Infection par un rogue « Antivirus Security Pro »

[brisbane]

Bonjour,

 

lundi, suite à une infection par un logiciel malveillant prenant l'apparence d'un antivirus, mon ordi portable était complètement bloqué.

J'ai, par l'intermédiaire d'un autre ordinateur réussi à installer rkill et à limiter l'action du virus.

voici le rapport :

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/09/2013 02:51:05 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\ProgramData\7gX7prng\7gX7prng.exe (PID: 6852) [AU-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* ALERT: ZEROACCESS rootkit symptoms found!

* C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ [ZA Dir]
* C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \ [ZA Dir]
* C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\ [ZA Dir]
* C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\ﯹ๛\ [ZA Dir]
* C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\ﯹ๛\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ [ZA Dir]
* C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ [ZA Dir]
* C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\❤≸⋙\ [ZA Dir]
* C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
* C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
* C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ [ZA Dir]

 

J'en ai profité pour installer malwarbytes anti-malware et j'ai fait deux recherches (la première ayant été interrompue) dont voici les rapports :

 

Internet Explorer 10.0.9200.16660
claben :: CLABEN-TOSH [administrateur]

Protection: Désactivé

09/09/2013 15:19:58
mbam-log-2013-09-09 (15-19-58).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 29701
Temps écoulé: 2 minute(s), 47 seconde(s) [abandonné]

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 4
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Rootkit.0Access.ED) -> Mis en quarantaine et supprimé avec succès.
HKLM\SYSTEM\CurrentControlSet\Services\etadpug (Rootkit.0Access.ED) -> Suppression au redémarrage.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AS2014 (Trojan.Agent.rfz) -> Données: C:\ProgramData\7gX7prng\7gX7prng.exe -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AS2014 (Trojan.Agent.rfz) -> Données: C:\ProgramData\7gX7prng\7gX7prng.exe -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Rootkit.0Access.ED) -> Données: -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 4
C:\ProgramData\7gX7prng\7gX7prng.exe (Trojan.Agent.rfz) -> Mis en quarantaine et supprimé avec succès.
C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{a6485946-bdb9-5483-f823-9e57c89b51e6}\GoogleUpdate.exe (Rootkit.0Access.ED) -> Mis en quarantaine et supprimé avec succès.
c:\program files (x86)\google\desktop\install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\ﯹ๛\{a6485946-bdb9-5483-f823-9e57c89b51e6}\googleupdate.exe (Rootkit.0Access.ED) -> Mis en quarantaine et supprimé avec succès.
C:\Users\claben\Downloads\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> Mis en quarantaine et supprimé avec succès.

(fin)

 

 

 

Malwarebytes Anti-Malware (Essai) 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2013.09.09.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
claben :: CLABEN-TOSH [administrateur]

Protection: Activé

09/09/2013 15:28:20
mbam-log-2013-09-09 (15-28-20).txt

Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 472257
Temps écoulé: 2 heure(s), 31 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKLM\SYSTEM\CurrentControlSet\Services\etadpug (Trojan.Zaccess) -> Suppression au redémarrage.

Valeur(s) du Registre détectée(s): 1
HKCU\Control Panel\don't load|wscui.cpl (Hijack.SecurityCenter) -> Données: No -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès

Dossier(s) détecté(s): 5
C:\Users\claben\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\claben\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Mis en quarantaine et supprimé avec succès.
C:\Users\claben\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Mis en quarantaine et supprimé avec succès.
C:\Users\claben\AppData\Roaming\OpenCandy\01B83871E55A41F9B3E9803DD03AF7D2 (PUP.Optional.OpenCandy) -> Mis en quarantaine et supprimé avec succès.
C:\Users\claben\AppData\Roaming\OpenCandy\OpenCandy_523B83E780674912A7ACB7D3F417212C (PUP.Optional.OpenCandy) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 10
C:\Users\claben\Desktop\sony vegas platinium\Sony.Vegas.Movie.Studio.HD.Platinum.v11.0.Build.256.mundomanuales.com\vegas.movie.studio.hd.platinum.11.0-mpt.rar (PUP.Hacktool.Patcher) -> Mis en quarantaine et supprimé avec succès.
C:\Users\claben\Desktop\sony vegas platinium\Sony.Vegas.Movie.Studio.HD.Platinum.v11.0.Build.256.mundomanuales.com\vegas.movie.studio.hd.platinum.11.0-mpt\vegas.movie.studio.hd.platinum.11.0-mpt.exe (PUP.Hacktool.Patcher) -> Mis en quarantaine et supprimé avec succès.
D:\CLABEN-TOSH\Backup Set 2013-08-04 194024\Backup Files 2013-08-25 190003\Backup files 398.zip (PUP.Hacktool.Patcher) -> Mis en quarantaine et supprimé avec succès.
C:\Users\claben\Desktop\Antivirus Security Pro support.url (Rogue.AntiVirusSecurity) -> Mis en quarantaine et supprimé avec succès.

 

depuis, je peux utiliser à nouveau mon portable mais je ne peux rien télécharger !!

 

Le téléchargement d'un fichier débute normalement mais se termine toujours par un message ".... contenait un virus et a été supprimé" (je crois que c'est un message de Windows)

 

par ailleurs, le centre de sécurité de Windows de mon portable est complètement bloqué, je n'ai plus de pare-feu non plus.

 

Pourriez-vous m'aider s'il vous plait ?

 

Merci beaucoup !

[pear]

Bonjour,

 

Avant tout, il vous faut une autre machine en état de marche disposant d'un graveur où vous insérez un disque vierge(cd ou dvd)

Sur la machine malade,vérifier l'ordre du boot dans le BIOS et mettre le lecteur cd(dvd) en premier(First boot)

Télécharger OTLPEStd.exe

Ou à partir de ce lien
sur le Bureau
Le fichier fait plus de 97MB, soyez donc patient pour le téléchargement.
Lancez le fichier OTLPEStd.exe ;
Un fichier .iso inclus dans le téléchargement sera gravé sur le disque vierge qui permettra d'avoir accès aux fichiers de la machine malade.
Insèrez le disque gravé sur la machine infectée et démarrez à partir de ce disque.
Vous devez voir bureau REATOGO-X-PE


Utilisez Internet Explorer pour télécharger:

Choisissez la version 32 ou 64 bits en fonction de votre système

FRST 64 de Farbar
Frst 32 de Farbar
Fermez toutes les applications, y compris le navigateur
Double-clic sur FRST64.exe et sur Oui pour accepter le Disclaimer
Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur


Sur le menu principal,

clic sur Scan
A la fin du scan, un rapport FRST.txt s'ouvre.
Au premier lancement, un fichier nommé Addition.txt sera créé

[brisbane]

Aïe, je n'ai pas de quoi graver... il va falloir que je trouve quelqu'un

[pear]

Vous avez une deuxième machine.

Utilisez la machine propre pour installer Frst sur une clé usb .

Lancez le sur la machine infecté deuis la clé usb

[brisbane]

Voici le bilan du scan :

 

le frst.txt :

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013

Ran by claben (administrator) on CLABEN-TOSH on 11-09-2013 12:59:19

Running from E:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TEco.exe

(GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)

HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-06] (Toshiba Europe GmbH)

HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-06] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35160 2009-08-06] (TOSHIBA Corporation)

HKLM\...\Run: [smoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)

HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)

HKLM\...\Run: [smartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)

HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1481568 2009-08-26] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)

HKLM\...\Policies\Explorer: [NoActiveDesktop] 1

HKCU\...\Run: [ANT Agent] - C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.)

HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)

HKCU\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

MountPoints2: {134e4667-28ea-11e1-ab9f-002622389922} - "E:\WD SmartWare.exe" autoplay=true

HKLM-x32\...\Run: [sVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-08-12] (TOSHIBA)

HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)

HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-08-11] (TOSHIBA CORPORATION.)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-10] (Avira Operations GmbH & Co. KG)

HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)

HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)

Startup: C:\Users\claben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk

ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH

URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File

SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKCU - {20F326C9-145F-48EA-8DF7-29B0E63979C0} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKCU - {E8353643-B38D-4BD9-A5C4-3FC9F7330513} URL = http://rover.ebay.com/rover/1/709-44555-9400-8/4?satitle={searchTerms}

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

DPF: HKLM-x32 {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20110310125158

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler-x32: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.254

 

FireFox:

========

FF ProfilePath: C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default

FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");

FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()

FF Plugin: @eleco.com/o2cplayer - C:\Users\claben\Desktop\o2c Player\npO2CPlayer64.DLL No File

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @eleco.com/o2cplayer - C:\Users\claben\Desktop\o2c Player\npO2CPlayer.DLL No File

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml

FF Extension: Vuze Remote Community Toolbar - C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

FF Extension: IMinent Toolbar - C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}

 

Chrome:

=======

 

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File

CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (O2C-Player Plug-In) - C:\Users\claben\Desktop\o2c Player\npO2CPlayer.DLL No File

CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Extension: (Google Drive) - C:\Users\claben\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0

CHR Extension: (YouTube) - C:\Users\claben\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0

CHR Extension: (Google Search) - C:\Users\claben\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0

CHR Extension: (Gmail) - C:\Users\claben\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

 

==================== Services (Whitelisted) =================

 

R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [655928 2013-09-10] (Avira Operations GmbH & Co. KG)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [622648 2013-09-10] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-10] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-10] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-10] (Avira Operations GmbH & Co. KG)

S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-06] (Toshiba Europe GmbH)

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\???\{a6485946-bdb9-5483-f823-9e57c89b51e6}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

 

==================== Drivers (Whitelisted) ====================

 

R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-13] (Avira GmbH)

R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-13] (Avira GmbH)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-10] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-10] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-27] (Avira Operations GmbH & Co. KG)

S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)

S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.)

S3 PMUSB2G; C:\Windows\System32\Drivers\PMUSB.sys [26624 2006-10-30] (PassMark Software)

S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-09-09 15:26 - 2013-09-11 12:23 - 00000616 _____ C:\Windows\setupact.log

2013-09-09 15:26 - 2013-09-09 15:26 - 00000000 _____ C:\Windows\setuperr.log

2013-09-09 15:24 - 2013-09-10 22:20 - 00006114 _____ C:\Windows\PFRO.log

2013-09-09 15:18 - 2013-09-09 15:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\claben\Desktop\mbam-setup-1.75.0.1300.exe

2013-09-09 15:18 - 2013-09-09 15:18 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-09 15:18 - 2013-09-09 15:18 - 00000000 ____D C:\Users\claben\AppData\Roaming\Malwarebytes

2013-09-09 15:18 - 2013-09-09 15:18 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-09 15:18 - 2013-09-09 15:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-09 15:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-09-09 14:28 - 2013-09-09 14:51 - 00004040 _____ C:\Users\claben\Desktop\Rkill.txt

2013-09-09 14:28 - 2013-09-09 14:28 - 00000000 ____D C:\Users\claben\Desktop\rkill

2013-09-09 13:52 - 2013-09-09 14:54 - 00000000 ____D C:\Users\claben\Desktop\RK_Quarantine

2013-09-09 13:52 - 2013-09-09 14:08 - 00918016 _____ C:\Users\claben\Desktop\RogueKiller.exe

2013-09-09 13:52 - 2013-09-09 13:52 - 00918016 _____ C:\Users\claben\Desktop\RogueKiller.com

2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Users\claben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro

2013-09-09 12:45 - 2013-09-09 13:08 - 00000000 ____D C:\ProgramData\7gX7prng

2013-09-07 07:09 - 2013-09-07 07:09 - 00000000 ____D C:\Users\claben\AppData\Roaming\S.A.D

2013-09-06 21:06 - 2013-09-06 21:07 - 08465319 _____ C:\Users\claben\Downloads\Ithaque.zip

2013-09-05 21:47 - 2013-09-05 21:51 - 41404760 _____ (Apple Inc.) C:\Users\claben\Downloads\QuickTimeInstaller.exe

2013-09-05 21:44 - 2013-09-05 21:44 - 00001114 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-09-05 21:44 - 2013-09-05 21:44 - 00000000 ____D C:\ProgramData\Mozilla

2013-09-05 21:44 - 2013-09-05 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-09-05 21:42 - 2013-09-05 21:42 - 00282024 _____ (Mozilla) C:\Users\claben\Downloads\Firefox Setup Stub 23.0.1.exe

2013-08-23 22:21 - 2013-08-23 22:29 - 00000000 ____D C:\Users\claben\Desktop\photo ipod ben

2013-08-17 22:50 - 2013-08-17 22:51 - 27723672 _____ (Sony Mobile Communications ) C:\Users\claben\Downloads\Sony PC Companion_2.10.165_Web.exe

2013-08-15 16:04 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2013-08-15 16:01 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-08-15 16:01 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2013-08-15 16:01 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2013-08-15 16:01 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-08-15 16:01 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-08-15 16:01 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2013-08-15 16:01 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2013-08-15 16:01 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2013-08-15 16:01 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2013-08-15 16:01 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2013-08-15 16:01 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2013-08-15 16:01 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-08-14 21:50 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-08-14 21:50 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-14 21:50 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-08-14 21:50 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-08-14 21:50 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-08-14 21:50 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-14 21:50 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-08-14 21:50 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-08-14 21:50 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-08-14 21:50 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-08-14 21:50 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-08-14 21:50 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-08-14 21:50 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-08-14 21:49 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-14 21:49 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-14 21:49 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-14 21:49 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-14 21:49 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-08-14 21:49 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-14 21:49 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-08-14 21:49 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-14 21:49 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-14 21:49 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-08-14 21:49 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-08-14 21:49 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-08-14 21:49 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-08-14 21:49 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-08-14 21:49 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-08-14 21:49 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-08-14 21:49 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-08-14 21:49 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-08-14 21:24 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2013-08-14 21:24 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-08-14 21:24 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-08-14 21:24 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-08-14 21:24 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2013-08-14 21:24 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-08-14 21:24 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2013-08-14 21:24 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2013-08-14 21:23 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-14 21:23 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

2013-08-14 21:23 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2013-08-14 21:23 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2013-08-14 21:23 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2013-08-14 21:23 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

 

==================== One Month Modified Files and Folders =======

 

2013-09-11 12:59 - 2013-09-11 12:59 - 00000000 ____D C:\FRST

2013-09-11 12:32 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-09-11 12:32 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-09-11 12:29 - 2009-07-14 17:24 - 00748328 _____ C:\Windows\system32\perfh00C.dat

2013-09-11 12:29 - 2009-07-14 17:24 - 00149936 _____ C:\Windows\system32\perfc00C.dat

2013-09-11 12:29 - 2009-07-14 07:13 - 01670322 _____ C:\Windows\system32\PerfStringBackup.INI

2013-09-11 12:28 - 2012-10-23 21:39 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-09-11 12:23 - 2013-09-09 15:26 - 00000616 _____ C:\Windows\setupact.log

2013-09-11 12:23 - 2011-01-02 11:59 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-11 12:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-09-11 12:03 - 2011-01-02 11:59 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-11 10:28 - 2012-10-23 21:39 - 00003940 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-09-11 10:28 - 2012-06-20 23:16 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-09-11 10:28 - 2011-05-16 20:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-09-10 23:00 - 2010-07-23 22:23 - 00003952 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{27CEAE4A-EAE8-4C42-B4B0-348C2E99586F}

2013-09-10 22:20 - 2013-09-09 15:24 - 00006114 _____ C:\Windows\PFRO.log

2013-09-10 21:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

2013-09-10 11:39 - 2013-05-13 20:24 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2013-09-10 11:39 - 2013-03-27 17:12 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2013-09-10 11:39 - 2013-03-27 17:12 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2013-09-09 18:55 - 2013-06-17 21:22 - 01691486 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2013-09-09 18:29 - 2012-04-15 15:19 - 00000000 ____D C:\Users\claben\AppData\Roaming\Iminent

2013-09-09 15:26 - 2013-09-09 15:26 - 00000000 _____ C:\Windows\setuperr.log

2013-09-09 15:20 - 2013-09-09 15:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\claben\Desktop\mbam-setup-1.75.0.1300.exe

2013-09-09 15:18 - 2013-09-09 15:18 - 00001076 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-09-09 15:18 - 2013-09-09 15:18 - 00000000 ____D C:\Users\claben\AppData\Roaming\Malwarebytes

2013-09-09 15:18 - 2013-09-09 15:18 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-09-09 15:18 - 2013-09-09 15:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-09-09 14:54 - 2013-09-09 13:52 - 00000000 ____D C:\Users\claben\Desktop\RK_Quarantine

2013-09-09 14:51 - 2013-09-09 14:28 - 00004040 _____ C:\Users\claben\Desktop\Rkill.txt

2013-09-09 14:51 - 2013-05-02 12:04 - 00000000 ____D C:\Users\claben\Desktop\Fort Worth Avril 2013

2013-09-09 14:50 - 2010-01-05 09:05 - 00004033 _____ C:\Windows\WindowsUpdate.log

2013-09-09 14:28 - 2013-09-09 14:28 - 00000000 ____D C:\Users\claben\Desktop\rkill

2013-09-09 14:08 - 2013-09-09 13:52 - 00918016 _____ C:\Users\claben\Desktop\RogueKiller.exe

2013-09-09 13:52 - 2013-09-09 13:52 - 00918016 _____ C:\Users\claben\Desktop\RogueKiller.com

2013-09-09 13:08 - 2013-09-09 12:45 - 00000000 ____D C:\ProgramData\7gX7prng

2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Users\claben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro

2013-09-09 12:45 - 2011-01-02 11:59 - 00000000 ____D C:\Program Files (x86)\Google

2013-09-09 12:45 - 2010-07-22 21:38 - 00000000 ____D C:\Users\claben\AppData\Local\Google

2013-09-09 12:07 - 2010-09-01 21:56 - 00000000 ____D C:\Users\claben\Documents\agregation

2013-09-09 09:33 - 2012-04-15 15:15 - 00000000 ____D C:\Users\claben\AppData\Roaming\Azureus

2013-09-07 07:09 - 2013-09-07 07:09 - 00000000 ____D C:\Users\claben\AppData\Roaming\S.A.D

2013-09-06 21:07 - 2013-09-06 21:06 - 08465319 _____ C:\Users\claben\Downloads\Ithaque.zip

2013-09-06 09:01 - 2010-07-27 16:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-09-05 21:51 - 2013-09-05 21:47 - 41404760 _____ (Apple Inc.) C:\Users\claben\Downloads\QuickTimeInstaller.exe

2013-09-05 21:44 - 2013-09-05 21:44 - 00001114 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-09-05 21:44 - 2013-09-05 21:44 - 00000000 ____D C:\ProgramData\Mozilla

2013-09-05 21:44 - 2013-09-05 21:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-09-05 21:42 - 2013-09-05 21:42 - 00282024 _____ (Mozilla) C:\Users\claben\Downloads\Firefox Setup Stub 23.0.1.exe

2013-08-23 22:29 - 2013-08-23 22:21 - 00000000 ____D C:\Users\claben\Desktop\photo ipod ben

2013-08-17 22:55 - 2012-07-23 22:41 - 00000000 ____D C:\ProgramData\Sony

2013-08-17 22:55 - 2012-07-23 22:35 - 00000000 ____D C:\Program Files (x86)\Sony

2013-08-17 22:51 - 2013-08-17 22:50 - 27723672 _____ (Sony Mobile Communications ) C:\Users\claben\Downloads\Sony PC Companion_2.10.165_Web.exe

2013-08-17 22:51 - 2009-09-04 15:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-08-16 07:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache

2013-08-15 00:36 - 2012-09-23 14:19 - 00000000 ____D C:\Users\claben\Documents\Vegas Movie Studio HD Platinum 11.0 Projets

2013-08-14 21:49 - 2009-09-04 15:49 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-08-12 11:19 - 2009-07-14 07:08 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT

 

Files to move or delete:

====================

ZeroAccess:

C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}

ZeroAccess:

C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

 

 

LastRegBack: 2013-09-11 11:04

 

==================== End Of Log ============================

 

et l'addition.txt :

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2013
Ran by claben at 2013-09-11 13:00:11
Running from E:\
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958) (x32)
"La respiration" version 1.2a (x32)
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.168)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader 9.4.5 - Français (x32 Version: 9.4.5)
Anagène 2 (x32 Version: 2.00.00)
Apple Application Support (x32 Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (x32 Version: 2.1.3.127)
Assistant de connexion Windows Live (x32 Version: 5.000.818.5)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Avira Internet Security (x32 Version: 13.0.0.4042)
AviSynth 2.5 (x32)
BayaM 3-7 (x32 Version: 3.3.8389)
BayaM 7-13 (x32 Version: 1.2.30)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2238.38827)
Catalyst Control Center Localization All (x32 Version: 2009.0729.2238.38827)
CCC Help Chinese Standard (x32 Version: 2009.0729.2237.38827)
CCC Help Chinese Traditional (x32 Version: 2009.0729.2237.38827)
CCC Help Czech (x32 Version: 2009.0729.2237.38827)
CCC Help Danish (x32 Version: 2009.0729.2237.38827)
CCC Help Dutch (x32 Version: 2009.0729.2237.38827)
CCC Help English (x32 Version: 2009.0729.2237.38827)
CCC Help Finnish (x32 Version: 2009.0729.2237.38827)
CCC Help French (x32 Version: 2009.0729.2237.38827)
CCC Help German (x32 Version: 2009.0729.2237.38827)
CCC Help Greek (x32 Version: 2009.0729.2237.38827)
CCC Help Hungarian (x32 Version: 2009.0729.2237.38827)
CCC Help Italian (x32 Version: 2009.0729.2237.38827)
CCC Help Japanese (x32 Version: 2009.0729.2237.38827)
CCC Help Korean (x32 Version: 2009.0729.2237.38827)
CCC Help Norwegian (x32 Version: 2009.0729.2237.38827)
CCC Help Polish (x32 Version: 2009.0729.2237.38827)
CCC Help Portuguese (x32 Version: 2009.0729.2237.38827)
CCC Help Russian (x32 Version: 2009.0729.2237.38827)
CCC Help Spanish (x32 Version: 2009.0729.2237.38827)
CCC Help Swedish (x32 Version: 2009.0729.2237.38827)
CCC Help Thai (x32 Version: 2009.0729.2237.38827)
CCC Help Turkish (x32 Version: 2009.0729.2237.38827)
ccc-core-static (x32 Version: 2009.0729.2238.38827)
ccc-utility64 (Version: 2009.0729.2238.38827)
Celestia 1.6.1 (x32)
CyberGhost VPN
DVD Architect Studio 5.0 (x32 Version: 5.0.156)
EduAnatomist 1.0 (x32)
Efficient WMA MP3 Converter version 0.99.9.3 (x32 Version: 0.99.9.3)
Evolution allélique (x32)
FormatFactory 2.70 (x32 Version: 2.70)
Free iPod Video Converter V 3.0 (x32 Version: 3.0.0.0)
Free Mp3 Wma Converter V 1.91 (x32 Version: 1.91.0.0)
Freemake Video Converter version 4.0.2 (x32 Version: 4.0.2)
Galerie de photos Windows Live (x32 Version: 14.0.8081.709)
Garmin ANT Agent (Version: 2.3.4)
Garmin USB Drivers (x32 Version: 2.3.1.0)
GIMP 2.6.11 (x32 Version: 2.6.11)
Google Update Helper (x32 Version: 1.3.21.153)
Google Earth (x32 Version: 7.1.1.1888)
Hominines 2.1 (x32)
HotPotatoes v 6.3.0.4 (x32)
Installation Windows Live (x32 Version: 14.0.8089.0726)
Installation Windows Live (x32 Version: 14.0.8089.726)
Intel® Matrix Storage Manager
iTunes (Version: 10.6.3.25)
Java 6 Update 39 (x32 Version: 6.0.390)
La cellule 3D version 1.03 (x32)
Le virus du SIDA version 1.05a (x32)
Light Image Resizer 4.0.6.2 (x32 Version: 4.0.6.2)
lignee_humaine version 1.2 (x32)
L'oeil et la vision version 1.06a. (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile FRA Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (French) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Arabic) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Dutch) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Mise à jour Microsoft Office Excel 2007 Help (KB963678) (x32)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (x32)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Mise à jour Microsoft Office Word 2007 Help (KB963665) (x32)
Module de compatibilité pour Microsoft Office System 2007 (x32 Version: 12.0.6612.1000)
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (Version: 4.0.30319)
Mozilla Firefox 23.0.1 (x86 fr) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVCRT (x32 Version: 14.0.1468.721)
MSVCRT Redists (x32 Version: 1.0)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Outil de téléchargement Windows Live (x32 Version: 14.0.8014.1029)
Package de pilotes Windows - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (Version: 07/07/2009 1.12.2)
Package de pilotes Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (Version: 02/06/2007 3.1)
PhotoFiltre (HKCU)
Phyloboîte version 1.2.0.0 R2 (x32)
Phylogene V2.5.1 (x32)
Planètes 3D version 1.02 (x32)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polymorphisme végétal version 1.1.0.a (x32)
QuickTime (x32 Version: 7.72.80.56)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30101)
Realtek WLAN Driver (x32 Version: 2.00.0006)
SeisGram2K 5.3.4 (x32)
SimulAiry (x32 Version: 2)
Skype Launcher (x32)
Skype™ 5.10 (x32 Version: 5.10.116)
Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
Télédétection version 1.1.0.a (x32)
Terre 2.0.0.a (x32)
Toshiba Assist (x32 Version: 3.00.09)
TOSHIBA Bulletin Board (Version: 1.0.04.64)
TOSHIBA Bulletin Board (x32 Version: 1.0.04.64)
TOSHIBA ConfigFree (x32 Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64)
TOSHIBA DVD PLAYER (x32 Version: 3.01.0.07-A)
TOSHIBA eco Utility (Version: 1.1.10.64)
TOSHIBA eco Utility (x32 Version: 1.1.10.64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Extended Tiles for Windows Mobility Center (x32 Version: )
TOSHIBA Face Recognition (Version: 3.1.1.64)
TOSHIBA Face Recognition (x32 Version: 3.1.1.64)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0)
Toshiba Manuals (x32 Version: 10.00)
TOSHIBA Mot de passe responsable (x32 Version: 1.63.0.7C)
Toshiba Online Product Information (x32 Version: 2.08.0001)
TOSHIBA PC Health Monitor (Version: 1.4.1.64)
Toshiba Photo Service - powered by myphotobook (x32 Version: 1.0.0)
Toshiba Photo Service - powered by myphotobook (x32 Version: 1.0.0-663)
TOSHIBA Recovery Media Creator (Version: 2.1.0.2 for x64)
TOSHIBA Recovery Media Creator Reminder (x32 Version: 1.00.0019)
TOSHIBA ReelTime (Version: 1.0.04.64)
TOSHIBA ReelTime (x32 Version: 1.0.04.64)
TOSHIBA SD Memory Utilities (Version: 1.9.1.12)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.7C)
Toshiba TEMPRO (x32 Version: 3.05)
TOSHIBA Value Added Package (Version: 1.2.25.64)
TOSHIBA Value Added Package (x32 Version: 1.2.25.64)
TOSHIBA Web Camera Application (x32 Version: 1.1.1.4)
TRORMCLauncher (Version: 1.0.0.7)
TRORMCLauncher (x32 Version: )
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32)
Utility Common Driver (x32 Version: 1.0.50.27C)
VDownloader 3.6.924 (x32)
Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256)
Viewpoint Media Player (Remove Only) (x32)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Vuze (x32 Version: 4.
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (Version: 04/19/2012 2.3.1.0)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live FolderShare (x32 Version: 14.0.8089.726)
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0)
WinPcap 4.1.1 (x32 Version: 4.1.0.1753)
WinRAR 4.01 (32 bits) (x32 Version: 4.01.0)

==================== Restore Points =========================

01-09-2013 17:00:43 Sauvegarde Windows
03-09-2013 18:07:04 Windows Update
08-09-2013 19:20:41 Sauvegarde Windows

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {16FB9177-5D40-495D-9DFB-50D44B1FDA54} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {292AB97D-D597-4EC1-B896-421C14C13BB3} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)
Task: {59470939-4177-4E0A-9BBA-868E919AB419} - System32\Tasks\User_Feed_Synchronization-{27CEAE4A-EAE8-4C42-B4B0-348C2E99586F} => C:\Windows\system32\msfeedssync.exe [2013-05-08] (Microsoft Corporation)
Task: {78A75610-8D4E-435E-BBCD-25E31E3A97A4} - System32\Tasks\Programme de mise à jour en ligne de Adobe => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {79357020-5F16-4129-AE09-3DFFCB105F9D} - System32\Tasks\{D771D85C-FC30-45DF-91F8-BAD9314BB851} => C:\Users\claben\Desktop\SharePod.exe
Task: {796FC56F-71DE-4CFD-8BB0-02D68A560FBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {90990B57-2F68-4BB9-8ED1-3EAB616F8B27} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2010-11-20] (Microsoft Corporation)
Task: {ACABBC69-B5DB-4750-9A0E-47465D5890D6} - System32\Tasks\{D51A3CA0-BF75-4F04-926C-86CA8A244B6D} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {BE11BF44-3B5E-454F-A46D-FA7D98BFCACB} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {D10385C7-4740-49DE-8AD6-89BE93BFA407} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02] (Google Inc.)
Task: {D6CB57F8-A8DA-4B32-B25C-505E5444CF09} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1469510785-606564725-1504882164-500 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {F226CA85-9C9C-4F98-8858-10FF03F7B812} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-02] (Google Inc.)
Task: {F62A5BFA-5874-47B4-B746-BED64CF9BA77} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {FF4052B1-824B-45EC-BB72-8CF8D02EB910} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-11-05 10:01 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2009-08-06 16:02 - 2009-08-06 16:02 - 00046464 _____ (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproCommon.dll
2009-08-06 16:02 - 2009-08-06 16:02 - 06620544 _____ (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproUI.dll
2009-08-06 16:03 - 2009-08-06 16:03 - 00050560 _____ (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\fr\TemproUI.resources.dll
2009-08-06 14:14 - 2009-08-06 14:14 - 03002728 _____ () C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2009-08-06 17:34 - 2009-08-06 17:34 - 00066904 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\ReelTimeRemoteStorage.dll
2009-08-06 17:33 - 2009-08-06 17:33 - 00320856 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\DataProcess.dll
2009-08-05 15:21 - 2009-08-05 15:21 - 00113152 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll
2009-08-05 15:21 - 2009-08-05 15:21 - 00123392 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll
2009-08-05 15:22 - 2009-08-05 15:22 - 00260096 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TCooling.dll
2009-08-05 15:21 - 2009-08-05 15:21 - 00275456 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll
2009-08-05 15:22 - 2009-08-05 15:22 - 00298496 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll
2009-08-05 15:22 - 2009-08-05 15:22 - 00055808 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll
2009-08-05 15:22 - 2009-08-05 15:22 - 00263168 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll
2009-08-05 15:21 - 2009-08-05 15:21 - 00265216 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll
2009-08-05 15:21 - 2009-08-05 15:21 - 00263168 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll
2009-08-05 15:21 - 2009-08-05 15:21 - 00260608 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll
2009-03-22 22:40 - 2009-03-22 22:40 - 00155648 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll
2009-03-22 22:40 - 2009-03-22 22:40 - 00053760 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll
2009-07-16 16:27 - 2009-07-16 16:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-08-05 15:22 - 2009-08-05 15:22 - 00263680 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TFunctab.DLL
2008-07-14 11:33 - 2008-07-14 11:33 - 00134456 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll
2009-05-18 10:46 - 2009-05-18 10:46 - 00048640 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnEsc.dll
2008-07-14 11:35 - 2008-07-14 11:35 - 00107832 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2009-07-16 16:27 - 2009-07-16 16:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2008-07-14 11:34 - 2008-07-14 11:34 - 00053560 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF1.dll
2009-08-05 15:22 - 2009-08-05 15:22 - 00266240 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TFunc2.DLL
2008-07-14 11:34 - 2008-07-14 11:34 - 00054072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF3.dll
2008-07-14 11:34 - 2008-07-14 11:34 - 00054072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF4.dll
2009-07-13 15:41 - 2009-07-13 15:41 - 00096600 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF5.dll
2009-07-16 16:27 - 2009-07-16 16:27 - 00077624 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF67.dll
2009-07-15 12:53 - 2009-07-15 12:53 - 00362496 _____ (TOSHIBA Corporation.) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll
2008-07-14 11:34 - 2008-07-14 11:34 - 00057656 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF9.dll
2009-07-13 16:36 - 2009-07-13 16:36 - 00068440 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll
2009-09-04 15:30 - 2009-06-22 15:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-14 20:02 - 2009-07-14 20:02 - 00018352 _____ (TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\ConfigFree\x64\CFNotify64.dll
2007-12-11 10:42 - 2007-12-11 10:42 - 00017784 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\NotifyTZU.dll
2009-07-25 17:38 - 2009-07-25 17:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2008-07-14 11:35 - 2008-07-14 11:35 - 00233272 _____ (TOSHIBA Corp.) C:\Program Files\TOSHIBA\Utilities\NotifyX.dll
2007-05-07 20:58 - 2007-05-07 20:58 - 00018040 _____ (TOSHIBA Corporation) C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2009-07-20 18:44 - 2009-07-20 18:44 - 00395048 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2009-07-20 18:44 - 2009-07-20 18:44 - 00204072 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2009-08-26 18:58 - 2009-08-26 18:58 - 00553984 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2009-08-26 18:59 - 2009-08-26 18:59 - 00082944 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHci.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00106496 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3497.38894__90ba9c70f846762e\MOM.Implementation.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00036864 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3497.38892__90ba9c70f846762e\LOG.Foundation.Implementation.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00019456 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3497.38893__90ba9c70f846762e\CCC.Implementation.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00094208 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00057344 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3497.38813__90ba9c70f846762e\CLI.Component.SkinFactory.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00057344 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3497.38812__90ba9c70f846762e\CLI.Component.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3497.38810__90ba9c70f846762e\AEM.Server.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3497.38904__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00045056 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (ATI Technologies Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00339968 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3497.38814__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00098304 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3497.38863__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00032768 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00077824 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3497.38880__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00065536 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3497.38823__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00036864 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3497.38860__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00032768 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00036864 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00061440 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3497.38867__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00081920 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00053248 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00045056 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00028672 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3428.28323__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00061440 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3497.38811__90ba9c70f846762e\APM.Server.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00007168 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3497.38810__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00405504 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3497.38827__90ba9c70f846762e\CLI.Component.Wizard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3497.38828__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00491520 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00040960 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00094208 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00007168 _____ ( ) C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00409600 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3497.38875__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00307200 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3497.38837__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 01736704 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3497.38831__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00204800 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 01212416 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3497.38819__90ba9c70f846762e\CLI.Component.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00024576 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00020480 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
2009-05-04 11:45 - 2009-05-04 11:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00073728 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3497.38822__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00016384 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00045056 _____ (Advanced Mirco Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3497.38899__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00196608 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00950272 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3497.38923__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00094208 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3497.38861__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00393216 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3497.38855__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00315392 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3497.38862__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00360448 _____ (Advanced Micro Devices, Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3497.38851__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00331776 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3497.38868__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00573440 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3497.38833__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00782336 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3497.38856__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
2010-01-05 09:02 - 2010-01-05 09:02 - 00118784 _____ (Advanced Micro Devices Inc.) C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3497.38898__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
2009-08-03 18:18 - 2009-08-03 18:18 - 00081752 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-08-03 18:19 - 2009-08-03 18:19 - 00265584 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll
2009-08-04 12:13 - 2009-08-04 12:13 - 00103936 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHCTL.dll
2009-08-04 12:12 - 2009-08-04 12:12 - 00259584 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TReport.dll
2009-08-04 12:12 - 2009-08-04 12:12 - 00108544 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHMui.dll
2013-02-15 18:19 - 2013-02-15 18:19 - 00202752 _____ (GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT AgentFRA.dll
2013-01-25 16:00 - 2013-01-25 16:00 - 00090112 _____ (Silicon Laboratories, Inc.) C:\Program Files (x86)\Garmin\ANT Agent\DSI_SiUSBXp_3_1.DLL
2011-05-17 16:44 - 2011-05-17 16:44 - 00075200 _____ (http://libusb-win32.sourceforge.net) C:\Windows\system32\libusb0.dll
2010-05-04 15:36 - 2010-05-04 15:36 - 00970752 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2009-07-21 23:37 - 2009-07-21 23:37 - 00144776 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSParts.dll
2009-08-18 21:18 - 2009-08-18 21:18 - 00304536 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSAPI.dll
2009-07-28 18:26 - 2009-07-28 18:26 - 00066936 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFWLAPI.dll
2009-07-27 19:57 - 2009-07-27 19:57 - 01561984 _____ (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSMUI.dll

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
AlternateDataStreams: C:\Users\claben\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\activites google earthe 4e:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\Anagene:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\Celestia:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\EduAnatomist:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\FormatFactory:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\GenieGen_exe:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\Image Resizer 4:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\java:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\licenses:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\logiciels etamine:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\planetes3D:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\readmes:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\redist:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\SharePod:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\SharePod 2:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\tectoglobbis:Shareaza.GUID
AlternateDataStreams: C:\Users\claben\Downloads\VDownloader:Shareaza.GUID

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/09/2013 10:51:36 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante IEXPLORE.EXE, version : 10.0.9200.16660, horodatage : 0x51f1c5f3
Nom du module défaillant : AGM.dll_unloaded, version : 0.0.0.0, horodatage : 0x4d46458e
Code d’exception : 0xc000041d
Décalage d’erreur : 0x682aa314
ID du processus défaillant : 0xe84
Heure de début de l’application défaillante : 0xIEXPLORE.EXE0
Chemin d’accès de l’application défaillante : IEXPLORE.EXE1
Chemin d’accès du module défaillant: IEXPLORE.EXE2
ID de rapport : IEXPLORE.EXE3

Error: (09/09/2013 10:51:30 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante IEXPLORE.EXE, version : 10.0.9200.16660, horodatage : 0x51f1c5f3
Nom du module défaillant : AGM.dll_unloaded, version : 0.0.0.0, horodatage : 0x4d46458e
Code d’exception : 0xc0000005
Décalage d’erreur : 0x682aa314
ID du processus défaillant : 0xe84
Heure de début de l’application défaillante : 0xIEXPLORE.EXE0
Chemin d’accès de l’application défaillante : IEXPLORE.EXE1
Chemin d’accès du module défaillant: IEXPLORE.EXE2
ID de rapport : IEXPLORE.EXE3

Error: (09/09/2013 03:07:05 PM) (Source: MBAMService) (User: )
Description: MBAMService15:07:05 claben ERROR StartServiceCtrlDispatcher failed with error code 1063

Error: (09/09/2013 03:07:02 PM) (Source: MBAMService) (User: )
Description: MBAMService15:07:02 claben ERROR StartServiceCtrlDispatcher failed with error code 1063

Error: (09/09/2013 03:07:01 PM) (Source: MBAMService) (User: )
Description: MBAMService15:07:01 claben ERROR StartServiceCtrlDispatcher failed with error code 1063

Error: (09/09/2013 03:04:32 PM) (Source: MBAMService) (User: )
Description: MBAMService15:04:32 claben ERROR StartServiceCtrlDispatcher failed with error code 1063

Error: (09/09/2013 03:04:17 PM) (Source: MBAMService) (User: )
Description: MBAMService15:04:17 claben ERROR StartServiceCtrlDispatcher failed with error code 1063

Error: (09/09/2013 02:53:34 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante IEXPLORE.EXE, version : 10.0.9200.16660, horodatage : 0x51f1c5f3
Nom du module défaillant : urlmon.dll, version : 10.0.9200.16660, horodatage : 0x51f1c5f7
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000a72b
ID du processus défaillant : 0x14d0
Heure de début de l’application défaillante : 0xIEXPLORE.EXE0
Chemin d’accès de l’application défaillante : IEXPLORE.EXE1
Chemin d’accès du module défaillant: IEXPLORE.EXE2
ID de rapport : IEXPLORE.EXE3

Error: (09/09/2013 02:53:33 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante IEXPLORE.EXE, version : 10.0.9200.16660, horodatage : 0x51f1c5f3
Nom du module défaillant : urlmon.dll, version : 10.0.9200.16660, horodatage : 0x51f1c5f7
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000a72b
ID du processus défaillant : 0xb30
Heure de début de l’application défaillante : 0xIEXPLORE.EXE0
Chemin d’accès de l’application défaillante : IEXPLORE.EXE1
Chemin d’accès du module défaillant: IEXPLORE.EXE2
ID de rapport : IEXPLORE.EXE3

Error: (09/09/2013 02:53:32 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante IEXPLORE.EXE, version : 10.0.9200.16660, horodatage : 0x51f1c5f3
Nom du module défaillant : urlmon.dll, version : 10.0.9200.16660, horodatage : 0x51f1c5f7
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0000a72b
ID du processus défaillant : 0xb10
Heure de début de l’application défaillante : 0xIEXPLORE.EXE0
Chemin d’accès de l’application défaillante : IEXPLORE.EXE1
Chemin d’accès du module défaillant: IEXPLORE.EXE2
ID de rapport : IEXPLORE.EXE3

System errors:
=============
Error: (09/11/2013 00:26:10 PM) (Source: Service Control Manager) (User: )
Description: Le service Fournisseur HomeGroup dépend du service Publication des ressources de découverte de fonctions qui n’a pas pu démarrer en raison de l’erreur :
%%-2147024891

Error: (09/11/2013 00:26:10 PM) (Source: Service Control Manager) (User: )
Description: Le service Publication des ressources de découverte de fonctions s’est arrêté avec l’erreur :
%%-2147024891

Error: (09/11/2013 00:25:05 PM) (Source: Service Control Manager) (User: )
Description: Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se charger :
cdrom

Error: (09/11/2013 00:23:44 PM) (Source: Service Control Manager) (User: )
Description: Le service Publication des ressources de découverte de fonctions s’est arrêté avec l’erreur :
%%-2147024891

Error: (09/11/2013 00:23:44 PM) (Source: Service Control Manager) (User: )
Description: Le service Modules de génération de clés IKE et AuthIP dépend du service suivant : BFE. Ce dernier n’est peut-être pas installé.

Error: (09/11/2013 00:23:42 PM) (Source: Service Control Manager) (User: )
Description: Le service Explorateur d’ordinateurs s’est arrêté avec l’erreur :
%%1060

Error: (09/11/2013 00:23:31 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (09/11/2013 00:23:31 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (09/11/2013 11:09:18 AM) (Source: Service Control Manager) (User: )
Description: Le service Publication des ressources de découverte de fonctions s’est arrêté avec l’erreur :
%%-2147024891

Error: (09/11/2013 11:09:18 AM) (Source: Service Control Manager) (User: )
Description: Le service Fournisseur HomeGroup dépend du service Publication des ressources de découverte de fonctions qui n’a pas pu démarrer en raison de l’erreur :
%%-2147024891

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 33%
Total physical RAM: 4060.88 MB
Available physical RAM: 2683.37 MB
Total Pagefile: 8119.93 MB
Available Pagefile: 6283.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:63.81 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.49 GB) (Free:49.06 GB) NTFS
Drive e: () (Removable) (Total:3.74 GB) (Free:3.52 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 466 GB) (Disk ID: 6AB5E9DA)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

 

Merci de votre aide !

[pear]

Nettoyage
Dans le Bloc-notes (Démarrer -> Tous les programmes -> Accessoires -> Bloc-notes)
Copier/coller le textei ci-dessous :

start
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
SearchScopes: HKCU - {20F326C9-145F-48EA-8DF7-29B0E63979C0} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
FF Extension: IMinent Toolbar - C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF Extension: Vuze Remote Community Toolbar - C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\???\{a6485946-bdb9-5483-f823-9e57c89b51e6}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Users\claben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-09-09 18:29 - 2012-04-15 15:19 - 00000000 ____D C:\Users\claben\AppData\Roaming\Iminent
C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}
C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Windows\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Windows\Program Files\Microsoft Security Client
cmd: netsh winsock reset
end


Enregistrer le fichier sur le Bureau (au même endroit que FRST) sous fixlist.txt
Fermer toutes les applications, y compris le navigateur
Double-clic sur FRST64.exe
/!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
Sur le menu principal, cliquer une seule fois sur Fix et patienter le temps de la correction

L'outil va créer un rapport de correction Fixlog.txt. Poster ce rapport dans la réponse.

[brisbane]

voici le résultat :

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-09-2013
Ran by claben at 2013-09-11 18:49:19 Run:1
Running from C:\Users\claben\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
URLSearchHook: (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
Toolbar: HKCU - No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
SearchScopes: HKCU - {20F326C9-145F-48EA-8DF7-29B0E63979C0} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
FF Extension: IMinent Toolbar - C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF Extension: Vuze Remote Community Toolbar - C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
CHR Plugin: (Java™ Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}\ \...\???\{a6485946-bdb9-5483-f823-9e57c89b51e6}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
2013-09-09 12:51 - 2013-09-09 12:51 - 00000000 ____D C:\Users\claben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
2013-09-09 18:29 - 2012-04-15 15:19 - 00000000 ____D C:\Users\claben\AppData\Roaming\Iminent
C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}
C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6}
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Windows\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Windows\Program Files\Microsoft Security Client
cmd: netsh winsock reset
end

*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Value deleted successfully.
HKCR\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} => Value deleted successfully.
HKCR\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{20F326C9-145F-48EA-8DF7-29B0E63979C0} => Key deleted successfully.
HKCR\CLSID\{20F326C9-145F-48EA-8DF7-29B0E63979C0} => Key not found.
C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} => Moved successfully.
C:\Users\claben\AppData\Roaming\Mozilla\Firefox\Profiles\tcm2k5vx.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} => Moved successfully.
C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => Moved successfully.
C:\Windows\SysWOW64\npdeployJava1.dll => Moved successfully.
C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll not found.
*etadpug => Service deleted successfully.
C:\Users\claben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro => Moved successfully.
C:\Users\claben\AppData\Roaming\Iminent => Moved successfully.
C:\Users\claben\AppData\Local\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6} => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install\{a6485946-bdb9-5483-f823-9e57c89b51e6} => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\fr-FR" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender" => File/Directory not found.
"C:\Windows\Program Files\Windows Defender" => Not Found
"C:\Windows\Program Files\Microsoft Security Client" => Not Found

========= netsh winsock reset =========

Le catalogue Winsock a �t� r�initialis� correctement.
Vous devez red�marrer l'ordinateur afin de finaliser la r�initialisation.

========= End of CMD: =========

==== End of Fixlog ====

[pear]

Et comment va la machine ?

[brisbane]

Je viens de télécharger le fichier souhaité sans problème MERCI !!

 

Par contre je ne peux toujours pas activer le service centre de sécurité Windows... cela est-il problématique ?

[pear]

La procédure était censée réparer cela.

Mais ce n'est grave car le Centre de Sécurité n'est pas essentiel et on peut vivre sans.

Il vous suffit d'avoir un parefeu et un antirus fonctionnels

Modifié le 11 septembre 2013 par pear