/03/2012 - 12:34:04 R---- C:\Users\All Users\Symantec\LiveUpdate\Product.Inventory.LastGood.LiveUpdate [2992]

O61 - LFC:Last File Created 01/03/2012 - 12:34:05 ---A- C:\Users\All Users\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate [2992]

O61 - LFC:Last File Created 01/03/2012 - 12:34:05 R--A- C:\Users\All Users\Symantec\LiveUpdate\2.Settings.LiveUpdate [510528]

O61 - LFC:Last File Created 01/03/2012 - 12:39:52 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\CQwZgLaSjnb0aSgnte0M7pXE7Cc= [4248]

O61 - LFC:Last File Created 01/03/2012 - 12:51:01 ---A- C:\Users\CELSO\Downloads\ZHPDiag2.exe [3903203]

O61 - LFC:Last File Created 01/03/2012 - 13:13:01 ---A- C:\Users\CELSO\AppData\Local\Windows Live\uxcore_WindowsLivePhotoViewer_00.etl [8192]

O61 - LFC:Last File Created 01/03/2012 - 13:27:24 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\ErrorResponse.xml [2782]

O61 - LFC:Last File Created 01/03/2012 - 13:29:41 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\vscanmsx.dat [2072]

O61 - LFC:Last File Created 01/03/2012 - 13:41:14 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\D2Fs2FP9edNibi2FUnU68QJp2FHDruQ= [114017]

O61 - LFC:Last File Created 01/03/2012 - 14:02:42 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\l2FYx9OQxlMWS5U0Vwd3u71EzGdU= [21680]

O61 - LFC:Last File Created 01/03/2012 - 14:08:09 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\O6Zr0QCai9jdLxr60HNoo+ILm2F4= [1648]

O61 - LFC:Last File Created 01/03/2012 - 14:11:59 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\OtEP2PNqnqlqG8huXJcuw81r13U= [23008]

O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1937460202.data [761]

O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5135358950.data [778]

O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5135358950.quar [131072]

O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8691035605.data [769]

O61 - LFC:Last File Created 01/03/2012 - 14:12:43 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8691035605.quar [98304]

O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0033104322.data [763]

O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0033104322.quar [142336]

O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0664123904.data [771]

O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\0664123904.quar [98304]

O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1937460202.quar [98304]

O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2298142624.data [768]

O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2298142624.quar [137728]

O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8163806437.data [747]

O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9711662127.data [766]

O61 - LFC:Last File Created 01/03/2012 - 14:12:44 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9711662127.quar [98304]

O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2255608089.data [735]

O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2255608089.quar [98304]

O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\6654799231.data [732]

O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8036900737.data [737]

O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8036900737.quar [137728]

O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8163806437.quar [131072]

O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8390609058.data [740]

O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\8390609058.quar [98304]

O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9502101383.data [730]

O61 - LFC:Last File Created 01/03/2012 - 14:12:45 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9502101383.quar [98304]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1617154171.data [741]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\1617154171.quar [98304]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2950400291.data [749]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\2950400291.quar [98304]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\3333145503.data [743]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\3333145503.quar [142336]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\4142721184.data [748]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\4142721184.quar [137728]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5836691500.data [758]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5836691500.quar [131072]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\6654799231.quar [142336]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\6790898436.data [746]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\6790898436.quar [98304]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9081189669.data [751]

O61 - LFC:Last File Created 01/03/2012 - 14:12:46 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\9081189669.quar [98304]

O61 - LFC:Last File Created 01/03/2012 - 14:12:49 ---A- C:\Users\CELSO\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2012-03-01 (12-49-21).txt [7596]

O61 - LFC:Last File Created 01/03/2012 - 14:13:02 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\MSN Messenger\sqmnoopt00.sqm [664]

O61 - LFC:Last File Created 01/03/2012 - 14:13:03 ---A- C:\Users\CELSO\AppData\Local\Windows Live\uxcore_msnmsgr_00.etl [4096]

O61 - LFC:Last File Created 01/03/2012 - 14:13:45 ---A- C:\Users\All Users\Symantec\Common Client\settings.bak [215060]

O61 - LFC:Last File Created 01/03/2012 - 14:13:45 ---A- C:\Users\All Users\Symantec\Common Client\settings.dat [215060]

O61 - LFC:Last File Created 01/03/2012 - 14:13:49 ---A- C:\Users\All Users\NVIDIA\Updatus\updtConfig.xml [2390]

O61 - LFC:Last File Created 01/03/2012 - 14:13:54 ---A- C:\Users\All Users\Symantec\SavSubEng\submissions.idx [1940144]

O61 - LFC:Last File Created 01/03/2012 - 14:16:13 ---A- C:\Users\All Users\NVIDIA\Resource.old [1139961]

O61 - LFC:Last File Created 01/03/2012 - 14:16:56 R--A- C:\Users\All Users\Symantec\LiveUpdate\1.Settings.LiveUpdate [510528]

O61 - LFC:Last File Created 01/03/2012 - 14:16:57 ---A- C:\Users\All Users\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate [2992]

O61 - LFC:Last File Created 01/03/2012 - 14:18:56 ---A- C:\Users\All Users\NVIDIA\Updatus\updtclient.log.bak [131]

O61 - LFC:Last File Created 01/03/2012 - 14:35:52 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\database.conf [432]

O61 - LFC:Last File Created 01/03/2012 - 14:35:52 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref [6531208]

O61 - LFC:Last File Created 01/03/2012 - 14:43:10 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf [757]

O61 - LFC:Last File Created 01/03/2012 - 14:43:10 ---A- C:\Users\CELSO\AppData\Local\Temp\~DF5CF3D3764E743E9E.TMP [180224]

O61 - LFC:Last File Created 01/03/2012 - 15:54:23 ---A- C:\Users\All Users\NVIDIA\Resource.dat [1139961]

O61 - LFC:Last File Created 01/03/2012 - 15:55:11 R---- C:\Users\All Users\Symantec\LiveUpdate\Settings.LiveUpdate [510528]

O61 - LFC:Last File Created 01/03/2012 - 15:55:12 ---A- C:\Users\All Users\Symantec\LiveUpdate\Product.Inventory.LiveUpdate [2992]

O61 - LFC:Last File Created 01/03/2012 - 15:55:17 ---A- C:\Users\All Users\Symantec\LiveUpdate\Log.LiveUpdate [4058241]

O61 - LFC:Last File Created 01/03/2012 - 15:55:33 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\03012012.Log [12015454]

O61 - LFC:Last File Created 01/03/2012 - 15:57:02 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-03-01.txt [2656]

O61 - LFC:Last File Created 01/03/2012 - 15:57:04 ---A- C:\Users\All Users\NVIDIA\Updatus\journalBS.jour.dat [0]

O61 - LFC:Last File Created 01/03/2012 - 23:59:59 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\02292012.Log [4263676]

O61 - LFC:Last File Created 01/03/2012 - 23:59:59 ---A- C:\Users\CELSO\AppData\Local\Symantec\Symantec Endpoint Protection\Logs\02292012.Log [4261261]

O61 - LFC:Last File Created 27/02/2012 - 00:36:57 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\EH2c3YNpItgAvkVJFx+swrz9tqQ= [22245]

O61 - LFC:Last File Created 27/02/2012 - 12:34:23 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\1330305278jtun_nav2k8en120225008.m25 [665572]

O61 - LFC:Last File Created 27/02/2012 - 13:40:30 ---A- C:\Users\CELSO\AppData\Local\Temp\4675724.od [134]

O61 - LFC:Last File Created 27/02/2012 - 13:40:30 ---A- C:\Users\CELSO\AppData\Local\Temp\CVR588C.tmp.cvr [0]

O61 - LFC:Last File Created 27/02/2012 - 13:40:43 ---A- C:\Users\CELSO\AppData\Roaming\Microsoft\Outlook\Outlook.NK2 [30607]

O61 - LFC:Last File Created 27/02/2012 - 13:47:01 ---A- C:\Users\CELSO\AppData\Local\Temp\rpt-1.htm [360451]

O61 - LFC:Last File Created 27/02/2012 - 14:07:12 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\40E22BD7-489A-4A86-A25B-67479DF899EF.SNAG [36888]

O61 - LFC:Last File Created 27/02/2012 - 14:11:44 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Logs\02272012.Log [975]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\CATALOG.DAT [3714]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\ESRDEF.BIN [7220045]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TCDEFS.DAT [27565794]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TCSCAN7.DAT [23983593]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TCSCAN8.DAT [179342]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TCSCAN9.DAT [695979]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TINF.DAT [453]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TINFL.DAT [1957]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\TSCAN1.DAT [74646]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\V.GRD [5257]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\V.SIG [2609]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\V1.SIG [2266]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN.INF [106244]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN1.DAT [1068152]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN2.DAT [574728]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN3.DAT [158096]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN4.DAT [320439]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN5.DAT [16242365]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN6.DAT [399455]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN7.DAT [239182097]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN8.DAT [1022585]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\VIRSCAN9.DAT [6610224]

O61 - LFC:Last File Created 29/02/2012 - 10:00:00 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\20120229.034\WHATSNEW.TXT [41437]

O61 - LFC:Last File Created 29/02/2012 - 17:52:58 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\Cat.DB [1329804]

O61 - LFC:Last File Created 29/02/2012 - 17:54:13 ---A- C:\Users\All Users\Symantec\LiveUpdate\10.Product.Inventory.LiveUpdate [3040]

O61 - LFC:Last File Created 29/02/2012 - 17:54:13 R--A- C:\Users\All Users\Symantec\LiveUpdate\10.Settings.LiveUpdate [509141]

O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\blacklist.txt [120]

O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\checksum.txt [363135]

O61 - LFC:Last File Created 29/02/2012 - 17:56:37 ---A- C:\Users\CELSO\Documents\TmForever\Config\guestlist.txt [119]

O61 - LFC:Last File Created 29/02/2012 - 19:32:42 ---A- C:\Users\All Users\Symantec\LiveUpdate\9.Product.Inventory.LiveUpdate [3040]

O61 - LFC:Last File Created 29/02/2012 - 19:32:42 R--A- C:\Users\All Users\Symantec\LiveUpdate\9.Settings.LiveUpdate [509141]

O61 - LFC:Last File Created 29/02/2012 - 19:42:40 ---A- C:\Users\All Users\Symantec\LiveUpdate\Downloads\1330541382jtun_nav2k8en120226016.m25 [1987680]

O61 - LFC:Last File Created 29/02/2012 - 19:42:54 ---A- C:\Users\All Users\Symantec\LiveUpdate\8.Product.Inventory.LiveUpdate [3040]

O61 - LFC:Last File Created 29/02/2012 - 19:42:54 R--A- C:\Users\All Users\Symantec\LiveUpdate\8.Settings.LiveUpdate [509835]

O61 - LFC:Last File Created 29/02/2012 - 20:41:06 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\Ko5aPxTa5w1nO09UWz1xcIz5Vjg= [27779]

O61 - LFC:Last File Created 29/02/2012 - 20:45:36 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channel.txt [231]

O61 - LFC:Last File Created 29/02/2012 - 20:45:39 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channels\cache.dat [4]

O61 - LFC:Last File Created 29/02/2012 - 20:45:39 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\perm.dat [79438]

O61 - LFC:Last File Created 29/02/2012 - 20:45:45 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\channel.html [1059]

O61 - LFC:Last File Created 29/02/2012 - 20:45:47 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\channels\cache.dat [4]

O61 - LFC:Last File Created 29/02/2012 - 20:45:47 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\perm.dat [79436]

O61 - LFC:Last File Created 29/02/2012 - 20:49:07 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\ts3clientui_qt.secrets.conf [1198]

O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\icons\dummy.png [109]

O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\remote\downloads.csil.fr\manager\teamspeak\customers-banners\510-213.251.151.138-9509.6b04c2b318b48e6f1e590825bdc9714234ac41f1.29.02.2012.21.33.54.jpg [42922]

O61 - LFC:Last File Created 29/02/2012 - 20:49:10 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\N0FqWUdpRzJzOVdhSWR1Mi83OEVtek5DcTU4PQ==\channel.html [71187]

O61 - LFC:Last File Created 29/02/2012 - 20:49:24 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\channel.html [194]

O61 - LFC:Last File Created 29/02/2012 - 20:58:28 ---A- C:\Users\All Users\Symantec\Definitions\VirusDefs\umcat_02.db [1308039]

O61 - LFC:Last File Created 29/02/2012 - 20:58:49 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_ljedojdaaaeeidbmhnjokpfpibgmemaacmlcjaaf [19959]

O61 - LFC:Last File Created 29/02/2012 - 20:59:01 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_dobmnnckfihhhjnnengekhjonmipfkmcnahkcggl [11057]

O61 - LFC:Last File Created 29/02/2012 - 20:59:19 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800000\4FCE8397.VBN [79903]

O61 - LFC:Last File Created 29/02/2012 - 20:59:24 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\clients\avatar_kjbkpaccmbblhidcainhoblifiliaocnjfakiden [13969]

O61 - LFC:Last File Created 29/02/2012 - 20:59:26 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800000.VBN [7531]

O61 - LFC:Last File Created 29/02/2012 - 21:00:57 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\channels\cache.dat [4]

O61 - LFC:Last File Created 29/02/2012 - 21:00:57 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\cache\V1VVY1dkVmtBNW0rM0p2ZENkQVNwZnVqL0pZPQ==\perm.dat [79438]

O61 - LFC:Last File Created 29/02/2012 - 21:00:58 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\resolved.dat [112]

O61 - LFC:Last File Created 29/02/2012 - 21:00:58 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\subscribemode.dat [90]

O61 - LFC:Last File Created 29/02/2012 - 21:00:59 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\chats\NE1JVU9BeXFyWjI2YUhzSllvWGhjNXU2OGZJPQ==\server.html [4134]

O61 - LFC:Last File Created 29/02/2012 - 21:00:59 ---A- C:\Users\CELSO\AppData\Roaming\TS3Client\ts3clientui_qt.conf [4828]

O61 - LFC:Last File Created 29/02/2012 - 21:05:56 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800002.VBN [3582140]

O61 - LFC:Last File Created 29/02/2012 - 21:43:19 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800003.VBN [3582140]

O61 - LFC:Last File Created 29/02/2012 - 21:48:01 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800004.VBN [1454589]

O61 - LFC:Last File Created 29/02/2012 - 21:48:01 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800005.VBN [1453597]

O61 - LFC:Last File Created 29/02/2012 - 21:50:37 ---A- C:\Users\All Users\Symantec\Symantec Endpoint Protection\Quarantine\0F800006.VBN [3582140]

O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\SavUI.exe.Symantec AntiVirus.Symantec Corporation.11.0.6070.422.ico [107710]

O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\SymCorpUI.exe.Symantec AntiVirus.Symantec Corporation.11.0.6070.422.ico [107710]

O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\explorer.exe.Explorateur Windows.Microsoft Corporation.6.1.7601.17567.ico [187373]

O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\firefox.exe.Firefox.Mozilla Corporation.10.0.2.0.ico [295606]

O61 - LFC:Last File Created 29/02/2012 - 22:02:16 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\AppIcons\msnmsgr.exe.Windows Live Messenger.Microsoft Corporation.15.4.3538.513.ico [80395]

O61 - LFC:Last File Created 29/02/2012 - 22:08:23 ---A- C:\Users\All Users\Symantec\LiveUpdate\7.Product.Inventory.LiveUpdate [2992]

O61 - LFC:Last File Created 29/02/2012 - 22:08:23 R--A- C:\Users\All Users\Symantec\LiveUpdate\7.Settings.LiveUpdate [509835]

O61 - LFC:Last File Created 29/02/2012 - 22:08:43 ---A- C:\Users\All Users\Symantec\LiveUpdate\6.Product.Inventory.LiveUpdate [2992]

O61 - LFC:Last File Created 29/02/2012 - 22:08:43 R--A- C:\Users\All Users\Symantec\LiveUpdate\6.Settings.LiveUpdate [509835]

O61 - LFC:Last File Created 29/02/2012 - 22:09:27 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DataStore\SnagIt900.sdf [479232]

O61 - LFC:Last File Created 29/02/2012 - 22:23:17 ---A- C:\Users\CELSO\AppData\Local\Temp\~DFD922FE550D133114.TMP [81920]

O61 - LFC:Last File Created 29/02/2012 - 22:23:17 ---A- C:\Users\CELSO\AppData\Local\Temp\~DFE0DD2415462B9944.TMP [81920]

O61 - LFC:Last File Created 29/02/2012 - 22:23:23 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\DrawQuickStyles.xml [74]

O61 - LFC:Last File Created 29/02/2012 - 22:23:23 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\ImageQuickStyles.xml [80]

O61 - LFC:Last File Created 29/02/2012 - 22:23:23 ---A- C:\Users\CELSO\AppData\Local\TechSmith\SnagIt\Tray.bin [1474]

O61 - LFC:Last File Created 29/02/2012 - 22:26:42 ---A- C:\Users\All Users\Symantec\LiveUpdate\5.Product.Inventory.LiveUpdate [2992]

O61 - LFC:Last File Created 29/02/2012 - 22:26:42 R--A- C:\Users\All Users\Symantec\LiveUpdate\5.Settings.LiveUpdate [509835]

O61 - LFC:Last File Created 29/02/2012 - 22:26:49 ---A- C:\Users\CELSO\AppData\Local\Temp\9241.dir\InstallFlashPlayer.exe [3765920]

O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\link.txt [115]

O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe [9502424]

O61 - LFC:Last File Created 29/02/2012 - 22:29:58 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\news.txt [78]

O61 - LFC:Last File Created 29/02/2012 - 22:33:23 R--A- C:\Users\All Users\Symantec\LiveUpdate\4.Settings.LiveUpdate [509835]

O61 - LFC:Last File Created 29/02/2012 - 22:33:25 ---A- C:\Users\All Users\Symantec\LiveUpdate\4.Product.Inventory.LiveUpdate [2992]

O61 - LFC:Last File Created 29/02/2012 - 22:37:50 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\exclusions.dat [2]

O61 - LFC:Last File Created 29/02/2012 - 22:37:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\manifest.conf [514]

O61 - LFC:Last File Created 29/02/2012 - 22:37:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\news.conf [282]

O61 - LFC:Last File Created 29/02/2012 - 22:43:56 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5542903943.data [668]

O61 - LFC:Last File Created 29/02/2012 - 22:43:57 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\5542903943.quar [98304]

O61 - LFC:Last File Created 29/02/2012 - 22:47:49 ---A- C:\Users\CELSO\AppData\Local\Temp\MessengerCache\kcFudxBbsirDWQg8GXmnc01ZUT4= [21877]

O61 - LFC:Last File Created 29/02/2012 - 23:57:24 ---A- C:\Users\CELSO\Downloads\adwcleaner.exe [602051]

O61 - LFC:Last File Created 29/02/2012 - 23:57:47 ---A- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-02-29.txt [1478]

O61 - LFC:Last File Created 30/12/1899 - 12:03:58 --H-- C:\Users\CELSO\AppData\Roaming\Microsoft\Office\Recent\index.dat [61]

O61 - LFC:Last File Created 30/12/1899 - 14:13:20 --HA- C:\Users\CELSO\AppData\Local\IconCache.db [2587061]

~ Scan Files in 10mn 03s

 

 

 

---\\ Liste des outils de nettoyage (O63)

O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1

~ Scan ADS in 00mn 00s

 

 

 

---\\ Liste des services Legacy (O64)

O64 - Services: CurCS - 13/02/2012 - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (eeCtrl) .(.Symantec Corporation - Symantec Eraser Control Driver.) - LEGACY_EECTRL

O64 - Services: CurCS - 17/12/2009 - C:\Windows\system32\Drivers\ElbyCDIO.sys (ElbyCDIO) .(.Elaborate Bytes AG - ElbyCD Windows NT/2000/XP I/O driver.) - LEGACY_ELBYCDIO

O64 - Services: CurCS - 13/02/2012 - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (EraserUtilRebootDrv) .(.Symantec Corporation - Symantec Eraser Utility Driver.) - LEGACY_ERASERUTILREBOOTDRV

O64 - Services: CurCS - 10/12/2011 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMPROTECTOR

O64 - Services: CurCS - 01/03/2012 - C:\Windows\system32\drivers\mbamswissarmy.sys (MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMSWISSARMY

O64 - Services: CurCS - ??\??\???? - C:\Windows\system32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV

O64 - Services: CurCS - 18/12/2009 - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (SPBBCDrv) .(.Symantec Corporation - SPBBC Driver.) - LEGACY_SPBBCDRV

O64 - Services: CurCS - 08/03/2010 - C:\Windows\system32\Drivers\SRTSP.sys (SRTSP) .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSP

O64 - Services: CurCS - 08/03/2010 - C:\Windows\system32\Drivers\SRTSPX.sys (SRTSPX) .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSPX

O64 - Services: CurCS - 24/02/2011 - C:\Windows\system32\Drivers\SYMEVENT.sys (SymEvent) .(.Symantec Corporation - Symantec Event Library.) - LEGACY_SYMEVENT

O64 - Services: CurCS - 03/09/2009 - C:\Windows\system32\Drivers\SYMREDRV.sys (SYMREDRV) .(.Symantec Corporation - Redirector Filter Driver.) - LEGACY_SYMREDRV

O64 - Services: CurCS - 03/09/2009 - C:\Windows\system32\Drivers\SYMTDI.sys (SYMTDI) .(.Symantec Corporation - Network Dispatch Driver.) - LEGACY_SYMTDI

O64 - Services: CurCS - 15/12/2009 - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl ({B154377D-700F-42cc-9474-23858FBDF4BD}) .(.CyberLink Corp. - Pas de description.) - LEGACY_{B154377D-700F-42CC-9474-23858FBDF4BD}

~ Scan Services in 00mn 15s

 

 

 

---\\ Liste des fichiers non signés (O65) (None)

 

---\\ File Associations Shell Spawning (O67)

O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\system32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe

O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\system32\eventvwr.exe

O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*

O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\system32\WScript.exe

O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Start Menu Internet (O68)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe

~ Scan Keys in 00mn 00s

 

 

 

---\\ Search Browser Infection (O69)

O69 - SBI: C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\searchplugins\askcom.xml

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing

O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com

~ Scan Keys in 00mn 00s

 

 

 

---\\ Crack & Keygen Files (O82)

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar

F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe

F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe

F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj01.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj02.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj03.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj04.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj05.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj06.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj07.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj08.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj09.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj10.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj11.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj12.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj13.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj14.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj15.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj16.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj17.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj18.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj19.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj20.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj21.zip

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part01.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part02.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part03.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part04.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part05.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part06.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part07.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part08.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part09.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part10.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part11.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part12.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part13.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part14.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part15.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part16.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part17.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part18.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part19.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part20.rar

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part21.rar

F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe

F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe

F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar

~ Scan Files in 01mn 25s

 

 

 

---\\ Recherche des services démarrés par Svchost (O83)

O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\system32\aelupsvc.dll [62464]

O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [67584]

O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [67584]

O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\system32\srvsvc.dll [168960]

O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\system32\gpsvc.dll [593408]

O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\system32\ikeext.dll [674304]

O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\system32\Audiosrv.dll [473600]

O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\system32\rasauto.dll [90624]

O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\system32\rasmans.dll [286208]

O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\system32\mprdim.dll [75264]

O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\system32\sens.dll [49664]

O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\system32\ipnathlp.dll [300544]

O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\Windows\system32\tapisrv.dll [242176]

O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\system32\termsrv.dll [521216]

O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\system32\wuaueng.dll [1914368]

O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\system32\qmgr.dll [585728]

O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\system32\shsvcs.dll [328192]

O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\system32\iphlpsvc.dll [499712]

O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [21504]

O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\system32\appinfo.dll [47104]

O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [114688]

O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\system32\mmcss.dll [49664]

O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\system32\wercplsupport.dll [61440]

O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\system32\eapsvc.dll [98304]

O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [164352]

O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [750592]

O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\system32\kmsvc.dll [71168]

O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\system32\sessenv.dll [113664]

O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [168960]

O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\system32\browser.dll [102400]

O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\system32\themeservice.dll [37376]

O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\system32\bdesvc.dll [76800]

~ Scan Services in 00mn 00s

 

 

 

---\\ Recherche particuliere à la racine de certains dossiers (O84)

[MD5.A719B9EE6116B496F4000C0B1311EA13] [sPRF][26/02/2011] (...) -- C:\Users\CELSO\AppData\Roaming\PnkBstrK.sys [22328]

[MD5.371D4542D9EC5C1D90809F578D177429] [sPRF][29/02/2012] (...) -- C:\Users\CELSO\Desktop\adwcleaner.exe [602051]

[MD5.4D930392BD13F448ED474CE2C41DFADA] [sPRF][03/02/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.2 r152.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2871968]

~ Scan Files in 00mn 00s

 

 

 

---\\ Firewall Active Exception List (FirewallRules) (O87)

O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)

O87 - FAEL: "{6BEEBFC0-890F-4FE6-95D2-CA3B464DE353}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.)

O87 - FAEL: "{1BD6DC99-87C4-4937-826B-910BAE2DD02A}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.)

O87 - FAEL: "{1A15E680-3D45-4FC9-A726-1A974CFE5FF9}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.)

O87 - FAEL: "{0E87757C-0474-4D04-AC62-54285AFEF89E}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.)

O87 - FAEL: "{565E73E7-951A-4F8C-B01F-D13CC3A7C4B7}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe

O87 - FAEL: "{05162694-0646-465C-A3A2-F8B381D0353F}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe

O87 - FAEL: "{1AB9F83E-D904-4D7A-B1CB-15DF44FBBFD2}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O87 - FAEL: "{9F679F8F-4057-4EFD-B052-3093E62B57C6}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O87 - FAEL: "{768764A5-EE18-4CF0-A7C2-C06CA2470F4E}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec CMC Smc.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O87 - FAEL: "{B39930D3-0685-4B0B-B436-D92E51467FD0}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec CMC Smc.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O87 - FAEL: "{D0C64FAF-F625-4A2A-9DA8-0480DF218DAF}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec Network Access Control.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe

O87 - FAEL: "{21A47798-3CA9-4853-A8A4-13571D36B9D8}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec Network Access Control.) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe

O87 - FAEL: "{FF9446F0-997A-4989-8FAE-165400FA773B}" | In - Private - P6 - TRUE | .(.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O87 - FAEL: "{99B7EAE7-A241-42FE-A376-D00EC6BEC35E}" | In - Private - P17 - TRUE | .(.Symantec Corporation - Symantec User Session.) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

O87 - FAEL: "{6DDFD881-6916-4CAD-928A-CFB6C4C28F8E}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\IncMail.exe (.not file.)

O87 - FAEL: "{B2E79365-8139-4ACF-B9AE-816CD7BF2CFD}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\IncMail.exe (.not file.)

O87 - FAEL: "{AD6BF7BE-7D0A-4112-9536-DEAD743DD93A}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImApp.exe (.not file.)

O87 - FAEL: "{E02CD5AE-0A58-4241-9DE2-CC86585E3A32}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImApp.exe (.not file.)

O87 - FAEL: "{90A8D7F2-D7E0-4D88-88FC-538BEB05D43E}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\HomePlayer\HomePlayer.exe

O87 - FAEL: "{D1641D63-D1D2-4D22-AAAB-E6996B6BBC47}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\HomePlayer\HomePlayer.exe

O87 - FAEL: "{CBD46927-16E3-4645-A333-E3E96ADBF20D}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\HomePlayer\VLC\vlc.exe

O87 - FAEL: "{C463970E-9993-4131-A162-DB36ABC82DE5}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\HomePlayer\VLC\vlc.exe

O87 - FAEL: "{9F525B69-8322-43D5-AB5E-3D926DB5FE19}" | In - None - P17 - TRUE | .(.CyberLink Corp. - CyberLink PowerDVD Cinema Main Program.) -- C:\Program Files\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe

O87 - FAEL: "{2779ED72-2D8F-458E-A553-532462A26773}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDVD 9.0.) -- C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe

O87 - FAEL: "{07DDECF6-849F-4176-A6E7-16D105249038}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\PnkBstrA.exe

O87 - FAEL: "{C35DE4CF-48BA-4FAC-AC6D-7FC5A9D31068}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\PnkBstrA.exe

O87 - FAEL: "{D063662A-F9C5-4B72-91F6-89FE80620588}" | In - Private - P6 - TRUE | .(...) -- C:\Windows\System32\PnkBstrB.exe

O87 - FAEL: "{49A573E0-A040-4386-A288-BA6A270E7775}" | In - Private - P17 - TRUE | .(...) -- C:\Windows\System32\PnkBstrB.exe

O87 - FAEL: "{F129F5CC-FD1D-4D97-88D6-27AEC1428462}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe

O87 - FAEL: "{2736B1FE-2EC8-4A6D-9689-3F53070D4C57}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe

O87 - FAEL: "TCP Query User{A58B5EAA-3EF6-47B9-8C18-7CFFBC9C96C8}C:\program files\xfire\xfire.exe" | In - Private - P6 - TRUE | .(.Xfire Inc. - Xfire.) -- C:\Program Files\Xfire\Xfire.exe

O87 - FAEL: "UDP Query User{5AB11151-291C-4248-825E-AC23CEF8AD9B}C:\program files\xfire\xfire.exe" | In - Private - P17 - TRUE | .(.Xfire Inc. - Xfire.) -- C:\Program Files\Xfire\Xfire.exe

O87 - FAEL: "TCP Query User{199EC9F2-7B18-4BC7-8498-4E0B0854367A}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe

O87 - FAEL: "UDP Query User{59FFB152-C260-4FF9-984F-ADB091E925A6}C:\program files\tmnationsforever\tmforever.exe" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe

O87 - FAEL: "TCP Query User{927922A5-396E-4280-BFFD-C530A1F34AC0}C:\program files\activision\call of duty 2\cod2mp_s.exe" | In - Private - P6 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe

O87 - FAEL: "UDP Query User{C9A7C4FE-57EB-4D32-945C-7F465208635F}C:\program files\activision\call of duty 2\cod2mp_s.exe" | In - Private - P17 - TRUE | .(...) -- C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe

O87 - FAEL: "TCP Query User{8C2CCB46-F6A4-4475-8FEF-E0570A54DCC4}C:\program files\google\google earth\plugin\geplugin.exe" | In - Private - P6 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe

O87 - FAEL: "UDP Query User{782CF56E-D15C-44DA-96F7-2F3319969315}C:\program files\google\google earth\plugin\geplugin.exe" | In - Private - P17 - TRUE | .(.Google - Google Earth.) -- C:\Program Files\Google\Google Earth\plugin\geplugin.exe

O87 - FAEL: "TCP Query User{E90365DB-56C7-408B-A978-E040D9463AA0}C:\program files\maniaplanet\maniaplanet.exe" | In - Private - P6 - TRUE | .(.Nadeo - ManiaPlanet.) -- C:\Program Files\ManiaPlanet\ManiaPlanet.exe

O87 - FAEL: "UDP Query User{C40BA7F3-76AE-4350-AA3B-8B9302382B9A}C:\program files\maniaplanet\maniaplanet.exe" | In - Private - P17 - TRUE | .(.Nadeo - ManiaPlanet.) -- C:\Program Files\ManiaPlanet\ManiaPlanet.exe

O87 - FAEL: "{CB517CEE-EE2B-4FD8-AB90-821D40EA15FC}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe

O87 - FAEL: "{20628F0E-FE6A-4BC7-BC7A-0609D0C70DB5}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe

O87 - FAEL: "{A853B28D-A101-4BE2-9D3A-2278AE00E5F2}" | In - Private - P6 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

O87 - FAEL: "{A91ACAA4-41F8-4335-8F0B-1DDAAD02A7AF}" | In - Private - P17 - TRUE | .(.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

O87 - FAEL: "{1FB1CC51-A200-4A1E-AD1B-B8332BE8A238}" | In - None - P17 - TRUE | .(.Skype Limited - Facebook Video Calling.) -- C:\Users\CELSO\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

O87 - FAEL: "{469EE70C-48E3-442E-824B-E93B994E478E}" | In - Private - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O87 - FAEL: "{50002BA1-1F53-4912-A50B-859A2842C1B2}" | In - Private - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O87 - FAEL: "TCP Query User{0D8BB620-31ED-40A2-9352-07C707B29323}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P6 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe

O87 - FAEL: "UDP Query User{0865982E-E7D0-4E3A-851E-382BEDD64A2D}C:\program files\tmnationsforever\tmforever.exe" | In - Public - P17 - TRUE | .(...) -- C:\Program Files\TmNationsForever\TmForever.exe

~ Scan Firewall in 00mn 02s

 

 

 

---\\ Scan Additionnel (O88)

Database Version : 9066 - (05/02/2012)

Clés trouvées (Keys found) : 2

Valeurs trouvées (Values found) : 1

Dossiers trouvés (Folders found) : 4

Fichiers trouvés (Files found) : 0

 

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] =>Toolbar.Agent

[HKLM\Software\Xfire\OpenCandy] =>Adware.OpenCandy

[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} =>Toolbar.AskSBar

C:\Users\CELSO\AppData\Roaming\OpenCandy =>Adware.OpenCandy

C:\Users\CELSO\AppData\Local\OpenCandy =>Adware.OpenCandy

C:\Users\CELSO\AppData\LocalLow\ShopperReports3 =>Adware.ShopperReports

~ Scan Additionnel in 00mn 05s

 

 

 

---\\ Recherche détournement de DNS routeur (O89)

Serveur : google-public-dns-a.google.com

Address: 8.8.8.8

Nom : www-cctld.l.google.com

Address: 173.194.67.94

Aliases: www.google.fr

~ Scan DNS in 00mn 02s

 

 

 

---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)

SR - | Auto 03/01/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Auto 25/01/2010 108392 | (ccEvtMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

SR - | Auto 25/01/2010 108392 | (ccSetMgr) . (.Symantec Corporation.) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

SS - | Auto 30/04/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 30/04/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe

SS - | Demand 17/02/2010 3093880 | (LiveUpdate) . (.Symantec Corporation.) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.exe

SR - | Auto 13/01/2012 652360 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

SR - | Auto 10/02/2012 645440 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe

SR - | Auto 10/02/2012 2348352 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

SR - | Auto 75136 | (PnkBstrA) . (...) - C:\Windows\System32\PnkBstrA.exe

SR - | Auto 16/04/2010 1881368 | (SmcService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

SS - | Disabled 01/04/2010 349512 | (SNAC) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.exe

SR - | Auto 09/02/2012 382272 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

SR - | Auto 23/04/2010 1831024 | (Symantec AntiVirus) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

SR - | Auto 07/12/2010 2228008 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

SR - | Auto 02/12/2011 2923392 | (TeamViewer7) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 15/12/2009 87536 | ({B154377D-700F-42cc-9474-23858FBDF4BD}) . (.CyberLink Corp..) - C:\Program Files\CyberLink\PowerDVD9\NavFilter\000.fcl

~ Scan Services in 00mn 05s

 

 

 

---\\ Recherche Master Boot Record Infection (MBR)(O80)

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Run by CELSO at 01/03/2012 16:13:31

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys

1 ntkrnlpa!IofCallDriver[0x8304B52A] -> \Device\Harddisk0\DR0[0x865699E0]

3 CLASSPNP[0x8B78859E] -> ntkrnlpa!IofCallDriver[0x8304B52A] -> [0x860AB918]

5 ACPI[0x8B2943D4] -> ntkrnlpa!IofCallDriver[0x8304B52A] -> \Device\Ide\IdeDeviceP2T0L0-2[0x860D0908]

kernel: MBR read successfully

user & kernel MBR OK

~ Scan MBR in 00mn 02s

 

 

 

---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)

Written by ad13, http://ad13.geekstog

Run by CELSO at 01/03/2012 16:13:33

 

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ Scan MBR in 00mn 04s

 

 

 

End of the scan (1690 lines in 16mn 43s)(54)

[pear]

Vous devez trouver sur le bureau ou ,sinon, dans le dossier où vous avez installé Zhpdiag ces 3 icônes .

Cliquer sur l'icône Zhpfix

Sous Vista/7 clic-droit, "Exécuter En tant qu'Administrateur

Copiez/Collez les lignes vertes dans le cadre ci dessous:

pour cela;

Clic gauche maintenu enfoncé, Balayer l'ensemble du texte à copier avec la souris pour le mettre en surbrillance ,de gauche à droite et de haut en bas

Ctrl+c mettre le tout en mémoire

Ctrl+v pour inscrire le texte dans le Document

Vous ne verrez rien avant d'avoir Cliqué sur le H-

 

PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...)

O43 - CFD: 26/02/2011 - 18:57:26 - [8,253] ----D- C:\Users\CELSO\AppData\Roaming\OpenCandy => Infection PUP (Adware.OpenCandy)

O43 - CFD: 27/02/2011 - 10:06:50 - [0] ----D- C:\Users\CELSO\AppData\Local\OpenCandy => Infection PUP (Adware.OpenCandy)

C:\Users\CELSO\AppData\Roaming\OpenCandy => Infection PUP (Adware.OpenCandy)

C:\Users\CELSO\AppData\Local\OpenCandy => Infection PUP (Adware.OpenCandy)

C:\Users\CELSO\AppData\LocalLow\ShopperReports3 => Infection BT (Adware.ShopperReports)

 

PROCESSUS SUPERFLU DU SYSTEME

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

[MD5.00000000000000000000000000000000] [APT] [{3297A559-5B5F-4C7C-B424-1361C06D20FE}] (...) -- D:\Directx\dxsetup.exe (.not file.) => Fichier absent

[MD5.00000000000000000000000000000000] [APT] [{87C5EE51-F534-4BED-BEB0-CF23AD2C062F}] (...) -- C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrinké\pacht cod2\pbsetup.exe (.not file.) => Fichier absent

O43 - CFD: 26/02/2012 - 12:36:26 - [0] ----D- C:\Users\CELSO\AppData\Local\{21323798-F0F1-46C1-93F5-4D78751EDA46} => Empty Folder not necessary

O43 - CFD: 27/02/2012 - 00:37:40 - [0] ----D- C:\Users\CELSO\AppData\Local\{68DB5F03-B576-48F7-85FE-84B19F380F95} => Empty Folder not necessary

O43 - CFD: 29/02/2012 - 19:37:48 - [0] ----D- C:\Users\CELSO\AppData\Local\{83DA3416-C940-4A57-800C-0BC28D0F7B1B} => Empty Folder not necessary

O43 - CFD: 01/03/2012 - 11:56:40 - [0] ----D- C:\Users\CELSO\AppData\Local\{A8D7FA30-AE5A-4015-90E3-7A07465B2017} => Empty Folder not necessary

O43 - CFD: 27/02/2012 - 13:24:00 - [0] ----D- C:\Users\CELSO\AppData\Local\{DCCAC3E5-0625-43BD-9A0A-BCABC323C64F} => Empty Folder not necessary

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe => Crack, KeyGen, Keymaker - Possible Malware

C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe => Crack, KeyGen, Keymaker - Possible Malware

F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj01.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj02.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj03.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj04.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj05.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj06.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj07.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj08.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj09.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj10.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj11.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj12.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj13.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj14.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj15.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj16.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj17.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj18.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj19.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj20.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj21.zip => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part01.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part02.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part03.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part04.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part05.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part06.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part07.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part08.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part09.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part10.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part11.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part12.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part13.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part14.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part15.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part16.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part17.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part18.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part19.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part20.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part21.rar => Crack, KeyGen, Keymaker - Possible Malware

F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware

F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe => Crack, KeyGen, Keymaker - Possible Malware

F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar => Crack, KeyGen, Keymaker - Possible Malware

O87 - FAEL: "{6BEEBFC0-890F-4FE6-95D2-CA3B464DE353}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.) => IncrediMail

O87 - FAEL: "{1BD6DC99-87C4-4937-826B-910BAE2DD02A}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.) => IncrediMail

O87 - FAEL: "{1A15E680-3D45-4FC9-A726-1A974CFE5FF9}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.) => IncrediMail

O87 - FAEL: "{0E87757C-0474-4D04-AC62-54285AFEF89E}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImpCnt.exe (.not file.) => IncrediMail

O87 - FAEL: "{AD6BF7BE-7D0A-4112-9536-DEAD743DD93A}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImApp.exe (.not file.) => IncrediMail

O87 - FAEL: "{E02CD5AE-0A58-4241-9DE2-CC86585E3A32}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files\IncrediMail\Bin\ImApp.exe (.not file.) => IncrediMail

 

TOOLBAR INUTILE (Navigateur internet)

M3 - MFPP: Plugins - [CELSO] -- C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\searchplugins\askcom.xml => Plugin Mozilla Firefox Ask.com

O69 - SBI: C:\Users\CELSO\AppData\Roaming\Mozilla\Firefox\Profiles\y5f7xqok.default\searchplugins\askcom.xml => Plugin Mozilla Firefox Ask.com

O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://websearch.ask.com => Toolbar.Agent

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}] => Toolbar.Agent

[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440} => Toolbar.Ask

 

 

 

EmptyFlash

EmptyTemp

FirewallRaz

 

 

Cliquer sur "OK", ce qui fait apparaître un carré à gauche de chaque ligne.

Cliquer sur "Tous" puis sur "Nettoyer" .

Redémarrer pour achever le nettoyage.

Un rapport apparait:

Si le rapport n'apparait pas,cliquer sur

Copier-coller le rapport de suppression dans la prochaine réponse.

[rital94]

Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011

Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-01-03-2012-17-56-48.txt

Run by CELSO at 01/03/2012 17:56:48

Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)

Web site : ZHPFix Fix de rapport

Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com

 

========== Processus mémoire ==========

SUPPRIME Memory Process: C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe

SUPPRIME Memory Process: C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe

SUPPRIME Memory Process: F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe

SUPPRIME Memory Process: F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe

SUPPRIME Memory Process: F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\keygen.exe

SUPPRIME Memory Process: F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen\oodpe_8_5_1932_fra.exe

 

========== Clé(s) du Registre ==========

SUPPRIME Key: SearchScopes :{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

 

========== Valeur(s) du Registre ==========

SUPPRIME {6BEEBFC0-890F-4FE6-95D2-CA3B464DE353}

SUPPRIME {1BD6DC99-87C4-4937-826B-910BAE2DD02A}

SUPPRIME {1A15E680-3D45-4FC9-A726-1A974CFE5FF9}

SUPPRIME {0E87757C-0474-4D04-AC62-54285AFEF89E}

SUPPRIME {AD6BF7BE-7D0A-4112-9536-DEAD743DD93A}

SUPPRIME {E02CD5AE-0A58-4241-9DE2-CC86585E3A32}

SUPPRIME [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{D4027C7F-154A-4066-A1AD-4243D8127440}

ABSENT Valeur Standard Profile: FirewallRaz :

ABSENT Valeur Domain Profile: FirewallRaz :

SUPPRIME FirewallRaz (Domain) : NetPres-In-TCP-NoScope

SUPPRIME FirewallRaz (Domain) : NetPres-Out-TCP-NoScope

SUPPRIME FirewallRaz (None) : NetPres-WSD-In-UDP

SUPPRIME FirewallRaz (None) : NetPres-WSD-Out-UDP

SUPPRIME FirewallRaz (Public) : NetPres-In-TCP

SUPPRIME FirewallRaz (Public) : NetPres-Out-TCP

SUPPRIME FirewallRaz (Private) : {6DDFD881-6916-4CAD-928A-CFB6C4C28F8E}

SUPPRIME FirewallRaz (Private) : {B2E79365-8139-4ACF-B9AE-816CD7BF2CFD}

 

========== Elément(s) de donnée du Registre ==========

SUPPRIME R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

 

========== Dossier(s) ==========

SUPPRIME Folder: C:\Users\CELSO\AppData\Roaming\OpenCandy

SUPPRIME Folder: C:\Users\CELSO\AppData\Local\OpenCandy

SUPPRIME Folder: c:\users\celso\appdata\locallow\shopperreports3

SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{21323798-F0F1-46C1-93F5-4D78751EDA46}

SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{68DB5F03-B576-48F7-85FE-84B19F380F95}

SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{83DA3416-C940-4A57-800C-0BC28D0F7B1B}

SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{A8D7FA30-AE5A-4015-90E3-7A07465B2017}

SUPPRIME Folder: C:\Users\CELSO\AppData\Local\{DCCAC3E5-0625-43BD-9A0A-BCABC323C64F}

SUPPRIME Flash Cookies: 26

SUPPRIME Temporaires Windows: : 105

 

========== Fichier(s) ==========

ABSENT Folder/File: c:\users\celso\appdata\roaming\opencandy

ABSENT Folder/File: c:\users\celso\appdata\local\opencandy

SUPPRIME File: c:\users\celso\desktop\sauvegarde\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\keygen.exe

SUPPRIME File***: c:\users\celso\desktop\sauvegarde\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\oodpe_8_5_1932_fra.exe

SUPPRIME File: C:\Users\CELSO\Desktop\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar

SUPPRIME File: f:\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\keygen.exe

SUPPRIME File: f:\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\oodpe_8_5_1932_fra.exe

SUPPRIME File: F:\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj01.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj02.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj03.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj04.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj05.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj06.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj07.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj08.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj09.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj10.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj11.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj12.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj13.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj14.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj15.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj16.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj17.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj18.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj19.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj20.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj21.zip

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part01.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part02.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part03.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part04.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part05.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part06.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part07.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part08.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part09.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part10.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part11.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part12.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part13.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part14.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part15.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part16.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part17.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part18.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part19.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part20.rar

SUPPRIME File: F:\News Leecher\Ashampoo.Burning.Studio.10.v10.0.10.Incl.Keygen-Lz0\lzwgqj22\Linezer0.part21.rar

SUPPRIME File: f:\sauvegarde\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\keygen.exe

SUPPRIME File: f:\sauvegarde\logiciel maintenance & dvd shrink,\o&o\o&o defrag pro v8.5.1932fr + keygen\oodpe_8_5_1932_fra.exe

SUPPRIME File: F:\Sauvegarde\Logiciel Maintenance & dvd Shrink,\O&O\O&O Defrag Pro v8.5.1932fr + Keygen.rar

SUPPRIME File: c:\users\celso\appdata\roaming\mozilla\firefox\profiles\y5f7xqok.default\searchplugins\askcom.xml

ABSENT File: c:\users\celso\appdata\roaming\mozilla\firefox\profiles\y5f7xqok.default\searchplugins\askcom.xml

SUPPRIME Flash Cookies: 10

SUPPRIME Temporaires Windows: : 249

 

========== Tache planifiée ==========

SUPPRIME Task: {3297A559-5B5F-4C7C-B424-1361C06D20FE}

SUPPRIME Task: {87C5EE51-F534-4BED-BEB0-CF23AD2C062F}

 

========== Autre ==========

NON TRAITE PROCESSUS MALWARE (Rootkit, trojan, ver, spyware, adware,...)

NON TRAITE PROCESSUS SUPERFLU DU SYSTEME

NON TRAITE TOOLBAR INUTILE (Navigateur internet)

 

 

========== Récapitulatif ==========

6 : Processus mémoire

2 : Clé(s) du Registre

17 : Valeur(s) du Registre

1 : Elément(s) de donnée du Registre

10 : Dossier(s)

57 : Fichier(s)

2 : Tache planifiée

3 : Autre

 

 

End of clean in 00mn 21s

 

========== Chemin de fichier rapport ==========

C:\ZHP\ZHPFix[R1].txt - 01/03/2012 17:56:48 [9840]

[rital94]

desole

mauvaise manipulation imposible de vous mettre une image !!!

Modifié le 1 mars 2012 par rital94