Problème Gomeo
Fermé
MC Hercule
-
9 févr. 2011 à 09:53
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 - 9 févr. 2011 à 10:23
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 - 9 févr. 2011 à 10:23
Bonjour,
J'ai un souci avec Goméo qui s'ouvre intempestivement. J'ai installé ZHPDiag, Voici le rapport. Si vous pouvez m'aider ce serait formidable.
---\\ System Information
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6143 MB (84% free)
System Restore: Activé (Enable)
System drive C: has 421 GB (90%) free of 466 GB
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 421 Go of 466 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 49 Go of 49 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 213 Go of 417 Go)
F:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
---\\ Search Generic System Files
[MD5.9AAAEC8DAC27AA17B053E6352AD233AE] - (.Microsoft Corporation - Explorateur Windows.) (.11/11/2010 17:48:40.) -- C:\Windows\Explorer.exe [2870272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
---\\ Running Processes
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.4A73AB8412D3AA6CFAD24051FF9DBFA7] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160]
[MD5.87A33B074108C21E0FAB9D5C82963B8E] - (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files (x86)\Winamp\winampa.exe [74752]
[MD5.639B783F5BC546D8D9662881730AFF9B] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [310224]
[MD5.F33EC0CCADA8CB3AEC64EFB4362EB03D] - (.Unknown owner - No comment.) -- C:\Windows\SysWOW64\fx32.exe [176640]
[MD5.28000000000000000000000054EE1800] - (.Unknown owner - No comment.) -- C:\Users\Kenny Powers\AppData\Roaming\dwm.exe [195072]
[MD5.29000000000000000000000054EE1800] - (.Unknown owner - No comment.) -- C:\Users\KENNYP~1\AppData\Local\Temp\csrss.exe [207360]
[MD5.FAB4D825200D62750002EE903005816D] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [629760]
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com.) -- C:\Program Files\ma-config.com\nphardwaredetection.dll
M0 - MFSP: prefs.js [Kenny Powers - eiuct9xs.default] https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?shva%3D1&scc=1<mpl=default<mplcache=2&emr=1&osid=1#inbox|https://www.google.com/reader/about/#overview-page|https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fhome.php!/|https://twitter.com/
M2 - MFEP: prefs.js [Kenny Powers - eiuct9xs.default\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] [adblockplus] Adblock Plus v1.3.3 (.Wladimir Palant.)
---\\ Internet Explorer Extensions, Start, Search (R3,R0,R1)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKUS\S-1-5-21-2492792855-2128106598-657722288-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:64162
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R1 - HKUS\S-1-5-21-2492792855-2128106598-657722288-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKCU\..\Run: [Monitor] C:\Users\KENNYP~1\AppData\Local\Temp\iexplorer.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [ATICustomerCare] . (.Advanced Micro Devices, Inc. - ATI Customer Care.) -- C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
O4 - HKLM\..\Wow6432Node\Run: [WinampAgent] . (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files (x86)\Winamp\winampa.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [conhost] . (.Unknown owner - No comment.) -- C:\Users\Kenny Powers\AppData\Roaming\Microsoft\conhost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-2492792855-2128106598-657722288-1000\..\Run: [Monitor] C:\Users\KENNYP~1\AppData\Local\Temp\iexplorer.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
---\\ Other User Links (O4)
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - Orphean Key
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk . (.Unknown owner.) -- C:\Program Files (x86)\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Orphean Key
---\\ IE Options icon not visible in Control Panel (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6960B2AA-6024-41BA-8C2D-8E8CCA3EA63A}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{6960B2AA-6024-41BA-8C2D-8E8CCA3EA63A}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{6960B2AA-6024-41BA-8C2D-8E8CCA3EA63A}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: C:\Windows\system32\drivers\afd.sys (AMD External Events Utility) - Orphean Key
O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Unknown owner - No comment.) - (.not file.)
---\\ Hosts file redirection (O1)
O1 - Hosts: 85.239.180.42 personal.nl.avira-update.com
O1 - Hosts: 149.49.231.120 professional.nl.avira-update.com
O1 - Hosts: 206.118.81.39 premium.nl.avira-update.com
O1 - Hosts: 238.56.64.168 personal.avira-update.com
O1 - Hosts: 103.2.5.202 professional.avira-update.com
O1 - Hosts: 154.93.127.134 premium.avira-update.com
O1 - Hosts: 175.150.191.39 perspeak.avira-update.com
O1 - Hosts: 137.114.84.161 profpeak.avira-update.com
O1 - Hosts: 101.92.109.40 prempeak.avira-update.com
---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\At1.job
[MD5.5447AF432CDA61159ADDE218C468FFD9] [APT] [AdobeAAMUpdater-1.0-KennyPowers-PC-Kenny Powers] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
[MD5.6E593C59CA7EB814AB357EB0BBD5639C] [APT] [At1] (.Unknown owner.) -- C:\Users\KENNYP~1\AppData\Local\Temp\E793.exe
---\\ Drivers launched at startup (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
---\\ Software installed (O42)
O42 - Logiciel: AMD Drag and Drop Transcoding - (.ATI Technologies Inc..) [HKLM] -- {B95653AB-0E7F-204A-3226-17E9F38E6951}
O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {54A0FF28-05C4-81E3-3CC1-13D0C2519EFF}
O42 - Logiciel: ATI Catalyst Registration - (.ATI Technologies Inc..) [HKLM][64Bits] -- {11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
O42 - Logiciel: ATI Stream SDK v2 Developer - (.ATI Technologies Inc..) [HKLM] -- {22441735-5983-AD2A-5CC5-FA2CCD7EF732}
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM][64Bits] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM][64Bits] -- {A2BCA9F1-566C-4805-97D1-7FDC93386723}
O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Illustrator CS5 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}
O42 - Logiciel: Adobe Photoshop CS5 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {15FEDA5F-141C-4127-8D7E-B962D1742728}
O42 - Logiciel: Adobe Reader X - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AA0000000001}
O42 - Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM][64Bits] -- {3108C217-BE83-42E4-AE9E-A56A2A92E549}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM][64Bits] -- Avira AntiVir Desktop
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {6AB57823-3580-4CE0-9CF0-072E2A39460C}
O42 - Logiciel: Détection de l'application Winamp - (.Nullsoft, Inc.) [HKCU] -- Winamp Detect
O42 - Logiciel: EVEREST Ultimate Edition v5.50 - (.Lavalys, Inc..) [HKLM][64Bits] -- EVEREST Ultimate Edition_is1
O42 - Logiciel: FLAC 1.2.1b (remove only) - (.Xiph.org.) [HKLM][64Bits] -- FLAC
O42 - Logiciel: FileZilla Client 3.3.5.1 - (.Unknown owner.) [HKLM][64Bits] -- FileZilla Client
O42 - Logiciel: French App Name - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O42 - Logiciel: French App Name - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
O42 - Logiciel: Intel(R) Control Center - (.Intel Corporation.) [HKLM][64Bits] -- {F8A9085D-4C7A-41a9-8A77-C8998A96C421}
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {3E29EE6C-963A-4aae-86C1-DC237C4A49FC}
O42 - Logiciel: Live 8.0.1 - (.Unknown owner.) [HKLM][64Bits] -- Live 8.0.1
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM][64Bits] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Ma-Config.com (64 bits) - (.Cybelsoft.) [HKLM] -- {80CF423D-D542-40C4-86DF-951CC31B125C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM][64Bits] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 - (.Microsoft Corporation.) [HKLM] -- {DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
O42 - Logiciel: Microsoft_VC80_ATL_x86 - (.Adobe.) [HKLM][64Bits] -- {0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
O42 - Logiciel: Microsoft_VC80_ATL_x86_x64 - (.Adobe.) [HKLM] -- {925D058B-564A-443A-B4B2-7E90C6432E55}
O42 - Logiciel: Microsoft_VC80_CRT_x86 - (.Adobe.) [HKLM][64Bits] -- {92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
O42 - Logiciel: Microsoft_VC80_CRT_x86_x64 - (.Adobe.) [HKLM] -- {4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
O42 - Logiciel: Microsoft_VC80_MFCLOC_x86 - (.Adobe.) [HKLM][64Bits] -- {D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
O42 - Logiciel: Microsoft_VC80_MFCLOC_x86_x64 - (.Adobe.) [HKLM] -- {1E9FC118-651D-4934-97BE-E53CAE5C7D45}
O42 - Logiciel: Microsoft_VC80_MFC_x86 - (.Adobe.) [HKLM][64Bits] -- {D1A19B02-817E-4296-A45B-07853FD74D57}
O42 - Logiciel: Microsoft_VC80_MFC_x86_x64 - (.Adobe.) [HKLM] -- {C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
O42 - Logiciel: Microsoft_VC90_ATL_x86 - (.Adobe.) [HKLM][64Bits] -- {033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
O42 - Logiciel: Microsoft_VC90_ATL_x86_x64 - (.Adobe.) [HKLM] -- {8557397C-A42D-486F-97B3-A2CBC2372593}
O42 - Logiciel: Microsoft_VC90_CRT_x86 - (.Adobe.) [HKLM][64Bits] -- {08D2E121-7F6A-43EB-97FD-629B44903403}
O42 - Logiciel: Microsoft_VC90_CRT_x86_x64 - (.Adobe.) [HKLM] -- {92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
O42 - Logiciel: Microsoft_VC90_MFC_x86 - (.Adobe.) [HKLM][64Bits] -- {635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
O42 - Logiciel: Microsoft_VC90_MFC_x86_x64 - (.Adobe.) [HKLM] -- {A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
O42 - Logiciel: Mozilla Firefox (3.6.13) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox (3.6.13)
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Samplitude 11 - (.MAGIX AG.) [HKLM][64Bits] -- {AE0009FD-8F50-4565-835D-4432BD18D792}
O42 - Logiciel: Subtitle Workshop 2.51 - (.Unknown owner.) [HKLM][64Bits] -- SubtitleWorkshop
O42 - Logiciel: The Lord of the Rings FREE Trial - (.ATI Technologies Inc..) [HKLM][64Bits] -- {8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}
O42 - Logiciel: VLC media player 1.1.5 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player
O42 - Logiciel: WMV9/VC-1 Video Playback - (.ATI Technologies Inc..) [HKLM] -- {B3012F41-D8C7-5ABD-05D1-3EF39D9ACC22}
O42 - Logiciel: WinRAR archiver - (.Unknown owner.) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM][64Bits] -- Winamp
O42 - Logiciel: foobar2000 v1.1.2 - (.Peter Pawlowski.) [HKLM][64Bits] -- foobar2000
O42 - Logiciel: µTorrent - (.Unknown owner.) [HKLM][64Bits] -- uTorrent
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AMD]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avira]
[HKCU\Software\BitTorrent]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Lavalys]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Winamp]
[HKCU\Software\Wow6432Node]
[HKCU\Software\cybelsoft]
[HKLM\Software\AMD]
[HKLM\Software\ASUS]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Adobe]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\FileZilla 3]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Sonic]
[HKLM\Software\Waves Audio]
[HKLM\Software\Wow6432Node]
[HKLM\Software\cybelsoft]
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 21/01/2011 - 18:17:30 ----D- C:\Program Files\Adobe
O43 - CFD: 18/01/2011 - 01:24:56 ----D- C:\Program Files\ATI
O43 - CFD: 18/01/2011 - 01:25:24 ----D- C:\Program Files\ATI Technologies
O43 - CFD: 09/02/2011 - 08:56:14 ----D- C:\Program Files\CCleaner
O43 - CFD: 21/01/2011 - 18:15:58 ----D- C:\Program Files\Common Files
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files\DVD Maker
O43 - CFD: 18/01/2011 - 01:09:12 ----D- C:\Program Files\Internet Explorer
O43 - CFD: 29/01/2011 - 15:55:18 ----D- C:\Program Files\ma-config.com
O43 - CFD: 14/07/2009 - 08:46:54 ----D- C:\Program Files\Microsoft Games
O43 - CFD: 18/01/2011 - 01:02:00 ----D- C:\Program Files\Microsoft IntelliPoint
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files\MSBuild
O43 - CFD: 18/01/2011 - 01:39:46 ----D- C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 14/07/2009 - 06:09:28 --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 18/01/2011 - 01:09:04 ----D- C:\Program Files\Windows Defender
O43 - CFD: 18/01/2011 - 01:09:06 ----D- C:\Program Files\Windows Journal
O43 - CFD: 18/01/2011 - 01:09:10 ----D- C:\Program Files\Windows Mail
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files\Windows Media Player
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files\Windows NT
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 28/01/2011 - 18:40:14 ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 18/01/2011 - 01:25:34 ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 18/01/2011 - 01:24:58 ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files\Common Files\System
O43 - CFD: 22/01/2011 - 15:54:12 ----D- C:\ProgramData\Ableton
O43 - CFD: 04/02/2011 - 16:42:22 ----D- C:\ProgramData\Adobe
O43 - CFD: 05/02/2011 - 13:26:04 ----D- C:\ProgramData\ALM
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Application Data
O43 - CFD: 18/01/2011 - 01:32:54 ----D- C:\ProgramData\ATI
O43 - CFD: 18/01/2011 - 01:21:56 ----D- C:\ProgramData\Avira
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Documents
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Favorites
O43 - CFD: 04/02/2011 - 16:39:06 ----D- C:\ProgramData\FLEXnet
O43 - CFD: 29/01/2011 - 15:55:18 ----D- C:\ProgramData\ma-config.com
O43 - CFD: 18/01/2011 - 09:49:50 -S--D- C:\ProgramData\Microsoft
O43 - CFD: 05/02/2011 - 13:26:52 ----D- C:\ProgramData\regid.1986-12.com.adobe
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Templates
O43 - CFD: 22/01/2011 - 15:54:12 ----D- C:\Users\Kenny Powers\AppData\Roaming\Ableton
O43 - CFD: 05/02/2011 - 13:27:00 ----D- C:\Users\Kenny Powers\AppData\Roaming\Adobe
O43 - CFD: 18/01/2011 - 01:32:54 ----D- C:\Users\Kenny Powers\AppData\Roaming\ATI
O43 - CFD: 02/01/2002 - 02:46:02 ----D- C:\Users\Kenny Powers\AppData\Roaming\Avira
O43 - CFD: 06/02/2011 - 18:48:48 ----D- C:\Users\Kenny Powers\AppData\Roaming\FileZilla
O43 - CFD: 08/02/2011 - 09:42:48 ----D- C:\Users\Kenny Powers\AppData\Roaming\foobar2000
O43 - CFD: 18/01/2011 - 09:50:12 ----D- C:\Users\Kenny Powers\AppData\Roaming\Identities
O43 - CFD: 18/01/2011 - 01:23:20 ----D- C:\Users\Kenny Powers\AppData\Roaming\InstallShield
O43 - CFD: 18/01/2011 - 01:32:58 ----D- C:\Users\Kenny Powers\AppData\Roaming\Intel Corporation
O43 - CFD: 18/01/2011 - 01:14:12 ----D- C:\Users\Kenny Powers\AppData\Roaming\Macromedia
O43 - CFD: 14/07/2009 - 08:45:16 ----D- C:\Users\Kenny Powers\AppData\Roaming\Media Center Programs
O43 - CFD: 08/02/2011 - 09:19:48 -S--D- C:\Users\Kenny Powers\AppData\Roaming\Microsoft
O43 - CFD: 18/01/2011 - 01:12:36 ----D- C:\Users\Kenny Powers\AppData\Roaming\Mozilla
O43 - CFD: 06/02/2011 - 23:52:10 ----D- C:\Users\Kenny Powers\AppData\Roaming\uTorrent
O43 - CFD: 04/02/2011 - 20:23:10 ----D- C:\Users\Kenny Powers\AppData\Roaming\vlc
O43 - CFD: 09/02/2011 - 08:57:56 ----D- C:\Users\Kenny Powers\AppData\Roaming\Winamp
O43 - CFD: 18/01/2011 - 01:19:48 ----D- C:\Users\Kenny Powers\AppData\Roaming\WinRAR
O43 - CFD: 22/01/2011 - 15:52:08 ----D- C:\Program Files (x86)\Ableton
O43 - CFD: 05/02/2011 - 13:26:02 ----D- C:\Program Files (x86)\Adobe
O43 - CFD: 21/01/2011 - 18:15:36 ----D- C:\Program Files (x86)\Adobe Media Player
O43 - CFD: 18/01/2011 - 01:25:36 ----D- C:\Program Files (x86)\ATI
O43 - CFD: 18/01/2011 - 01:25:32 ----D- C:\Program Files (x86)\ATI Stream
O43 - CFD: 18/01/2011 - 01:25:00 ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 18/01/2011 - 01:21:56 ----D- C:\Program Files (x86)\Avira
O43 - CFD: 04/02/2011 - 16:44:54 ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 01/02/2011 - 14:33:50 ----D- C:\Program Files (x86)\FileZilla FTP Client
O43 - CFD: 24/01/2011 - 14:30:10 ----D- C:\Program Files (x86)\FLAC
O43 - CFD: 05/02/2011 - 16:44:12 ----D- C:\Program Files (x86)\foobar2000
O43 - CFD: 18/01/2011 - 01:41:42 --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 18/01/2011 - 01:23:38 ----D- C:\Program Files (x86)\Intel
O43 - CFD: 18/01/2011 - 01:09:12 ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 18/01/2011 - 01:35:28 ----D- C:\Program Files (x86)\Lavalys
O43 - CFD: 05/02/2011 - 13:52:12 ----D- C:\Program Files (x86)\MAGIX
O43 - CFD: 18/01/2011 - 01:12:30 ----D- C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files (x86)\MSBuild
O43 - CFD: 06/02/2011 - 11:50:22 ----D- C:\Program Files (x86)\MSXML 4.0
O43 - CFD: 18/01/2011 - 01:39:40 ----D- C:\Program Files (x86)\Realtek
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 18/01/2011 - 01:39:56 --H-D- C:\Program Files (x86)\Temp
O43 - CFD: 14/07/2009 - 05:57:08 --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 31/01/2011 - 20:44:22 ----D- C:\Program Files (x86)\URUSoft
O43 - CFD: 20/01/2011 - 21:04:46 ----D- C:\Program Files (x86)\uTorrent
O43 - CFD: 21/01/2011 - 17:06:54 ----D- C:\Program Files (x86)\VideoLAN
O43 - CFD: 20/01/2011 - 14:42:00 ----D- C:\Program Files (x86)\Winamp
O43 - CFD: 20/01/2011 - 14:41:16 ----D- C:\Program Files (x86)\Winamp Detect
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD: 18/01/2011 - 01:09:10 ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD: 18/01/2011 - 01:09:10 ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 18/01/2011 - 01:09:10 ----D- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:32:42 ----D- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 18/01/2011 - 01:09:10 ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 18/01/2011 - 01:19:42 ----D- C:\Program Files (x86)\WinRAR
O43 - CFD: 09/02/2011 - 09:33:46 ----D- C:\Program Files (x86)\ZHPDiag
O43 - CFD: 28/01/2011 - 18:40:14 ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 18/01/2011 - 01:25:34 ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 18/01/2011 - 01:24:58 ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files\Common Files\System
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.00000000000000000000000054EE1800] - 09/02/2011 - 09:02:27 ---A- . (.Unknown owner - No comment.) -- C:\Windows\WindowsUpdate.log [898772]
O44 - LFC:[MD5.99951E3949063C1C69C19A7DE07DDE91] - 09/02/2011 - 08:51:34 -S-A- . (.Unknown owner - No comment.) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.31454320C4921A1AD03E44AAEFE9B5AF] - 08/02/2011 - 08:51:24 --HA- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [14416]
O44 - LFC:[MD5.31454320C4921A1AD03E44AAEFE9B5AF] - 08/02/2011 - 08:51:24 --HA- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [14416]
O44 - LFC:[MD5.D293465938AC1EC3C91A03D458111008] - 08/02/2011 - 08:48:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\PerfStringBackup.INI [1524562]
O44 - LFC:[MD5.76F8894AC71C6CE880C883CD7AD5446A] - 08/02/2011 - 08:48:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfc009.dat [103496]
O44 - LFC:[MD5.8FF4208DE0DEE3A8F84D57431A00A480] - 08/02/2011 - 08:48:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfc00C.dat [126998]
O44 - LFC:[MD5.1195B1375D426F78F465329E2CFF3C3A] - 08/02/2011 - 08:48:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfh009.dat [615122]
O44 - LFC:[MD5.029385CC5E23AF2ECD9990D72A2EAF1A] - 08/02/2011 - 08:48:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfh00C.dat [692886]
O44 - LFC:[MD5.7E75A1D557ADFC29676704484C3F87DF] - 05/02/2011 - 14:57:40 ---A- . (.Unknown owner - No comment.) -- C:\Windows\win.ini [484]
O44 - LFC:[MD5.5A84289AD86C5FF700AEF5011118C90C] - 04/02/2011 - 19:22:38 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\FNTCACHE.DAT [5088648]
O44 - LFC:[MD5.E73694DCFE105A03479692A90E021AAD] - 18/01/2011 - 09:46:14 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\license.rtf [42045]
O44 - LFC:[MD5.E73694DCFE105A03479692A90E021AAD] - 18/01/2011 - 09:46:14 ---A- . (.Unknown owner - No comment.) -- C:\Windows\System32\license.rtf [42045]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/01/2011 - 09:44:49 ---A- . (.Unknown owner - No comment.) -- C:\Windows\ativpsrm.bin [0]
O44 - LFC:[MD5.92BF30649AF6C7E1E8DD8D5622587FDA] - 18/01/2011 - 01:39:39 ---A- . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\SysNative\RTSnMg64.cpl [611360]
O44 - LFC:[MD5.AF2040DB2C9B3291D4D27EE27F17B908] - 18/01/2011 - 01:39:39 ---A- . (.Realtek Semiconductor Corp. - Realtek LFX/GFX DSP UI component for Window.) -- C:\Windows\SysNative\RtPgEx64.dll [1277984]
O44 - LFC:[MD5.1E220A0A6F5FCA76FB8E11EAC4F2B24B] - 18/01/2011 - 01:39:39 ---A- . (.Realtek Semiconductor Corp. - RtkCfg.dll.) -- C:\Windows\SysNative\RtkCfg64.dll [149536]
O44 - LFC:[MD5.40430B66D9A91D1F93874A9663873A3D] - 18/01/2011 - 01:39:39 ---A- . (.Realtek Semiconductor Corp. - RtlCPAPI Module.) -- C:\Windows\SysNative\RtlCPAPI64.dll [332320]
O44 - LFC:[MD5.4573CE94E884A8731B6046C8B870DF16] - 18/01/2011 - 01:39:39 ---A- . (.SRS Labs, Inc. - COM object implementing SRS Headphone 360.) -- C:\Windows\SysNative\SRSHP64.dll [193536]
O44 - LFC:[MD5.C57DDB661C212A9DAB37296EFDBE5F13] - 18/01/2011 - 01:39:39 ---A- . (.SRS Labs, Inc. - TruSurround HD and HD4 COM object for Windo.) -- C:\Windows\SysNative\SRSTSH64.dll [211376]
O44 - LFC:[MD5.1C8F94BAB456B1DF8AF890296DF8DA07] - 18/01/2011 - 01:39:39 ---A- . (.SRS Labs, Inc. - TruSurroundXT Module.) -- C:\Windows\SysNative\SRSTSX64.dll [513536]
O44 - LFC:[MD5.EA7A59931DCC93AAF63FCF009A0685EE] - 18/01/2011 - 01:39:39 ---A- . (.SRS Labs, Inc. - WOW HD COM object for Windows.) -- C:\Windows\SysNative\SRSWOW64.dll [150528]
O44 - LFC:[MD5.C1243E84408DF872CFD547570BBEBAF4] - 18/01/2011 - 01:39:38 ---A- . (.Andrea Electronics Corporation - Capture Noise Filters (64-bit).) -- C:\Windows\SysNative\AERTAC64.dll [166400]
O44 - LFC:[MD5.8247D4AC546CBE479891F907EC42FC26] - 18/01/2011 - 01:39:38 ---A- . (.Andrea Electronics Corporation - Render Noise Filters (64-bit).) -- C:\Windows\SysNative\AERTAR64.dll [108032]
O44 - LFC:[MD5.D6C8752E6623D91A4B300CA11AE52709] - 18/01/2011 - 01:39:38 ---A- . (.Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) -- C:\Windows\SysNative\RP3DAA64.dll [304640]
O44 - LFC:[MD5.C0F643AE9CEF2C0BF802619B3DE87EAD] - 18/01/2011 - 01:39:38 ---A- . (.Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) -- C:\Windows\SysNative\RP3DHT64.dll [304640]
O44 - LFC:[MD5.164FA5F72488DA0C218B7F1D7C38E313] - 18/01/2011 - 01:39:38 ---A- . (.Realtek Semiconductor Corp. - RTCOMDLL Module.) -- C:\Windows\SysNative\RTCOM64.dll [1163296]
O44 - LFC:[MD5.60B97D1A3559AEB56F0AFEA5841CFE93] - 18/01/2011 - 01:39:38 ---A- . (.Realtek Semiconductor Corp. - Realtek APO API.) -- C:\Windows\SysNative\RtkApi64.dll [417824]
O44 - LFC:[MD5.900992D21F3E811254A12DFB2176AF3C] - 18/01/2011 - 01:39:38 ---A- . (.Realtek Semiconductor Corp. - Realtek HD Audio Coinstaller.) -- C:\Windows\SysNative\RCoInst64.dll [58400]
O44 - LFC:[MD5.C56811CFF76E139CCBF1E5B9EFF839F5] - 18/01/2011 - 01:39:38 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) LFX/GFX DSP component.) -- C:\Windows\SysNative\RtkAPO64.dll [1603104]
O44 - LFC:[MD5.CA08AD7AD16F6BD278EBF3BD80487EE2] - 18/01/2011 - 01:39:38 ---A- . (.Waves Audio Ltd. - MaxxAudio APO.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [311296]
O44 - LFC:[MD5.8C1E1AC0C663F904E3B92FBEFD479229] - 18/01/2011 - 01:39:38 ---A- . (.Windows (R) Codename Longhorn DDK provider - Fortemedia SAMSoft sAPO.) -- C:\Windows\SysNative\FMAPO64.dll [176640]
O44 - LFC:[MD5.2A287A5A9B847BE959F1643D9FB0CF3D] - 18/01/2011 - 01:39:37 ---A- . (.Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) -- C:\Windows\RtlExUpd.dll [540672]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/01/2011 - 01:12:32 ---A- . (.Unknown owner - No comment.) -- C:\Windows\nsreg.dat [0]
O44 - LFC:[MD5.07BA000B2E67565BDF112C35171865A5] - 18/01/2011 - 01:00:27 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfd00C.dat [38160]
O44 - LFC:[MD5.04F6C9757DB75FF27C427E5B31DDB289] - 18/01/2011 - 01:00:27 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfi00C.dat [344522]
O44 - LFC:[MD5.8A7A52A9024E5343C531DA37E867890E] - 18/01/2011 - 00:56:44 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\SysNative\atmlib.dll [46080]
O44 - LFC:[MD5.8A7A52A9024E5343C531DA37E867890E] - 18/01/2011 - 00:56:44 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll [34304]
O44 - LFC:[MD5.B2BE9288DC4C3A8532FACCAB7191F71A] - 18/01/2011 - 00:56:44 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\SysNative\atmfd.dll [367104]
O44 - LFC:[MD5.B2BE9288DC4C3A8532FACCAB7191F71A] - 18/01/2011 - 00:56:44 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [294400]
---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.2F0683FD2DF1D92E891CACA14B45A8C1] - 27/06/2008 - 07:51:10 ---A- . (.Adobe Systems, Inc. - Adobe Drive File System Driver.) -- C:\Windows\system32\drivers\adfs.sys [88632]
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339536]
O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [182864]
O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15440]
O58 - SDL:[MD5.7A4B413614C055935567CF88A9734D38] - 14/07/2009 - 02:52:21 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [106576]
O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys [194128]
O58 - SDL:[MD5.B4AD0CACBAB298671DD6F6EF7E20679D] - 14/07/2009 - 02:52:21 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [28752]
O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [87632]
O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [97856]
O58 - SDL:[MD5.03B7145C889603537E9FFEABB1AD1089] - 29/03/2005 - 01:30:38 ---A- . (.Unknown owner - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [8192]
O58 - SDL:[MD5.F6640D83AF0FD74C50E23E68548EA9A0] - 26/11/2010 - 05:20:20 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [8120320]
O58 - SDL:[MD5.20B63276A1920B41E1C56720B395049B] - 26/11/2010 - 03:16:46 ---A- . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys [289792]
O58 - SDL:[MD5.39C2E2870FC0C2AE0595B883CBE716B4] - 03/01/2002 - 00:14:01 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [83120]
O58 - SDL:[MD5.C98FA6E5AD0E857D22716BD2B8B1F399] - 17/08/2010 - 13:39:11 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [116568]
O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 10/06/2009 - 21:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys [270848]
O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432]
O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704]
O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 14/07/2009 - 02:19:07 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [286720]
O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104]
O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976]
O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720]
O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 10/06/2009 - 21:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys [468480]
O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 14/07/2009 - 02:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [17488]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [530496]
O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 10/06/2009 - 21:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys [3286016]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.0886D440058F203EBA0E1825E4355914] - 14/07/2009 - 02:47:48 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [77888]
O58 - SDL:[MD5.D7921D5A870B11CC1ADAB198A519D50A] - 05/11/2010 - 23:45:48 ---A- . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) -- C:\Windows\system32\drivers\iaStor.sys [438808]
O58 - SDL:[MD5.D83EFB6FD45DF9D55E9A1AFC63640D50] - 14/07/2009 - 02:48:04 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys [410688]
O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 14/07/2009 - 02:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44112]
O58 - SDL:[MD5.71366A5E898EE044A0AFF2DC3ABAEC60] - 29/03/2010 - 11:17:57 ---A- . (.Atheros Communications, Inc. - Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20.) -- C:\Windows\system32\drivers\L1E62x64.sys [64040]
O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [114752]
O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [106560]
O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [65600]
O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [115776]
O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys [35392]
O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [284736]
O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 14/07/2009 - 02:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51264]
O58 - SDL:[MD5.3E38712941E9BB4DDBEE00AFFE3FED3D] - 14/07/2009 - 02:48:27 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [149056]
O58 - SDL:[MD5.477DC4D6DEB99BE37084C9AC6D013DA1] - 14/07/2009 - 02:45:45 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [167488]
O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 14/07/2009 - 02:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1524816]
O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 14/07/2009 - 02:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [128592]
O58 - SDL:[MD5.D42D651676883181400E22957A7E0B1E] - 23/05/2009 - 02:04:22 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHD64.sys [1762080]
O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 10/06/2009 - 21:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040]
O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 14/07/2009 - 02:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [43584]
O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 14/07/2009 - 02:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [80464]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [24656]
O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [17488]
O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [161872]
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM][64Bits] -- ZHPDiag_is1
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.00000000000000000000000000000000] [SPRF] (.Unknown owner - No comment.) -- C:\Users\Kenny Powers\AppData\Local\Temp\csrss.exe [207360]
[MD5.6E593C59CA7EB814AB357EB0BBD5639C] [SPRF] (.Unknown owner - No comment.) -- C:\Users\Kenny Powers\AppData\Local\Temp\E793.exe [80384]
[MD5.00000000000000000000000000000000] [SPRF] (.Unknown owner - No comment.) -- C:\Users\Kenny Powers\AppData\Roaming\dwm.exe [195072]
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)
O87 - FAEL: "FPS-SpoolSvc-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" |Out - Domain - P6 - TRUE | .(...) -- C:\Windows\system32\lsass.exe (.not file.)
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.)
O87 - FAEL: "RemoteSvcAdmin-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.)
O87 - FAEL: "MCX-Prov-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - MCX2 Provisioning library.) -- C:\Windows\ehome\mcx2prov.exe
O87 - FAEL: "MCX-McrMgr-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Media Center Extender Manager.) -- C:\Windows\ehome\mcrmgr.exe
O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "TCP Query User{4DFB445A-965A-4EC6-828F-455EC0CAB094}C:\program files (x86)\winamp\winamp.exe" | In - Public - P6 - TRUE | .(.Nullsoft, Inc. - Winamp.) -- C:\program files (x86)\winamp\winamp.exe
O87 - FAEL: "UDP Query User{1330E472-B76A-4A3C-A732-B4966BCA8B5F}C:\program files (x86)\winamp\winamp.exe" | In - Public - P17 - TRUE | .(.Nullsoft, Inc. - Winamp.) -- C:\program files (x86)\winamp\winamp.exe
O87 - FAEL: "{C5A0AC6F-A965-41A4-B495-40A14A50B29A}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{A994587A-839C-4625-8E5A-F01702E8185F}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{58D60011-6150-4F81-9C8B-F3D878E257A6}" | In - Public - P6 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\x64\maconfservice.exe
O87 - FAEL: "{B17786E5-F539-4783-A134-D887CE3290FD}" | In - Public - P17 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\x64\maconfservice.exe
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 0 | (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe
SR - | Auto 17/08/2010 135336 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 03/01/2002 267944 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 05/11/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Demand 24/01/2011 420864 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe
---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Run by Kenny Powers at 09/02/2011 09:34:15
J'ai un souci avec Goméo qui s'ouvre intempestivement. J'ai installé ZHPDiag, Voici le rapport. Si vous pouvez m'aider ce serait formidable.
---\\ System Information
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6143 MB (84% free)
System Restore: Activé (Enable)
System drive C: has 421 GB (90%) free of 466 GB
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 421 Go of 466 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 49 Go of 49 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 213 Go of 417 Go)
F:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
---\\ Search Generic System Files
[MD5.9AAAEC8DAC27AA17B053E6352AD233AE] - (.Microsoft Corporation - Explorateur Windows.) (.11/11/2010 17:48:40.) -- C:\Windows\Explorer.exe [2870272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
---\\ Running Processes
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.4A73AB8412D3AA6CFAD24051FF9DBFA7] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160]
[MD5.87A33B074108C21E0FAB9D5C82963B8E] - (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files (x86)\Winamp\winampa.exe [74752]
[MD5.639B783F5BC546D8D9662881730AFF9B] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [310224]
[MD5.F33EC0CCADA8CB3AEC64EFB4362EB03D] - (.Unknown owner - No comment.) -- C:\Windows\SysWOW64\fx32.exe [176640]
[MD5.28000000000000000000000054EE1800] - (.Unknown owner - No comment.) -- C:\Users\Kenny Powers\AppData\Roaming\dwm.exe [195072]
[MD5.29000000000000000000000054EE1800] - (.Unknown owner - No comment.) -- C:\Users\KENNYP~1\AppData\Local\Temp\csrss.exe [207360]
[MD5.FAB4D825200D62750002EE903005816D] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [629760]
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com.) -- C:\Program Files\ma-config.com\nphardwaredetection.dll
M0 - MFSP: prefs.js [Kenny Powers - eiuct9xs.default] https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/?shva%3D1&scc=1<mpl=default<mplcache=2&emr=1&osid=1#inbox|https://www.google.com/reader/about/#overview-page|https://www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Fhome.php!/|https://twitter.com/
M2 - MFEP: prefs.js [Kenny Powers - eiuct9xs.default\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] [adblockplus] Adblock Plus v1.3.3 (.Wladimir Palant.)
---\\ Internet Explorer Extensions, Start, Search (R3,R0,R1)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKUS\S-1-5-21-2492792855-2128106598-657722288-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:64162
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R1 - HKUS\S-1-5-21-2492792855-2128106598-657722288-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
---\\ Changed inifile Value, Mapped to Registry (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKCU\..\Run: [Monitor] C:\Users\KENNYP~1\AppData\Local\Temp\iexplorer.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [ATICustomerCare] . (.Advanced Micro Devices, Inc. - ATI Customer Care.) -- C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
O4 - HKLM\..\Wow6432Node\Run: [WinampAgent] . (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files (x86)\Winamp\winampa.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [conhost] . (.Unknown owner - No comment.) -- C:\Users\Kenny Powers\AppData\Roaming\Microsoft\conhost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-2492792855-2128106598-657722288-1000\..\Run: [Monitor] C:\Users\KENNYP~1\AppData\Local\Temp\iexplorer.exe (.not file.)
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
---\\ Other User Links (O4)
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - Orphean Key
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk . (.Unknown owner.) -- C:\Program Files (x86)\URUSoft\Subtitle Workshop\SubtitleWorkshop.exe
O4 - Global Startup: C:\Users\Kenny Powers\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Orphean Key
---\\ IE Options icon not visible in Control Panel (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6960B2AA-6024-41BA-8C2D-8E8CCA3EA63A}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{6960B2AA-6024-41BA-8C2D-8E8CCA3EA63A}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{6960B2AA-6024-41BA-8C2D-8E8CCA3EA63A}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
---\\ ShellServiceObjectDelayLoad (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: C:\Windows\system32\drivers\afd.sys (AMD External Events Utility) - Orphean Key
O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Unknown owner - No comment.) - (.not file.)
---\\ Hosts file redirection (O1)
O1 - Hosts: 85.239.180.42 personal.nl.avira-update.com
O1 - Hosts: 149.49.231.120 professional.nl.avira-update.com
O1 - Hosts: 206.118.81.39 premium.nl.avira-update.com
O1 - Hosts: 238.56.64.168 personal.avira-update.com
O1 - Hosts: 103.2.5.202 professional.avira-update.com
O1 - Hosts: 154.93.127.134 premium.avira-update.com
O1 - Hosts: 175.150.191.39 perspeak.avira-update.com
O1 - Hosts: 137.114.84.161 profpeak.avira-update.com
O1 - Hosts: 101.92.109.40 prempeak.avira-update.com
---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\At1.job
[MD5.5447AF432CDA61159ADDE218C468FFD9] [APT] [AdobeAAMUpdater-1.0-KennyPowers-PC-Kenny Powers] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
[MD5.6E593C59CA7EB814AB357EB0BBD5639C] [APT] [At1] (.Unknown owner.) -- C:\Users\KENNYP~1\AppData\Local\Temp\E793.exe
---\\ Drivers launched at startup (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
---\\ Software installed (O42)
O42 - Logiciel: AMD Drag and Drop Transcoding - (.ATI Technologies Inc..) [HKLM] -- {B95653AB-0E7F-204A-3226-17E9F38E6951}
O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {54A0FF28-05C4-81E3-3CC1-13D0C2519EFF}
O42 - Logiciel: ATI Catalyst Registration - (.ATI Technologies Inc..) [HKLM][64Bits] -- {11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
O42 - Logiciel: ATI Stream SDK v2 Developer - (.ATI Technologies Inc..) [HKLM] -- {22441735-5983-AD2A-5CC5-FA2CCD7EF732}
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM][64Bits] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM][64Bits] -- {A2BCA9F1-566C-4805-97D1-7FDC93386723}
O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Illustrator CS5 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}
O42 - Logiciel: Adobe Photoshop CS5 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {15FEDA5F-141C-4127-8D7E-B962D1742728}
O42 - Logiciel: Adobe Reader X - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AA0000000001}
O42 - Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM][64Bits] -- {3108C217-BE83-42E4-AE9E-A56A2A92E549}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM][64Bits] -- Avira AntiVir Desktop
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {6AB57823-3580-4CE0-9CF0-072E2A39460C}
O42 - Logiciel: Détection de l'application Winamp - (.Nullsoft, Inc.) [HKCU] -- Winamp Detect
O42 - Logiciel: EVEREST Ultimate Edition v5.50 - (.Lavalys, Inc..) [HKLM][64Bits] -- EVEREST Ultimate Edition_is1
O42 - Logiciel: FLAC 1.2.1b (remove only) - (.Xiph.org.) [HKLM][64Bits] -- FLAC
O42 - Logiciel: FileZilla Client 3.3.5.1 - (.Unknown owner.) [HKLM][64Bits] -- FileZilla Client
O42 - Logiciel: French App Name - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O42 - Logiciel: French App Name - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {DE3A9DC5-9A5D-6485-9662-347162C7E4CA}
O42 - Logiciel: Intel(R) Control Center - (.Intel Corporation.) [HKLM][64Bits] -- {F8A9085D-4C7A-41a9-8A77-C8998A96C421}
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {3E29EE6C-963A-4aae-86C1-DC237C4A49FC}
O42 - Logiciel: Live 8.0.1 - (.Unknown owner.) [HKLM][64Bits] -- Live 8.0.1
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM][64Bits] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Ma-Config.com (64 bits) - (.Cybelsoft.) [HKLM] -- {80CF423D-D542-40C4-86DF-951CC31B125C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM][64Bits] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 - (.Microsoft Corporation.) [HKLM] -- {DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
O42 - Logiciel: Microsoft_VC80_ATL_x86 - (.Adobe.) [HKLM][64Bits] -- {0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
O42 - Logiciel: Microsoft_VC80_ATL_x86_x64 - (.Adobe.) [HKLM] -- {925D058B-564A-443A-B4B2-7E90C6432E55}
O42 - Logiciel: Microsoft_VC80_CRT_x86 - (.Adobe.) [HKLM][64Bits] -- {92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
O42 - Logiciel: Microsoft_VC80_CRT_x86_x64 - (.Adobe.) [HKLM] -- {4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
O42 - Logiciel: Microsoft_VC80_MFCLOC_x86 - (.Adobe.) [HKLM][64Bits] -- {D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
O42 - Logiciel: Microsoft_VC80_MFCLOC_x86_x64 - (.Adobe.) [HKLM] -- {1E9FC118-651D-4934-97BE-E53CAE5C7D45}
O42 - Logiciel: Microsoft_VC80_MFC_x86 - (.Adobe.) [HKLM][64Bits] -- {D1A19B02-817E-4296-A45B-07853FD74D57}
O42 - Logiciel: Microsoft_VC80_MFC_x86_x64 - (.Adobe.) [HKLM] -- {C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
O42 - Logiciel: Microsoft_VC90_ATL_x86 - (.Adobe.) [HKLM][64Bits] -- {033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
O42 - Logiciel: Microsoft_VC90_ATL_x86_x64 - (.Adobe.) [HKLM] -- {8557397C-A42D-486F-97B3-A2CBC2372593}
O42 - Logiciel: Microsoft_VC90_CRT_x86 - (.Adobe.) [HKLM][64Bits] -- {08D2E121-7F6A-43EB-97FD-629B44903403}
O42 - Logiciel: Microsoft_VC90_CRT_x86_x64 - (.Adobe.) [HKLM] -- {92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
O42 - Logiciel: Microsoft_VC90_MFC_x86 - (.Adobe.) [HKLM][64Bits] -- {635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
O42 - Logiciel: Microsoft_VC90_MFC_x86_x64 - (.Adobe.) [HKLM] -- {A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
O42 - Logiciel: Mozilla Firefox (3.6.13) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox (3.6.13)
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Samplitude 11 - (.MAGIX AG.) [HKLM][64Bits] -- {AE0009FD-8F50-4565-835D-4432BD18D792}
O42 - Logiciel: Subtitle Workshop 2.51 - (.Unknown owner.) [HKLM][64Bits] -- SubtitleWorkshop
O42 - Logiciel: The Lord of the Rings FREE Trial - (.ATI Technologies Inc..) [HKLM][64Bits] -- {8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}
O42 - Logiciel: VLC media player 1.1.5 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player
O42 - Logiciel: WMV9/VC-1 Video Playback - (.ATI Technologies Inc..) [HKLM] -- {B3012F41-D8C7-5ABD-05D1-3EF39D9ACC22}
O42 - Logiciel: WinRAR archiver - (.Unknown owner.) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM][64Bits] -- Winamp
O42 - Logiciel: foobar2000 v1.1.2 - (.Peter Pawlowski.) [HKLM][64Bits] -- foobar2000
O42 - Logiciel: µTorrent - (.Unknown owner.) [HKLM][64Bits] -- uTorrent
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AMD]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avira]
[HKCU\Software\BitTorrent]
[HKCU\Software\CDDB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Lavalys]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Winamp]
[HKCU\Software\Wow6432Node]
[HKCU\Software\cybelsoft]
[HKLM\Software\AMD]
[HKLM\Software\ASUS]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Adobe]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\FileZilla 3]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Sonic]
[HKLM\Software\Waves Audio]
[HKLM\Software\Wow6432Node]
[HKLM\Software\cybelsoft]
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 21/01/2011 - 18:17:30 ----D- C:\Program Files\Adobe
O43 - CFD: 18/01/2011 - 01:24:56 ----D- C:\Program Files\ATI
O43 - CFD: 18/01/2011 - 01:25:24 ----D- C:\Program Files\ATI Technologies
O43 - CFD: 09/02/2011 - 08:56:14 ----D- C:\Program Files\CCleaner
O43 - CFD: 21/01/2011 - 18:15:58 ----D- C:\Program Files\Common Files
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files\DVD Maker
O43 - CFD: 18/01/2011 - 01:09:12 ----D- C:\Program Files\Internet Explorer
O43 - CFD: 29/01/2011 - 15:55:18 ----D- C:\Program Files\ma-config.com
O43 - CFD: 14/07/2009 - 08:46:54 ----D- C:\Program Files\Microsoft Games
O43 - CFD: 18/01/2011 - 01:02:00 ----D- C:\Program Files\Microsoft IntelliPoint
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files\MSBuild
O43 - CFD: 18/01/2011 - 01:39:46 ----D- C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 14/07/2009 - 06:09:28 --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 18/01/2011 - 01:09:04 ----D- C:\Program Files\Windows Defender
O43 - CFD: 18/01/2011 - 01:09:06 ----D- C:\Program Files\Windows Journal
O43 - CFD: 18/01/2011 - 01:09:10 ----D- C:\Program Files\Windows Mail
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files\Windows Media Player
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files\Windows NT
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 28/01/2011 - 18:40:14 ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 18/01/2011 - 01:25:34 ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 18/01/2011 - 01:24:58 ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files\Common Files\System
O43 - CFD: 22/01/2011 - 15:54:12 ----D- C:\ProgramData\Ableton
O43 - CFD: 04/02/2011 - 16:42:22 ----D- C:\ProgramData\Adobe
O43 - CFD: 05/02/2011 - 13:26:04 ----D- C:\ProgramData\ALM
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Application Data
O43 - CFD: 18/01/2011 - 01:32:54 ----D- C:\ProgramData\ATI
O43 - CFD: 18/01/2011 - 01:21:56 ----D- C:\ProgramData\Avira
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Documents
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Favorites
O43 - CFD: 04/02/2011 - 16:39:06 ----D- C:\ProgramData\FLEXnet
O43 - CFD: 29/01/2011 - 15:55:18 ----D- C:\ProgramData\ma-config.com
O43 - CFD: 18/01/2011 - 09:49:50 -S--D- C:\ProgramData\Microsoft
O43 - CFD: 05/02/2011 - 13:26:52 ----D- C:\ProgramData\regid.1986-12.com.adobe
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 14/07/2009 - 06:08:58 -SH-D- C:\ProgramData\Templates
O43 - CFD: 22/01/2011 - 15:54:12 ----D- C:\Users\Kenny Powers\AppData\Roaming\Ableton
O43 - CFD: 05/02/2011 - 13:27:00 ----D- C:\Users\Kenny Powers\AppData\Roaming\Adobe
O43 - CFD: 18/01/2011 - 01:32:54 ----D- C:\Users\Kenny Powers\AppData\Roaming\ATI
O43 - CFD: 02/01/2002 - 02:46:02 ----D- C:\Users\Kenny Powers\AppData\Roaming\Avira
O43 - CFD: 06/02/2011 - 18:48:48 ----D- C:\Users\Kenny Powers\AppData\Roaming\FileZilla
O43 - CFD: 08/02/2011 - 09:42:48 ----D- C:\Users\Kenny Powers\AppData\Roaming\foobar2000
O43 - CFD: 18/01/2011 - 09:50:12 ----D- C:\Users\Kenny Powers\AppData\Roaming\Identities
O43 - CFD: 18/01/2011 - 01:23:20 ----D- C:\Users\Kenny Powers\AppData\Roaming\InstallShield
O43 - CFD: 18/01/2011 - 01:32:58 ----D- C:\Users\Kenny Powers\AppData\Roaming\Intel Corporation
O43 - CFD: 18/01/2011 - 01:14:12 ----D- C:\Users\Kenny Powers\AppData\Roaming\Macromedia
O43 - CFD: 14/07/2009 - 08:45:16 ----D- C:\Users\Kenny Powers\AppData\Roaming\Media Center Programs
O43 - CFD: 08/02/2011 - 09:19:48 -S--D- C:\Users\Kenny Powers\AppData\Roaming\Microsoft
O43 - CFD: 18/01/2011 - 01:12:36 ----D- C:\Users\Kenny Powers\AppData\Roaming\Mozilla
O43 - CFD: 06/02/2011 - 23:52:10 ----D- C:\Users\Kenny Powers\AppData\Roaming\uTorrent
O43 - CFD: 04/02/2011 - 20:23:10 ----D- C:\Users\Kenny Powers\AppData\Roaming\vlc
O43 - CFD: 09/02/2011 - 08:57:56 ----D- C:\Users\Kenny Powers\AppData\Roaming\Winamp
O43 - CFD: 18/01/2011 - 01:19:48 ----D- C:\Users\Kenny Powers\AppData\Roaming\WinRAR
O43 - CFD: 22/01/2011 - 15:52:08 ----D- C:\Program Files (x86)\Ableton
O43 - CFD: 05/02/2011 - 13:26:02 ----D- C:\Program Files (x86)\Adobe
O43 - CFD: 21/01/2011 - 18:15:36 ----D- C:\Program Files (x86)\Adobe Media Player
O43 - CFD: 18/01/2011 - 01:25:36 ----D- C:\Program Files (x86)\ATI
O43 - CFD: 18/01/2011 - 01:25:32 ----D- C:\Program Files (x86)\ATI Stream
O43 - CFD: 18/01/2011 - 01:25:00 ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 18/01/2011 - 01:21:56 ----D- C:\Program Files (x86)\Avira
O43 - CFD: 04/02/2011 - 16:44:54 ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 01/02/2011 - 14:33:50 ----D- C:\Program Files (x86)\FileZilla FTP Client
O43 - CFD: 24/01/2011 - 14:30:10 ----D- C:\Program Files (x86)\FLAC
O43 - CFD: 05/02/2011 - 16:44:12 ----D- C:\Program Files (x86)\foobar2000
O43 - CFD: 18/01/2011 - 01:41:42 --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 18/01/2011 - 01:23:38 ----D- C:\Program Files (x86)\Intel
O43 - CFD: 18/01/2011 - 01:09:12 ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 18/01/2011 - 01:35:28 ----D- C:\Program Files (x86)\Lavalys
O43 - CFD: 05/02/2011 - 13:52:12 ----D- C:\Program Files (x86)\MAGIX
O43 - CFD: 18/01/2011 - 01:12:30 ----D- C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files (x86)\MSBuild
O43 - CFD: 06/02/2011 - 11:50:22 ----D- C:\Program Files (x86)\MSXML 4.0
O43 - CFD: 18/01/2011 - 01:39:40 ----D- C:\Program Files (x86)\Realtek
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 18/01/2011 - 01:39:56 --H-D- C:\Program Files (x86)\Temp
O43 - CFD: 14/07/2009 - 05:57:08 --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 31/01/2011 - 20:44:22 ----D- C:\Program Files (x86)\URUSoft
O43 - CFD: 20/01/2011 - 21:04:46 ----D- C:\Program Files (x86)\uTorrent
O43 - CFD: 21/01/2011 - 17:06:54 ----D- C:\Program Files (x86)\VideoLAN
O43 - CFD: 20/01/2011 - 14:42:00 ----D- C:\Program Files (x86)\Winamp
O43 - CFD: 20/01/2011 - 14:41:16 ----D- C:\Program Files (x86)\Winamp Detect
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD: 18/01/2011 - 01:09:10 ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD: 18/01/2011 - 01:09:10 ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - 06:32:40 ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 18/01/2011 - 01:09:10 ----D- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 06:32:42 ----D- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 18/01/2011 - 01:09:10 ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 18/01/2011 - 01:19:42 ----D- C:\Program Files (x86)\WinRAR
O43 - CFD: 09/02/2011 - 09:33:46 ----D- C:\Program Files (x86)\ZHPDiag
O43 - CFD: 28/01/2011 - 18:40:14 ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 18/01/2011 - 01:25:34 ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 18/01/2011 - 01:24:58 ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 18/01/2011 - 01:09:08 ----D- C:\Program Files\Common Files\System
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.00000000000000000000000054EE1800] - 09/02/2011 - 09:02:27 ---A- . (.Unknown owner - No comment.) -- C:\Windows\WindowsUpdate.log [898772]
O44 - LFC:[MD5.99951E3949063C1C69C19A7DE07DDE91] - 09/02/2011 - 08:51:34 -S-A- . (.Unknown owner - No comment.) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.31454320C4921A1AD03E44AAEFE9B5AF] - 08/02/2011 - 08:51:24 --HA- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [14416]
O44 - LFC:[MD5.31454320C4921A1AD03E44AAEFE9B5AF] - 08/02/2011 - 08:51:24 --HA- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [14416]
O44 - LFC:[MD5.D293465938AC1EC3C91A03D458111008] - 08/02/2011 - 08:48:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\PerfStringBackup.INI [1524562]
O44 - LFC:[MD5.76F8894AC71C6CE880C883CD7AD5446A] - 08/02/2011 - 08:48:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfc009.dat [103496]
O44 - LFC:[MD5.8FF4208DE0DEE3A8F84D57431A00A480] - 08/02/2011 - 08:48:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfc00C.dat [126998]
O44 - LFC:[MD5.1195B1375D426F78F465329E2CFF3C3A] - 08/02/2011 - 08:48:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfh009.dat [615122]
O44 - LFC:[MD5.029385CC5E23AF2ECD9990D72A2EAF1A] - 08/02/2011 - 08:48:19 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfh00C.dat [692886]
O44 - LFC:[MD5.7E75A1D557ADFC29676704484C3F87DF] - 05/02/2011 - 14:57:40 ---A- . (.Unknown owner - No comment.) -- C:\Windows\win.ini [484]
O44 - LFC:[MD5.5A84289AD86C5FF700AEF5011118C90C] - 04/02/2011 - 19:22:38 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\FNTCACHE.DAT [5088648]
O44 - LFC:[MD5.E73694DCFE105A03479692A90E021AAD] - 18/01/2011 - 09:46:14 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\license.rtf [42045]
O44 - LFC:[MD5.E73694DCFE105A03479692A90E021AAD] - 18/01/2011 - 09:46:14 ---A- . (.Unknown owner - No comment.) -- C:\Windows\System32\license.rtf [42045]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/01/2011 - 09:44:49 ---A- . (.Unknown owner - No comment.) -- C:\Windows\ativpsrm.bin [0]
O44 - LFC:[MD5.92BF30649AF6C7E1E8DD8D5622587FDA] - 18/01/2011 - 01:39:39 ---A- . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\Windows\SysNative\RTSnMg64.cpl [611360]
O44 - LFC:[MD5.AF2040DB2C9B3291D4D27EE27F17B908] - 18/01/2011 - 01:39:39 ---A- . (.Realtek Semiconductor Corp. - Realtek LFX/GFX DSP UI component for Window.) -- C:\Windows\SysNative\RtPgEx64.dll [1277984]
O44 - LFC:[MD5.1E220A0A6F5FCA76FB8E11EAC4F2B24B] - 18/01/2011 - 01:39:39 ---A- . (.Realtek Semiconductor Corp. - RtkCfg.dll.) -- C:\Windows\SysNative\RtkCfg64.dll [149536]
O44 - LFC:[MD5.40430B66D9A91D1F93874A9663873A3D] - 18/01/2011 - 01:39:39 ---A- . (.Realtek Semiconductor Corp. - RtlCPAPI Module.) -- C:\Windows\SysNative\RtlCPAPI64.dll [332320]
O44 - LFC:[MD5.4573CE94E884A8731B6046C8B870DF16] - 18/01/2011 - 01:39:39 ---A- . (.SRS Labs, Inc. - COM object implementing SRS Headphone 360.) -- C:\Windows\SysNative\SRSHP64.dll [193536]
O44 - LFC:[MD5.C57DDB661C212A9DAB37296EFDBE5F13] - 18/01/2011 - 01:39:39 ---A- . (.SRS Labs, Inc. - TruSurround HD and HD4 COM object for Windo.) -- C:\Windows\SysNative\SRSTSH64.dll [211376]
O44 - LFC:[MD5.1C8F94BAB456B1DF8AF890296DF8DA07] - 18/01/2011 - 01:39:39 ---A- . (.SRS Labs, Inc. - TruSurroundXT Module.) -- C:\Windows\SysNative\SRSTSX64.dll [513536]
O44 - LFC:[MD5.EA7A59931DCC93AAF63FCF009A0685EE] - 18/01/2011 - 01:39:39 ---A- . (.SRS Labs, Inc. - WOW HD COM object for Windows.) -- C:\Windows\SysNative\SRSWOW64.dll [150528]
O44 - LFC:[MD5.C1243E84408DF872CFD547570BBEBAF4] - 18/01/2011 - 01:39:38 ---A- . (.Andrea Electronics Corporation - Capture Noise Filters (64-bit).) -- C:\Windows\SysNative\AERTAC64.dll [166400]
O44 - LFC:[MD5.8247D4AC546CBE479891F907EC42FC26] - 18/01/2011 - 01:39:38 ---A- . (.Andrea Electronics Corporation - Render Noise Filters (64-bit).) -- C:\Windows\SysNative\AERTAR64.dll [108032]
O44 - LFC:[MD5.D6C8752E6623D91A4B300CA11AE52709] - 18/01/2011 - 01:39:38 ---A- . (.Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) -- C:\Windows\SysNative\RP3DAA64.dll [304640]
O44 - LFC:[MD5.C0F643AE9CEF2C0BF802619B3DE87EAD] - 18/01/2011 - 01:39:38 ---A- . (.Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) -- C:\Windows\SysNative\RP3DHT64.dll [304640]
O44 - LFC:[MD5.164FA5F72488DA0C218B7F1D7C38E313] - 18/01/2011 - 01:39:38 ---A- . (.Realtek Semiconductor Corp. - RTCOMDLL Module.) -- C:\Windows\SysNative\RTCOM64.dll [1163296]
O44 - LFC:[MD5.60B97D1A3559AEB56F0AFEA5841CFE93] - 18/01/2011 - 01:39:38 ---A- . (.Realtek Semiconductor Corp. - Realtek APO API.) -- C:\Windows\SysNative\RtkApi64.dll [417824]
O44 - LFC:[MD5.900992D21F3E811254A12DFB2176AF3C] - 18/01/2011 - 01:39:38 ---A- . (.Realtek Semiconductor Corp. - Realtek HD Audio Coinstaller.) -- C:\Windows\SysNative\RCoInst64.dll [58400]
O44 - LFC:[MD5.C56811CFF76E139CCBF1E5B9EFF839F5] - 18/01/2011 - 01:39:38 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) LFX/GFX DSP component.) -- C:\Windows\SysNative\RtkAPO64.dll [1603104]
O44 - LFC:[MD5.CA08AD7AD16F6BD278EBF3BD80487EE2] - 18/01/2011 - 01:39:38 ---A- . (.Waves Audio Ltd. - MaxxAudio APO.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [311296]
O44 - LFC:[MD5.8C1E1AC0C663F904E3B92FBEFD479229] - 18/01/2011 - 01:39:38 ---A- . (.Windows (R) Codename Longhorn DDK provider - Fortemedia SAMSoft sAPO.) -- C:\Windows\SysNative\FMAPO64.dll [176640]
O44 - LFC:[MD5.2A287A5A9B847BE959F1643D9FB0CF3D] - 18/01/2011 - 01:39:37 ---A- . (.Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) -- C:\Windows\RtlExUpd.dll [540672]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 18/01/2011 - 01:12:32 ---A- . (.Unknown owner - No comment.) -- C:\Windows\nsreg.dat [0]
O44 - LFC:[MD5.07BA000B2E67565BDF112C35171865A5] - 18/01/2011 - 01:00:27 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfd00C.dat [38160]
O44 - LFC:[MD5.04F6C9757DB75FF27C427E5B31DDB289] - 18/01/2011 - 01:00:27 ---A- . (.Unknown owner - No comment.) -- C:\Windows\SysNative\perfi00C.dat [344522]
O44 - LFC:[MD5.8A7A52A9024E5343C531DA37E867890E] - 18/01/2011 - 00:56:44 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\SysNative\atmlib.dll [46080]
O44 - LFC:[MD5.8A7A52A9024E5343C531DA37E867890E] - 18/01/2011 - 00:56:44 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll [34304]
O44 - LFC:[MD5.B2BE9288DC4C3A8532FACCAB7191F71A] - 18/01/2011 - 00:56:44 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\SysNative\atmfd.dll [367104]
O44 - LFC:[MD5.B2BE9288DC4C3A8532FACCAB7191F71A] - 18/01/2011 - 00:56:44 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [294400]
---\\ Local Security Authority-LSA Deny (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
---\\ Microsoft Control Security Providers (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.2F0683FD2DF1D92E891CACA14B45A8C1] - 27/06/2008 - 07:51:10 ---A- . (.Adobe Systems, Inc. - Adobe Drive File System Driver.) -- C:\Windows\system32\drivers\adfs.sys [88632]
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339536]
O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [182864]
O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15440]
O58 - SDL:[MD5.7A4B413614C055935567CF88A9734D38] - 14/07/2009 - 02:52:21 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [106576]
O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys [194128]
O58 - SDL:[MD5.B4AD0CACBAB298671DD6F6EF7E20679D] - 14/07/2009 - 02:52:21 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [28752]
O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [87632]
O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [97856]
O58 - SDL:[MD5.03B7145C889603537E9FFEABB1AD1089] - 29/03/2005 - 01:30:38 ---A- . (.Unknown owner - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [8192]
O58 - SDL:[MD5.F6640D83AF0FD74C50E23E68548EA9A0] - 26/11/2010 - 05:20:20 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [8120320]
O58 - SDL:[MD5.20B63276A1920B41E1C56720B395049B] - 26/11/2010 - 03:16:46 ---A- . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys [289792]
O58 - SDL:[MD5.39C2E2870FC0C2AE0595B883CBE716B4] - 03/01/2002 - 00:14:01 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [83120]
O58 - SDL:[MD5.C98FA6E5AD0E857D22716BD2B8B1F399] - 17/08/2010 - 13:39:11 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [116568]
O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 10/06/2009 - 21:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys [270848]
O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432]
O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704]
O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 14/07/2009 - 02:19:07 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [286720]
O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104]
O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976]
O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720]
O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 10/06/2009 - 21:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys [468480]
O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 14/07/2009 - 02:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [17488]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [530496]
O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 10/06/2009 - 21:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys [3286016]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.0886D440058F203EBA0E1825E4355914] - 14/07/2009 - 02:47:48 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [77888]
O58 - SDL:[MD5.D7921D5A870B11CC1ADAB198A519D50A] - 05/11/2010 - 23:45:48 ---A- . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) -- C:\Windows\system32\drivers\iaStor.sys [438808]
O58 - SDL:[MD5.D83EFB6FD45DF9D55E9A1AFC63640D50] - 14/07/2009 - 02:48:04 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys [410688]
O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 14/07/2009 - 02:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44112]
O58 - SDL:[MD5.71366A5E898EE044A0AFF2DC3ABAEC60] - 29/03/2010 - 11:17:57 ---A- . (.Atheros Communications, Inc. - Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20.) -- C:\Windows\system32\drivers\L1E62x64.sys [64040]
O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [114752]
O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [106560]
O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [65600]
O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [115776]
O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys [35392]
O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [284736]
O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 14/07/2009 - 02:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51264]
O58 - SDL:[MD5.3E38712941E9BB4DDBEE00AFFE3FED3D] - 14/07/2009 - 02:48:27 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [149056]
O58 - SDL:[MD5.477DC4D6DEB99BE37084C9AC6D013DA1] - 14/07/2009 - 02:45:45 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [167488]
O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 14/07/2009 - 02:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1524816]
O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 14/07/2009 - 02:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [128592]
O58 - SDL:[MD5.D42D651676883181400E22957A7E0B1E] - 23/05/2009 - 02:04:22 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHD64.sys [1762080]
O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 10/06/2009 - 21:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040]
O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 14/07/2009 - 02:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [43584]
O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 14/07/2009 - 02:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [80464]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [24656]
O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [17488]
O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [161872]
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM][64Bits] -- ZHPDiag_is1
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.00000000000000000000000000000000] [SPRF] (.Unknown owner - No comment.) -- C:\Users\Kenny Powers\AppData\Local\Temp\csrss.exe [207360]
[MD5.6E593C59CA7EB814AB357EB0BBD5639C] [SPRF] (.Unknown owner - No comment.) -- C:\Users\Kenny Powers\AppData\Local\Temp\E793.exe [80384]
[MD5.00000000000000000000000000000000] [SPRF] (.Unknown owner - No comment.) -- C:\Users\Kenny Powers\AppData\Roaming\dwm.exe [195072]
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)
O87 - FAEL: "FPS-SpoolSvc-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" |Out - Domain - P6 - TRUE | .(...) -- C:\Windows\system32\lsass.exe (.not file.)
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.)
O87 - FAEL: "RemoteSvcAdmin-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.)
O87 - FAEL: "MCX-Prov-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - MCX2 Provisioning library.) -- C:\Windows\ehome\mcx2prov.exe
O87 - FAEL: "MCX-McrMgr-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Media Center Extender Manager.) -- C:\Windows\ehome\mcrmgr.exe
O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "TCP Query User{4DFB445A-965A-4EC6-828F-455EC0CAB094}C:\program files (x86)\winamp\winamp.exe" | In - Public - P6 - TRUE | .(.Nullsoft, Inc. - Winamp.) -- C:\program files (x86)\winamp\winamp.exe
O87 - FAEL: "UDP Query User{1330E472-B76A-4A3C-A732-B4966BCA8B5F}C:\program files (x86)\winamp\winamp.exe" | In - Public - P17 - TRUE | .(.Nullsoft, Inc. - Winamp.) -- C:\program files (x86)\winamp\winamp.exe
O87 - FAEL: "{C5A0AC6F-A965-41A4-B495-40A14A50B29A}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{A994587A-839C-4625-8E5A-F01702E8185F}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{58D60011-6150-4F81-9C8B-F3D878E257A6}" | In - Public - P6 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\x64\maconfservice.exe
O87 - FAEL: "{B17786E5-F539-4783-A134-D887CE3290FD}" | In - Public - P17 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\x64\maconfservice.exe
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 0 | (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe
SR - | Auto 17/08/2010 135336 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 03/01/2002 267944 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 05/11/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SS - | Demand 24/01/2011 420864 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe
---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
Run by Kenny Powers at 09/02/2011 09:34:15
1 réponse
benurrr
Messages postés
9643
Date d'inscription
samedi 24 mai 2008
Statut
Contributeur sécurité
Dernière intervention
11 janvier 2012
107
9 févr. 2011 à 10:23
9 févr. 2011 à 10:23
salut
içi une astuce pour la supression de gomeo
https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc
içi une astuce pour la supression de gomeo
https://www.commentcamarche.net/faq/2490-supprimer-les-adwares-publicites-intempestives-pop-up-etc