Supprimer hiddenext/crypted et heur/crypted

pec5 -  
gdbod Messages postés 14 Statut Membre -
Bonjour,

Voila, je viens de rentrer et antivir me détecte hiddenext/crypted et heur/crypted dans un fichier qui se trouve sur : c:/users/..../app dat/local/temp/tn7en7h4a66.exe

j'attends vos instructions,
merci d'avance.



A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
juju666 Messages postés 38404 Statut Contributeur sécurité 4 796
 
@Vent d'ouest : en plus d'avoir utilisé mon canned [tu te mettra à la tâche pour faire les tiens] tu as ici l exemple que je te parlais hier : un hook légitime du MBR.

TDSS Killer n'a lieu d'être pour ce cas.

De plus, ComboFix a supprimé une application légitime : cacaoweb n'est pas néfaste.

A+
.::. Contributeur Sécurité .::.
1
Réponse 2 / 21
Vent d'ouest Messages postés 714 Statut Membre 41
 
Salut,

Télécharge ComboFix (de sUBs) sur ton Bureau.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
* Il va te demander d'installer la console de récupération : ACCEPTE !.
* Ne touche pas au pc durant le scan.
* Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
0
Réponse 3 / 21
gdbod Messages postés 14 Statut Membre
 
Bonsoir,

J'ai poster ma question avant d'être inscrit sous le forum, et je me suis inscrit sous un nom différent, mais je suis bien pec5.

Tous d'abord merci pour ton aide et voici le rapport :

ComboFix 11-05-16.01 - Bool 16/05/2011 20:28:01.1.4 - x64
Microsoft Windows 7 Professionnel 6.1.7601.1.1252.33.1036.18.4079.2598 [GMT 2:00]
Lancé depuis: d:\téléchargement\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Bool\AppData\Roaming\cacaoweb
c:\users\Bool\AppData\Roaming\cacaoweb\ad96D9145E8C867A23E1125CAAA9681BE1.ad
c:\users\Bool\AppData\Roaming\cacaoweb\adstorage.db
c:\users\Bool\AppData\Roaming\cacaoweb\cacaoweb.exe
c:\users\Bool\AppData\Roaming\cacaoweb\replicating48F3E345B89138CBB49C50156896E1ED.cacao
c:\users\Bool\AppData\Roaming\cacaoweb\replicating6EB43FA71E6F33A894BFF060077AE784.cacao
c:\users\Bool\AppData\Roaming\cacaoweb\replicating7A7F7A97478CB921B01585E21980B0DB.cacao
c:\users\Bool\AppData\Roaming\cacaoweb\replicatingA878635A24EE94F14F0B7DBAAB7B8E13.cacao
c:\users\Bool\AppData\Roaming\cacaoweb\replicatingBC433BA3C1F15321C18B93FCD98E8469.cacao
c:\users\Bool\AppData\Roaming\cacaoweb\replicatingC3994D1DACB44D14793D473EA063D221.cacao
c:\users\Bool\AppData\Roaming\cacaoweb\replicatingD723D7EBE9D3C727703CA9756F2B2FB3.cacao
c:\users\Bool\AppData\Roaming\cacaoweb\replicatingF6CD467E048874A43B7FCD1CA2AEE1C3.cacao
c:\users\Bool\AppData\Roaming\cacaoweb\storage.db
c:\users\Bool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rundll32 .exe
c:\users\Bool\AppData\Roaming\TN7EN7H4A66.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-04-16 au 2011-05-16 ))))))))))))))))))))))))))))))))))))
.
.
2011-05-16 17:08 . 2011-05-16 17:08 -------- d-----w- c:\users\Bool\AppData\Local\{FC272E97-0A35-4D15-BC05-83546723CB5E}
2011-05-16 15:28 . 2011-05-16 15:28 388096 ----a-r- c:\users\Bool\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-16 15:28 . 2011-05-16 15:28 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-15 12:04 . 2011-05-15 12:04 -------- d-----w- c:\users\Bool\AppData\Local\SKIDROW
2011-05-14 17:07 . 2011-05-16 05:08 -------- d-----w- c:\users\Bool\AppData\Local\{EECA1257-3AFB-45FB-A386-F8EEBDF65278}
2011-05-14 08:28 . 2009-08-24 20:13 34304 ----a-w- c:\windows\system32\DfSdkBt.exe
2011-05-13 17:07 . 2011-05-14 05:07 -------- d-----w- c:\users\Bool\AppData\Local\{29247309-72A2-4B59-89C3-25AE697E7E1F}
2011-05-13 16:17 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-13 16:17 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-13 15:11 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-13 15:11 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-13 15:11 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-13 05:06 . 2011-05-13 05:06 -------- d-----w- c:\users\Bool\AppData\Local\{1962222F-8AA4-41F7-BF51-B2CE64B539AF}
2011-05-12 17:06 . 2011-05-12 17:06 -------- d-----w- c:\users\Bool\AppData\Local\{0F6C679C-3479-4E88-995C-2A14F3E48E58}
2011-05-12 05:06 . 2011-05-12 05:06 -------- d-----w- c:\users\Bool\AppData\Local\{D26CE2AE-C9D8-4910-8F4F-5828B85507ED}
2011-05-11 17:06 . 2011-05-11 17:06 -------- d-----w- c:\users\Bool\AppData\Local\{0B7C8096-46AB-41FD-B9B6-7F16DFDD712B}
2011-05-11 05:05 . 2011-05-11 05:06 -------- d-----w- c:\users\Bool\AppData\Local\{BCF9529D-D139-4DD3-88AF-2B6DA8BF2D11}
2011-05-10 17:05 . 2011-05-10 17:05 -------- d-----w- c:\users\Bool\AppData\Local\{72B375A5-B37B-4D43-9025-2216C9E125FD}
2011-05-10 05:05 . 2011-05-10 05:05 -------- d-----w- c:\users\Bool\AppData\Local\{D85FF01F-3B84-41C8-929A-B866CBEFAF05}
2011-05-09 17:05 . 2011-05-09 17:05 -------- d-----w- c:\users\Bool\AppData\Local\{CE626681-5D67-42C3-98D7-7C427767CE87}
2011-05-09 05:05 . 2011-05-09 05:05 -------- d-----w- c:\users\Bool\AppData\Local\{2299A396-A643-4C8D-8F00-35879E44D8FD}
2011-05-08 17:04 . 2011-05-08 17:05 -------- d-----w- c:\users\Bool\AppData\Local\{A04D248E-6124-4DD8-9319-6BDAC3DD0EBF}
2011-05-08 05:04 . 2011-05-08 05:04 -------- d-----w- c:\users\Bool\AppData\Local\{2E8701B6-318F-4C6C-B7A1-FF69364E208F}
2011-05-07 17:04 . 2011-05-07 17:04 -------- d-----w- c:\users\Bool\AppData\Local\{B17CD30F-29A7-49E1-86AF-A9B2B2DBE702}
2011-05-07 05:04 . 2011-05-07 05:04 -------- d-----w- c:\users\Bool\AppData\Local\{EB710DB4-103D-44F2-8AD6-7861124166C0}
2011-05-06 17:04 . 2011-05-06 17:04 -------- d-----w- c:\users\Bool\AppData\Local\{36A4396C-DF31-41E8-A7DD-4AC62DD429D1}
2011-05-06 05:03 . 2011-05-06 05:04 -------- d-----w- c:\users\Bool\AppData\Local\{8DB1F28D-465F-4C33-9378-06FAAE53CB3A}
2011-05-05 17:03 . 2011-05-05 17:03 -------- d-----w- c:\users\Bool\AppData\Local\{A754597B-9747-4A62-B15B-38C9F571B309}
2011-05-05 05:03 . 2011-05-05 05:03 -------- d-----w- c:\users\Bool\AppData\Local\{CBD957A0-ABF3-480C-80DA-DC905A071BE5}
2011-05-04 19:05 . 2011-05-04 19:05 -------- d-----w- c:\users\Bool\AppData\Local\ElevatedDiagnostics
2011-05-04 17:03 . 2011-05-04 17:03 -------- d-----w- c:\users\Bool\AppData\Local\{AB72615B-93CB-4317-AEE5-08A46068A694}
2011-05-04 05:03 . 2011-05-04 05:03 -------- d-----w- c:\users\Bool\AppData\Local\{D571FA7E-2512-4441-9BEA-04DF87DFAF88}
2011-05-03 14:19 . 2011-05-03 14:19 -------- d-----w- c:\users\Bool\AppData\Local\{8170EA2C-FF72-4AEC-A357-89E5CC695AC1}
2011-05-02 16:34 . 2011-05-02 16:34 -------- d-----w- c:\users\Bool\AppData\Local\{D22839A9-754C-47FD-8532-8852672FB531}
2011-05-02 04:34 . 2011-05-02 04:34 -------- d-----w- c:\users\Bool\AppData\Local\{D87094D5-4A14-4B92-A139-3579D937D500}
2011-05-01 16:34 . 2011-05-01 16:34 -------- d-----w- c:\users\Bool\AppData\Local\{AB53041D-1F7C-4071-A002-11006410ED7F}
2011-05-01 04:34 . 2011-05-01 04:34 -------- d-----w- c:\users\Bool\AppData\Local\{B755D4D7-7038-4F88-BB23-6BAF8B3A262E}
2011-04-30 16:33 . 2011-04-30 16:34 -------- d-----w- c:\users\Bool\AppData\Local\{088AFAB3-7411-49DF-B298-27D0768994D7}
2011-04-29 04:33 . 2011-04-30 04:33 -------- d-----w- c:\users\Bool\AppData\Local\{84B3C6A5-00E9-4EF7-BE4A-22A7483FE8EA}
2011-04-28 20:34 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-28 20:34 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-28 20:34 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-28 20:34 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-28 20:34 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-28 20:34 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-28 20:34 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-28 20:34 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2011-04-28 20:34 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-04-28 20:34 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-04-28 20:34 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-04-28 20:33 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-28 20:33 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-28 20:33 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-28 20:33 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-28 20:33 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-28 20:33 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-04-26 02:44 . 2011-04-28 14:45 -------- d-----w- c:\users\Bool\AppData\Local\{2420A446-4735-4183-9894-885FD0B28DDC}
2011-04-25 14:43 . 2011-04-25 14:43 -------- d-----w- c:\users\Bool\AppData\Local\{D22D5EFD-0357-40CA-B35B-8DC77AF83803}
2011-04-25 02:43 . 2011-04-25 02:43 -------- d-----w- c:\users\Bool\AppData\Local\{7944CF6F-742C-46C1-90DA-641DCEB9E0F4}
2011-04-24 14:43 . 2011-04-24 14:43 -------- d-----w- c:\users\Bool\AppData\Local\{DE8B4702-6F5B-491D-858E-DC3F59C4512D}
2011-04-24 02:43 . 2011-04-24 02:43 -------- d-----w- c:\users\Bool\AppData\Local\{CBAE5443-B6CD-401F-9D1A-F02DE6918EF1}
2011-04-23 14:43 . 2011-04-23 14:43 -------- d-----w- c:\users\Bool\AppData\Local\{53242DD5-DFF9-4E0D-93AA-138C7F45D277}
2011-04-23 02:42 . 2011-04-23 02:42 -------- d-----w- c:\users\Bool\AppData\Local\{8094A909-0159-412D-9C55-0C4D95869DCB}
2011-04-22 14:42 . 2011-04-22 14:42 -------- d-----w- c:\users\Bool\AppData\Local\{A11D90A3-961F-4911-9C12-D369812A7617}
2011-04-22 02:42 . 2011-04-22 02:42 -------- d-----w- c:\users\Bool\AppData\Local\{BB89B1D3-D339-44EE-9FD6-06D3F1C2C3D2}
2011-04-21 17:30 . 2011-04-21 18:08 -------- d-----w- c:\programdata\ThumbnailCache4R
2011-04-21 17:26 . 2011-04-21 17:26 -------- d-----w- c:\users\Bool\AppData\Roaming\Lexmark Productivity Studio
2011-04-21 17:22 . 2011-05-04 19:26 -------- d-----w- c:\programdata\Lx_cats
2011-04-21 17:22 . 2009-10-16 11:12 177664 ----a-w- c:\windows\system32\Spool\prtprocs\x64\lxdxdrpp.dll
2011-04-21 17:20 . 2009-10-16 08:28 745984 ----a-w- c:\windows\system32\lxdxcoin.dll
2011-04-21 17:20 . 2008-05-14 17:41 1462272 ----a-w- c:\windows\system32\lxdxg.dll
2011-04-21 17:20 . 2011-04-21 17:20 -------- d-----w- C:\drivers
2011-04-21 15:44 . 2011-04-21 15:44 -------- d-----w- c:\users\Bool\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
2011-04-21 15:44 . 2011-04-21 15:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-04-21 15:43 . 2011-04-21 15:43 -------- d-----w- c:\users\Bool\AppData\Local\Adobe
2011-04-21 14:42 . 2011-04-21 14:42 -------- d-----w- c:\users\Bool\AppData\Local\{0D327EE2-34F2-4278-9FF3-2BF2C934C830}
2011-04-21 02:41 . 2011-04-21 02:42 -------- d-----w- c:\users\Bool\AppData\Local\{0E9DFDAC-119C-410F-86A5-10BE37E6B887}
2011-04-20 21:12 . 2011-04-20 21:12 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-20 21:12 . 2011-04-20 21:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-20 19:02 . 2011-04-20 19:02 -------- d-----w- c:\programdata\Splashtop
2011-04-20 19:02 . 2011-04-20 19:02 -------- d-----w- c:\program files (x86)\Splashtop
2011-04-20 19:02 . 2011-05-15 13:50 -------- d-----w- c:\program files (x86)\Downloaded Installations
2011-04-20 14:41 . 2011-04-20 14:41 -------- d-----w- c:\users\Bool\AppData\Local\{009820CE-B03F-436E-9B69-C91D122F1489}
2011-04-20 02:41 . 2011-04-20 02:41 -------- d-----w- c:\users\Bool\AppData\Local\{22AFDA94-94EC-4DD1-AB6C-AA5ECC377B87}
2011-04-19 14:41 . 2011-04-19 14:41 -------- d-----w- c:\users\Bool\AppData\Local\{7C755DD6-CEF9-4838-9F76-7AAD01E7E056}
2011-04-19 02:41 . 2011-04-19 02:41 -------- d-----w- c:\users\Bool\AppData\Local\{FD83D4C0-ED98-4B68-AFE0-76ECB9576519}
2011-04-18 14:41 . 2011-04-18 14:41 -------- d-----w- c:\users\Bool\AppData\Local\{046EC97A-6DC8-4083-88A7-C45A56F77BE5}
2011-04-18 02:40 . 2011-04-18 02:40 -------- d-----w- c:\users\Bool\AppData\Local\{4AA732C7-280A-4F0C-9262-18849A1E15E8}
2011-04-17 14:40 . 2011-04-17 14:40 -------- d-----w- c:\users\Bool\AppData\Local\{A608215D-10DB-433B-A744-51D0BF46284C}
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-16 15:58 . 2011-04-08 15:51 30528 ----a-w- c:\windows\GVTDrv64.sys
2011-05-16 15:58 . 2011-04-08 15:51 25640 ----a-w- c:\windows\gdrv.sys
2011-05-16 15:58 . 2011-04-10 13:44 151552 ----a-w- c:\windows\KMSEmulator.exe
2011-04-28 17:55 . 2011-04-10 14:10 419840 ----a-w- c:\windows\system32\systemcpl.dll
2011-04-28 17:55 . 2011-04-10 14:10 14848 ----a-w- c:\windows\system32\slwga.dll
2011-04-28 17:55 . 2011-04-10 14:10 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2011-04-11 18:11 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-10 14:17 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-10 14:17 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-04-10 13:00 . 2011-04-10 13:00 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-10 13:00 . 2011-04-10 13:00 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-09 10:44 . 2011-04-09 10:44 2724120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-09 10:43 . 2011-04-09 10:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-09 10:43 . 2011-04-09 10:43 639296 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-09 08:07 . 2011-04-09 08:07 25640 ----a-w- c:\windows\etdrv.sys
2011-04-09 06:04 . 2011-04-09 06:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-09 06:04 . 2011-04-09 06:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-09 06:04 . 2011-04-09 06:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-09 06:04 . 2011-04-09 06:04 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-09 06:04 . 2011-04-09 06:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-09 06:04 . 2011-04-09 06:04 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-09 06:04 . 2011-04-09 06:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-09 06:04 . 2011-04-09 06:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-09 06:04 . 2011-04-09 06:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-09 06:04 . 2011-04-09 06:04 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-09 06:04 . 2011-04-09 06:04 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-09 06:04 . 2011-04-09 06:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-09 06:04 . 2011-04-09 06:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-09 06:04 . 2011-04-09 06:04 448512 ----a-w- c:\windows\system32\html.iec
2011-04-09 06:04 . 2011-04-09 06:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-09 06:04 . 2011-04-09 06:04 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-09 06:04 . 2011-04-09 06:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-09 06:04 . 2011-04-09 06:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-09 06:04 . 2011-04-09 06:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-09 06:04 . 2011-04-09 06:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-09 06:04 . 2011-04-09 06:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-09 06:04 . 2011-04-09 06:04 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-09 06:04 . 2011-04-09 06:04 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-09 06:04 . 2011-04-09 06:04 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-09 06:04 . 2011-04-09 06:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-09 06:04 . 2011-04-09 06:04 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-09 06:04 . 2011-04-09 06:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-09 06:04 . 2011-04-09 06:04 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-09 06:04 . 2011-04-09 06:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-09 06:04 . 2011-04-09 06:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-09 06:04 . 2011-04-09 06:04 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-09 06:04 . 2011-04-09 06:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-09 06:04 . 2011-04-09 06:04 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-09 06:04 . 2011-04-09 06:04 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-09 06:04 . 2011-04-09 06:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-09 06:04 . 2011-04-09 06:04 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-09 06:04 . 2011-04-09 06:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-09 06:04 . 2011-04-09 06:04 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-09 06:04 . 2011-04-09 06:04 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-09 06:04 . 2011-04-09 06:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-09 06:04 . 2011-04-09 06:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-09 06:04 . 2011-04-09 06:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-23 08:11 . 2011-04-08 16:42 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B300077F-A195-4085-A007-4C652B190A5C}\mpengine.dll
2011-03-11 06:34 . 2011-04-13 15:29 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-13 15:29 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-13 15:29 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-13 15:29 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-08 06:29 . 2011-04-13 15:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-13 15:29 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:19 . 2011-04-28 20:33 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-28 20:33 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-13 15:29 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-13 15:29 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-13 15:29 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-13 15:29 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-03-01 10:12 . 2011-04-11 16:05 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-03-01 10:12 . 2011-04-11 16:05 33152 ----a-w- c:\windows\system32\LMIport.dll
2011-03-01 10:12 . 2011-04-11 16:05 80768 ----a-w- c:\windows\system32\LMIinit.dll
2011-02-28 06:09 . 2011-04-08 15:43 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2011-02-24 06:15 . 2011-04-13 15:29 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:38 . 2011-04-13 15:29 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56 . 2011-04-13 15:28 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:56 . 2011-04-13 15:29 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:56 . 2011-04-13 15:29 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:55 . 2011-04-13 15:29 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:55 . 2011-04-13 15:28 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:55 . 2011-04-13 15:28 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:55 . 2011-04-13 15:28 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-22 10:59 . 2011-04-08 15:46 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll
2011-02-19 12:05 . 2011-04-09 05:59 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-04-09 05:59 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-04-09 05:59 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 12:03 . 2011-04-13 15:29 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 09:00 . 2011-04-13 15:29 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-02-19 06:30 . 2011-04-09 05:59 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-04-09 05:59 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-19 06:30 . 2011-04-13 15:29 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-19 04:34 . 2011-04-13 15:29 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-18 14:36 . 2011-02-18 14:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-02-04 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"BCSSync"="d:\installation programmes\Microsoft office 2010\Office14\BCSSync.exe" [2010-03-13 91520]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [2009-10-16 29184]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [x]
R3 DfSdkS;Defragmentation-Service;d:\installation programmes\Ashampoo WinOptimizer 8\DfsdkS64.exe [2011-05-12 544768]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2011-04-09 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-05-16 30528]
R3 maconfservice;Ma-Config Service;c:\program files (x86)\ma-config.com\maconfservice.exe [2011-03-10 311744]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\installation programmes\Microsoft office 2010\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WO_LiveService;Ashampoo LiveTuner Service;d:\installation programmes\Ashampoo WinOptimizer 8\LiveTunerService.exe [2011-05-12 884608]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;d:\installation programmes\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys [2011-05-12 12824]
S2 LMIGuardianSvc;LMIGuardianSvc;d:\installation programmes\LogMeIn\x64\LMIGuardianSvc.exe [2011-03-01 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;d:\installation programmes\LogMeIn\x64\RaInfo.sys [2010-09-17 15928]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2009-10-16 1039872]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-05-11 1771336]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-03-08 341832]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 radpms;Driver for RADPMS Device;c:\windows\system32\DRIVERS\radpms.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-05-16 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-04-10 13:44]
.
2011-05-16 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-04-10 13:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-05 444752]
.
[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-18 11775592]
"LogMeIn GUI"="d:\installation programmes\LogMeIn\x64\LogMeInSystray.exe" [2010-09-17 57928]
"lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-03 672424]
"lxdxamon"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe" [2010-02-03 16040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"RPMKickstart"="c:\program files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe" [2010-08-23 2552320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mythos-europe.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - d:\instal~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - d:\instal~1\MICROS~1\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Bool\AppData\Roaming\Mozilla\Firefox\Profiles\1v62jq6a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
user_pref(surfcanyon.inst_id,'fdb9f4f1733f463a');
user_pref(surfcanyon.inst_timestamp,09 04 2011 Saturday 7 47 20);
user_pref(surfcanyon.partner_code,'AFA');
user_pref(extensions.kwiclick.channel.campaign,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.content,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.id,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.cse,'009607407620987551725:3hfwsbgoj80');
user_pref(extensions.kwiclick.channel.medium,'cpa');
user_pref(extensions.kwiclick.channel.source,'AddonFoxInt');
user_pref(extensions.kwiclick.channel.set,true);
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)
Wow6432Node-HKCU-Run-cacaoweb - c:\users\Bool\AppData\Roaming\cacaoweb\cacaoweb.exe
Wow6432Node-HKCU-Run-W6RHW3IVYITR8 - c:\users\Bool\AppData\Roaming\TN7EN7H4A66.exe
Wow6432Node-HKLM-Run-W6RHW3IVYITR8 - c:\users\Bool\AppData\Roaming\TN7EN7H4A66.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-05-16 20:32:10
ComboFix-quarantined-files.txt 2011-05-16 18:32
.
Avant-CF: 34 890 825 728 octets libres
Après-CF: 34 625 482 752 octets libres
.
- - End Of File - - 7908FA89A9FCC6D282CA7A1A598EBF06
0
Réponse 4 / 21
Vent d'ouest Messages postés 714 Statut Membre 41
 
Ok gdbob....

L'outil que ns venons d'"utiliser a bien travaillé !

La détection de Antivir à savoir :

c:\users\Bool\AppData\Roaming\TN7EN7H4A66.exe , a été virée...


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

c:\users\Bool\AppData\Roaming\TN7EN7H4A66.exe

mais il en reste ....


1)
Télécharge MBAM et installe le selon l'emplacement par défaut
http://www.malwarebytes.org/mbam.php
* Effectue la mise à jour et lance Malwarebytes' Anti-Malware
* Clique dans l'onglet du haut "Recherche"
* Coche l'option "Exécuter un examen rapide" puis sur le bouton "Rechercher"
* Choisis de scanner tous tes disques durs, puis clique sur 'Lancer l'examen"

A la fin de l'analyse, si MBAM n'a rien trouvé :

* Clique sur OK, le rapport s'ouvre spontanément

Si des menaces ont été détectées :

* Clique sur OK puis "Afficher les résultats"
* Choisis l'option "Supprimer la sélection"
* Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
* Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs"
* Sinon le rapport s'ouvre automatiquement après la suppression

Quelque soit le résultat, copie/colle le rapport dans le prochain message


2)
* Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
http://www.teamxscript.org/adremoverTelechargement.html

/!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\

Désactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « NETTOYER »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
gdbod Messages postés 14 Statut Membre
 
le rapport MBAM :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6592

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

16/05/2011 21:17:14
mbam-log-2011-05-16 (21-17-14).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 154775
Temps écoulé: 46 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



et le rapport ad-Remover :
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 21:42:03 le 16/05/2011, Mode normal

Microsoft Windows 7 Professionnel Service Pack 1 (X64)
Bool@BOOL-PC (Gigabyte Technology Co., Ltd. P61-USB3-B3)

============== ACTION(S) ==============


Dossier supprimé: C:\Users\Bool\AppData\Roaming\Mozilla\FireFox\Profiles\1v62jq6a.default\conduit
Dossier supprimé: C:\Program Files (x86)\Ask.com
Dossier supprimé: C:\Users\Bool\AppData\LocalLow\AskToolbar

(!) -- Fichiers temporaires supprimés.


-- Fichier ouvert: C:\Users\Bool\AppData\Roaming\Mozilla\FireFox\Profiles\1v62jq6a.default\Prefs.js --
Ligne supprimée: user_pref("CT2851639.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT285...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1243674/1239347/FR", "\"0\"...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/FR", "\"0\"")...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2851639", ...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3....
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2851639",...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2851639/CT2851639...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"634...
Ligne supprimée: user_pref("CommunityToolbar.EngineOwner", "CT2851639");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerGuid", "{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}");
Ligne supprimée: user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar_fr");
Ligne supprimée: user_pref("CommunityToolbar.IsEngineShown", true);
Ligne supprimée: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwner", "");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Ligne supprimée: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Ligne supprimée: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe...
Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList", "CT2851639");
Ligne supprimée: user_pref("CommunityToolbar.ToolbarsList2", "CT2851639");
Ligne supprimée: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 09 2011 12:20:10 GMT+02...
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Apr 09 2011 14:19:24 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.locale", "en");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Apr 09 2011 12:20:07 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
Ligne supprimée: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Ligne supprimée: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Ligne supprimée: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Ligne supprimée: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Ligne supprimée: user_pref("CommunityToolbar.alert.userId", "0d91d3cf-533a-4d9f-9551-aee7e80e938c");
Ligne supprimée: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Apr 09 2011 12:20:08 GMT+0200");
Ligne supprimée: user_pref("CommunityToolbar.globalUserId", "ba245702-7d4e-4d96-b200-92b2e36bed7e");
Ligne supprimée: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Ligne supprimée: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Ligne supprimée: user_pref("extensions.asktb.cbid", "F4");
Ligne supprimée: user_pref("extensions.asktb.crumb", "2011.04.12+10.46.55-toolbar001iad-FR-UG9pdGllcnMsRnJhbmNl");
Ligne supprimée: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://fr.ask.com/web?q={query}&qsrc={qsrc}&...
Ligne supprimée: user_pref("extensions.asktb.dtid", "YYYYYYYYFR");
Ligne supprimée: user_pref("extensions.asktb.fresh-install", false);
Ligne supprimée: user_pref("extensions.asktb.l", "dis");
Ligne supprimée: user_pref("extensions.asktb.last-config-req", "1302630415867");
Ligne supprimée: user_pref("extensions.asktb.locale", "fr_FR");
Ligne supprimée: user_pref("extensions.asktb.o", "101699");
Ligne supprimée: user_pref("extensions.asktb.options-lang", "fr");
Ligne supprimée: user_pref("extensions.asktb.options-locale", "UK");
Ligne supprimée: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Ligne supprimée: user_pref("extensions.asktb.qsrc", "2871");
Ligne supprimée: user_pref("extensions.asktb.r", "4");
Ligne supprimée: user_pref("extensions.asktb.search-suggestions-enabled", false);
-- Fichier Fermé --


Clé supprimée: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé supprimée: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé supprimée: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé supprimée: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé supprimée: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé supprimée: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Clé supprimée: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Clé supprimée: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKCU\Software\Ask.com
Clé supprimée: HKCU\Software\AppDataLow\AskToolbarInfo
Clé supprimée: HKCU\Software\AppDataLow\Software\AskToolbar
Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [4.0.1 (fr)] ****

Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Users\Bool\AppData\Roaming\Mozilla\FireFox\Profiles\1v62jq6a.default --
Extensions\cacaoweb@cacaoweb.org (cacaoweb)
Extensions\LogMeInClient@logmein.com (LogMeIn, Inc. Remote Access Plugin)
Prefs.js - browser.download.dir, D:\\Téléchargement
Prefs.js - browser.startup.homepage, hxxp://www.google.com/
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
Prefs.js - keyword.URL, hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?)
HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - D:\Installation programmes\Veetle\Player\vtl_hfs.exe (?)
HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - D:\Installation programmes\Veetle\Player\player.exe (?)
HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - D:\Installation programmes\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - D:\Installation programmes\Veetle\Player\vtl_hfs.exe (?)
HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - D:\Installation programmes\Veetle\Player\player.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - D:\Installation programmes\Veetle\Player\vtl_hfax.exe (?)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 34 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 16/05/2011 21:44:13 (11410 Octet(s))

Fin à: 21:44:46, 16/05/2011

============== E.O.F ==============
0
Réponse 6 / 21
Vent d'ouest Messages postés 714 Statut Membre 41
 
Merci....

Peux tu me refaire un nouveau ZHPdiag et me dire ou en sont tes soucis stp?
0
Réponse 7 / 21
gdbod Messages postés 14 Statut Membre
 
je n'ai pour l'instant pas fait de zhpdiag, comment dois-je procéder.

encore merci.
0
Réponse 8 / 21
gdbod Messages postés 14 Statut Membre
 
c'est bon je suis entrain de faire le diag.
0
Réponse 9 / 21
Vent d'ouest Messages postés 714 Statut Membre 41
 
Effectivement....

Pour un diagnostic du pc:

Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Une fois le téléchargement achevé, double clique sur ZHPDiag.exe et suis les instructions.

/!\Utilisateurs de Vista et Windows 7 : Clique droit sur le logo de ZHPDiag.exe, « exécuter en tant qu'Administrateur »

N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.
- Double clique sur le raccourci ZHPDiag sur ton Bureau pour le lancer.
(/!\L'outil a créé 2 icônes ZHPDiag et ZHPFix)
- Clique sur la loupe pour lancer l'analyse.
- Laisse l'outil travailler, il peut être assez long.
- Ferme ZHPDiag en fin d'analyse.
- Pour transmettre le rapport clique sur ce lien : http://www.cijoint.fr/
- Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).
- Sélectionne le fichier ZHPDiag.txt.
- Clique sur "Cliquez ici pour déposer le fichier".
- Un lien de cette forme : http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt est ajouté dans la page.
- Copie ce lien dans ta réponse.
0
Réponse 10 / 21
gdbod Messages postés 14 Statut Membre
 
Voici le rapport posté en plusieurs parties :

Rapport de ZHPDiag v1.27.204 par Nicolas Coolman, Update du 14/05/2011
Run by Bool at 16/05/2011 22:21:53
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 4.0.1 v4.0.1 (Defaut)

---\\ System Information
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4079 MB (68% free)
System Restore: Activé (Enable)
System drive C: has 32 GB (55%) free of 58 GB

---\\ Logged in mode
Computer Name: BOOL-PC
User Name: Bool
All Users Names: LogMeInRemoteUser, Bool, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Users\Bool\AppData\Roaming
%LocalAppData%=C:\Users\Bool\AppData\Local
%StartMenu%=C:\Users\Bool\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 32 Go of 58 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 363 Go of 407 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Free 0 Go of 7 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256]
[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.09/04/2011 07:04:15.) -- C:\Windows\system32\wininet.dll [1126912]



---\\ Processus lancés
[MD5.BE0D4F98717DBAABBE0A785C9B854F21] - (.Pas de propriétaire - Printer Device Monitor.) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe [672424]
[MD5.94FC17328A678EC9C2B0BCF3E4C4C538] - (.Pas de propriétaire - Printer Card Transfer Monitor.) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxMsdMon.exe [25256]
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064]
[MD5.D2AEADFD998706B4216315B2BD3FA79E] - (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920]
[MD5.E83508D9A0F0D0D8449317DC6A4C5E02] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924632]
[MD5.AC42E793F760034FC6F0BACB17E94003] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [646144]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [Bool] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Bool] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Bool] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Bool] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Bool] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Bool] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Bool] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.dll
M0 - MFSP: prefs.js [Bool - 1v62jq6a.default] https://www.google.com/?gws_rd=ssl
M2 - MFEP: prefs.js [Bool - 1v62jq6a.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.15 (.http://www.cacaoweb.org/
M2 - MFEP: prefs.js [Bool - 1v62jq6a.default\LogMeInClient@logmein.com] [] LogMeIn, Inc. Remote Access Plugin v1.0.0.652 (.LogMeIn, Inc..)



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.microsoft.com/fr-fr/
R0 - HKUS\S-1-5-21-724938534-2859154375-2452524616-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: GBHO.BHO [64Bits] - {45d30484-7ded-43d9-957a-d2fd1f046511} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- mscoree.dll
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Smart Recovery 2 [64Bits] - {1d09c093-f71e-43c3-b948-19316cbd695e} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [LogMeIn GUI] . (.LogMeIn, Inc. - LogMeIn Desktop Application.) -- D:\Installation programmes\LogMeIn\x64\LogMeInSystray.exe
O4 - HKLM\..\Run: [lxdxmon.exe] . (.Pas de propriétaire - Printer Device Monitor.) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
O4 - HKLM\..\Run: [lxdxamon] . (...) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe
O4 - HKLM\..\RunOnce: [RPMKickstart] . (.Gigabyte Technology CO., LTD. - Smart Recovery Kickstart Application.) -- C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
O4 - HKCU\..\Run: [AlcoholAutomount] . (.Alcohol Soft Development Team - Alcohol Virual Drive Auto-mount Service.) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O4 - HKCU\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [ATICustomerCare] . (.Advanced Micro Devices, Inc. - ATI Customer Care.) -- C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- D:\Installation programmes\Microsoft office 2010\Office14\BCSSync.exe
O4 - HKLM\..\Wow6432Node\Run: [ISUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKUS\S-1-5-21-724938534-2859154375-2452524616-1000\..\Run: [AlcoholAutomount] . (.Alcohol Soft Development Team - Alcohol Virual Drive Auto-mount Service.) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
O4 - HKUS\S-1-5-21-724938534-2859154375-2452524616-1000\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
O4 - HKUS\S-1-5-21-724938534-2859154375-2452524616-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\Bool\Desktop\AD-R.lnk . (...) -- C:\Program Files (x86)\Ad-Remover\main.exe
O4 - Global Startup: C:\Users\Bool\Desktop\HiJackThis.lnk . (.Trend Micro Inc..) -- C:\Users\Bool\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
O4 - Global Startup: C:\Users\Bool\Desktop\Ordinateur.lnk - Clé orpheline



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Envoyer à OneNote . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- D:\INSTAL~1\MICROS~1\Office14\ONBttnIE.dll
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Excel.) -- D:\INSTAL~1\MICROS~1\Office14\EXCEL.exe



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~1\Office14\ONBTTN~1.dll



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C405522D-F779-4365-ABDD-3033BA698CD0}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{C405522D-F779-4365-ABDD-3033BA698CD0}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{C405522D-F779-4365-ABDD-3033BA698CD0}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\system32\webcheck.dll



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: C:\Windows\system32\Alg.exe (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe
O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: (AppleChargerSrv) . (...) - C:\system32\AppleChargerSrv.exe
O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: (DfSdkS) . (.mst software GmbH, Germany - mst Defrag SDK Service.) - D:\Installation programmes\Ashampoo WinOptimizer 8\DfsdkS64.exe
O23 - Service: (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: (iPod Service) . (.Apple Inc. - iPodService Module (64-bit).) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: (LMIGuardianSvc) . (.LogMeIn, Inc. - LMIGuardianSvc.) - D:\Installation programmes\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: (LMIMaint) . (.LogMeIn, Inc. - LogMeIn Maintenance Service.) - D:\Installation programmes\LogMeIn\x64\RaMaint.exe
O23 - Service: (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: (LogMeIn) . (.LogMeIn, Inc. - LogMeIn.) - D:\Installation programmes\LogMeIn\x64\LogMeIn.exe
O23 - Service: (lxdxCATSCustConnectService) . (.Lexmark International, Inc. - Lexmark Connect Service Executable.) - C:\Windows\system32\spool\DRIVERS\x64\3\lxdxserv.exe
O23 - Service: (lxdx_device) . (.Pas de propriétaire - Printer Communication System.) - C:\Windows\system32\lxdxcoms.exe
O23 - Service: (maconfservice) . (.CybelSoft - Service de détection matériel.) - C:\Program Files (x86)\ma-config.com\maconfservice.exe
O23 - Service: (Microsoft SharePoint Workspace Audit Service) - Clé orpheline
O23 - Service: (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
O23 - Service: (Smart TimeLock) . (.Gigabyte Technology CO., LTD. - Smart TimeLock Service.) - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: (SplashtopRemoteService) . (.Splashtop Inc. - Splashtop® Remote Streamer Service.) - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: (SSUService) . (.Splashtop Inc. - Splashtop Software Updater Service.) - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: (StarWindServiceAE) . (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe
O23 - Service: (WO_LiveService) . (...) - D:\Installation programmes\Ashampoo WinOptimizer 8\LiveTunerService.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMSDaily.job
[MD5.CCA616647DB9370C88998AE25DA6997F] [APT] [AutoKMS] (.Pas de propriétaire.) -- C:\Windows\AutoKMS\AutoKMS.exe
[MD5.CCA616647DB9370C88998AE25DA6997F] [APT] [AutoKMSDaily] (.Pas de propriétaire.) -- C:\Windows\AutoKMS\AutoKMS.exe
[MD5.415BE7CBC49A34E501D869706E01E656] [APT] [Installation App Launcher] (.Pas de propriétaire.) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (.Pas de propriétaire.) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.)



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (AppleCharger) . (...) - C:\Windows\System32\DRIVERS\AppleCharger.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\System32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
0
Réponse 11 / 21
gdbod Messages postés 14 Statut Membre
 
---\\ Logiciels installés (O42)
O42 - Logiciel: @BIOS - (.GIGABYTE.) [HKLM][64Bits] -- {B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}
O42 - Logiciel: AMD Drag and Drop Transcoding - (.ATI Technologies Inc..) [HKLM] -- {6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}
O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {AE57C044-8912-A181-A0E4-BC2DAB3A092A}
O42 - Logiciel: ATI Catalyst Registration - (.ATI Technologies Inc..) [HKLM][64Bits] -- {11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}
O42 - Logiciel: ATI Stream SDK v2 Developer - (.ATI Technologies Inc..) [HKLM] -- {22441735-5983-AD2A-5CC5-FA2CCD7EF732}
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM][64Bits] -- {2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {8F473675-D702-45F9-8EBC-342B40C17BF5}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {C41300B9-185D-475E-BFEC-39EF732F19B1}
O42 - Logiciel: Ashampoo WinOptimizer 8 v.8.05 - (.Ashampoo GmbH & Co. KG.) [HKLM][64Bits] -- Ashampoo WinOptimizer 8_is1
O42 - Logiciel: Assassin's Creed Brotherhood - (.Ubisoft.) [HKLM][64Bits] -- {BE4BA698-8533-4F77-9559-C7F3F78C0B05}
O42 - Logiciel: AutoGreen B10.1021.1 - (.GIGABYTE.) [HKLM][64Bits] -- InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM][64Bits] -- Avira AntiVir Desktop
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {5FD89EA1-99C2-40EE-BBF5-20F8991ED756}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Definition update for Microsoft Office 2010 (KB982726) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2FD3FD50-4D6B-433B-9AB8-83F04675DA44}
O42 - Logiciel: Easy Tune 6 B10.1216.1 - (.GIGABYTE.) [HKLM][64Bits] -- InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}
O42 - Logiciel: Etron USB3.0 Host Controller - (.Etron Technology.) [HKLM][64Bits] -- InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}
O42 - Logiciel: Etron USB3.0 Host Controller - (.Etron Technology.) [HKLM][64Bits] -- {DFBB738C-71D8-4DC5-B8D2-D65C37680E27}
O42 - Logiciel: Foxit Reader - (.Foxit Corporation.) [HKLM][64Bits] -- Foxit Reader
O42 - Logiciel: Intel(R) Control Center - (.Intel Corporation.) [HKLM][64Bits] -- {F8A9085D-4C7A-41a9-8A77-C8998A96C421}
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}
O42 - Logiciel: Internet TV pour Windows Media Center - (.Microsoft Corporation.) [HKLM][64Bits] -- {9D318C86-AF4C-409F-A6AC-7183FF4CF424}
O42 - Logiciel: Java(TM) 6 Update 24 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216022FF}
O42 - Logiciel: Lexmark 3600-4600 Series - (.Lexmark International, Inc..) [HKLM] -- Lexmark 3600-4600 Series
O42 - Logiciel: LogMeIn - (.LogMeIn, Inc..) [HKLM][64Bits] -- {65179FD8-04C0-40A7-87FC-007F2CD5BF1E}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: Ma-Config.com - (.Cybelsoft.) [HKLM][64Bits] -- {0810B8B7-7539-41D3-983E-6127FCF1CC9E}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}
O42 - Logiciel: Microsoft Office Access MUI (French) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-0015-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (French) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-0016-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Groove MUI (French) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-00BA-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-0044-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Office 64-bit Components 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-002A-0000-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office OneNote MUI (French) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-00A1-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001A-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-0018-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professional Plus 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professionnel Plus 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- Office14.PROPLUSR
O42 - Logiciel: Microsoft Office Proof (Arabic) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001F-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Dutch) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001F-0413-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (French) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-002C-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-0019-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared 64-bit MUI (French) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-002A-040C-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (French) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-006E-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (French) 2010 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90140000-001B-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM][64Bits] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM][64Bits] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - KB2467175 - (.Microsoft Corporation.) [HKLM][64Bits] -- {a0fe116e-9a8a-466f-aee0-625cb7c207e3}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM][64Bits] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM][64Bits] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 - (.Microsoft Corporation.) [HKLM] -- {DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Mozilla Firefox 4.0.1 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 4.0.1 (x86 fr)
O42 - Logiciel: Mythos - (.Frogster Online Gaming GmbH.) [HKLM][64Bits] -- {A2F166A0-F031-4E27-A057-C69733219435}_is1
O42 - Logiciel: ON_OFF Charge B11.0110.1 - (.GIGABYTE.) [HKLM][64Bits] -- {3DECD372-76A1-4483-BF10-B547790A3261}
O42 - Logiciel: Portal 2 - (.Pas de propriétaire.) [HKLM][64Bits] -- Postal 2_is1
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM][64Bits] -- {57752979-A1C9-4C02-856B-FBB27AC4E02C}
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708
O42 - Logiciel: Security Update for Microsoft Excel 2010 (KB2466146) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4D3B2D30-46D3-4DC0-BA73-85306B10E0AE}
O42 - Logiciel: Security Update for Microsoft Office 2010 (KB2289078) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{1D1A4F08-2F17-475B-BA72-476CE5992FEE}
O42 - Logiciel: Security Update for Microsoft Office 2010 (KB2289161) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F134C2C6-30B3-4169-A325-58482B4CE6FC}
O42 - Logiciel: Security Update for Microsoft PowerPoint 2010 (KB2519975) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{45D7C5CD-B967-44AF-9DAB-E5C8545558AD}
O42 - Logiciel: Security Update for Microsoft Publisher 2010 (KB2409055) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{C3C277D5-36E3-4B1A-926A-175B2BC019CF}
O42 - Logiciel: Security Update for Microsoft Word 2010 (KB2345000) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A6D422EE-1196-45EE-B9AE-6B5B64975E8B}
O42 - Logiciel: Smart 6 B10.1221.1 - (.GIGABYTE.) [HKLM][64Bits] -- {3B35725F-C623-4A1E-B5CC-99C0868679E3}
O42 - Logiciel: Splashtop Remote - (.Splashtop Inc..) [HKLM][64Bits] -- InstallShield_{94A1911F-CD2F-4B9C-B171-2B43DCD213AA}
O42 - Logiciel: Splashtop Remote - (.Splashtop Inc..) [HKLM][64Bits] -- {94A1911F-CD2F-4B9C-B171-2B43DCD213AA}
O42 - Logiciel: System Requirements Lab CYRI - (.Husdawg, LLC.) [HKLM][64Bits] -- {679F739E-5C76-4A41-B562-F9392156B6DD}
O42 - Logiciel: Ubisoft Game Launcher - (.UBISOFT.) [HKLM][64Bits] -- {888F1505-C2B3-4FDE-835D-36353EBD4754}
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2473228) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228
O42 - Logiciel: Update for Microsoft Office 2010 (KB2202188) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{86B7A074-265D-420C-9E1E-7A920EF0ECA7}
O42 - Logiciel: Update for Microsoft Office 2010 (KB2413186) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{556146F7-74AE-4E0A-B64F-5B8B93469F61}
O42 - Logiciel: Update for Microsoft Office 2010 (KB2413186) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B5516874-E926-4BFD-B412-D0E70112F244}
O42 - Logiciel: Update for Microsoft Office 2010 (KB2413186) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D6CE7280-6EE3-419A-8F47-DB111C040B1B}
O42 - Logiciel: Update for Microsoft Office 2010 (KB2494150) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}
O42 - Logiciel: Update for Microsoft OneNote 2010 (KB2493983) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{309EEC22-83CE-4109-B019-BA9392FAA322}
O42 - Logiciel: Update for Microsoft Outlook Social Connector (KB2441641) - (.Microsoft.) [HKLM][64Bits] -- {91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{A10DC2B7-6FDA-4C17-9DF0-6A834CAC4306}
O42 - Logiciel: VLC media player 1.1.7 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player
O42 - Logiciel: Veetle TV 0.9.18 - (.Veetle, Inc.) [HKLM][64Bits] -- Veetle TV
O42 - Logiciel: WMV9/VC-1 Video Playback - (.ATI Technologies Inc..) [HKLM] -- {5E2BDF97-E0C7-75AE-29E1-5EA9DA262F2F}
O42 - Logiciel: WinRAR 4.00 (64-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Winamax Poker - (.Table 14.) [HKLM][64Bits] -- wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O42 - Logiciel: Winamax Poker - (.Table 14.) [HKLM][64Bits] -- {EF70C3CE-C4DD-B78B-6381-0FED2DBAC5B8}
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- WinLiveSuite
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {D07A61E5-A59C-433C-BCBD-22025FA2287B}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90}
O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {83C292B7-38A5-440B-A731-07070E81A64F}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM][64Bits] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM][64Bits] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {05E379CC-F626-4E7D-8354-463865B303BF}
O42 - Logiciel: [HKLM\Software\Postal 2_is1] - (.Pas de propriétaire.) [HKLM][64Bits] -- PunkBusterSvc
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {9545E9DB-6F4C-4404-BF25-E221BE8B44C5}
O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKLM][64Bits] -- uTorrent

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AMD]
[HKCU\Software\ATI]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Alcohol Soft]
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Ashampoo]
[HKCU\Software\Avira]
[HKCU\Software\BitTorrent]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\DownloadCenter]
[HKCU\Software\Foxit Software]
[HKCU\Software\Frogster Online Gaming]
[HKCU\Software\Gigabyte]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\InstallShield]
[HKCU\Software\JavaSoft]
[HKCU\Software\LexmarkInkjet]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\LogMeIn]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Mozilla]
[HKCU\Software\Mth]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\Splashtop Inc.]
[HKCU\Software\StarSynergy]
[HKCU\Software\SuperSoftwarePackage]
[HKCU\Software\Sysinternals]
[HKCU\Software\System Requirements Lab]
[HKCU\Software\Trend Micro]
[HKCU\Software\Valve]
[HKCU\Software\Veetle]
[HKCU\Software\Wget]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\cacaoweb]
[HKCU\Software\cybelsoft]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Adobe]
[HKLM\Software\Alcohol Soft]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Ashampoo]
[HKLM\Software\Avira]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Creative Tech]
[HKLM\Software\Even Balance]
[HKLM\Software\Foxit Software]
[HKLM\Software\Frogster Online Gaming]
[HKLM\Software\GEAR Software]
[HKLM\Software\GIGABYTE]
[HKLM\Software\Google]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Khronos]
[HKLM\Software\LexmarkInkjet]
[HKLM\Software\Lexmark]
[HKLM\Software\LogMeIn, Inc.]
[HKLM\Software\LogMeIn]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Mth]
[HKLM\Software\Nevron]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Sonic]
[HKLM\Software\Splashtop Inc.]
[HKLM\Software\Swearware]
[HKLM\Software\TrendMicro]
[HKLM\Software\Ubisoft]
[HKLM\Software\Valve]
[HKLM\Software\Veetle]
[HKLM\Software\VideoLAN]
[HKLM\Software\Waves Audio]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\Software\X-AVCSD]
[HKLM\Software\cybelsoft]
[HKLM\Software\mozilla.org]
[HKLM\Software\swearware]



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/04/2011 - 17:58:36 - [23410969] ----D- C:\Program Files\ATI
O43 - CFD: 08/04/2011 - 17:59:06 - [28] ----D- C:\Program Files\ATI Technologies
O43 - CFD: 09/04/2011 - 11:17:24 - [195920] ----D- C:\Program Files\Bonjour
O43 - CFD: 16/05/2011 - 17:57:24 - [7278424] ----D- C:\Program Files\CCleaner
O43 - CFD: 16/05/2011 - 20:29:44 - [106985228] ----D- C:\Program Files\Common Files
O43 - CFD: 10/04/2011 - 16:29:18 - [90256916] ----D- C:\Program Files\DVD Maker
O43 - CFD: 08/04/2011 - 17:31:02 - [0] -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 08/04/2011 - 17:48:38 - [47900138] ----D- C:\Program Files\GIGABYTE
O43 - CFD: 09/04/2011 - 08:05:56 - [6436368] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 09/04/2011 - 11:18:10 - [1939563] ----D- C:\Program Files\iPod
O43 - CFD: 09/04/2011 - 11:18:18 - [2345448] ----D- C:\Program Files\iTunes
O43 - CFD: 21/04/2011 - 19:21:40 - [77154050] ----D- C:\Program Files\Lexmark 3600-4600 Series
O43 - CFD: 10/04/2011 - 15:40:10 - [22869873] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 08/04/2011 - 17:44:46 - [17625312] ----D- C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 07:32:40 - [36813993] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 10/04/2011 - 16:29:16 - [4039680] ----D- C:\Program Files\Windows Defender
O43 - CFD: 10/04/2011 - 16:29:18 - [9224824] ----D- C:\Program Files\Windows Journal
O43 - CFD: 10/04/2011 - 16:29:18 - [6667776] ----D- C:\Program Files\Windows Mail
O43 - CFD: 10/04/2011 - 16:29:18 - [7687085] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 08/04/2011 - 17:31:02 - [12627636] ----D- C:\Program Files\Windows NT
O43 - CFD: 10/04/2011 - 16:29:18 - [5516056] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 10/04/2011 - 16:29:18 - [244736] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 10/04/2011 - 16:29:18 - [7044767] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 10/04/2011 - 04:34:40 - [5933677] ----D- C:\Program Files\WinRAR
O43 - CFD: 09/04/2011 - 11:17:34 - [6246981] ----D- C:\Program Files\Common Files\Apple
O43 - CFD: 08/04/2011 - 17:59:14 - [241928] ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 11/04/2011 - 20:11:48 - [87690558] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 05:20:10 - [608768] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 14/07/2009 - 17:24:10 - [12194291] ----D- C:\Program Files\Common Files\System
O43 - CFD: 21/04/2011 - 17:44:44 - [0] ----D- C:\ProgramData\Adobe
O43 - CFD: 09/04/2011 - 11:31:12 - [37562904] ----D- C:\ProgramData\Apple
O43 - CFD: 09/04/2011 - 11:18:10 - [65821472] ----D- C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 08/04/2011 - 18:03:20 - [188] ----D- C:\ProgramData\ATI
O43 - CFD: 08/04/2011 - 18:44:28 - [111347307] ----D- C:\ProgramData\Avira
O43 - CFD: 08/04/2011 - 17:31:02 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 08/04/2011 - 17:31:02 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 08/04/2011 - 17:49:14 - [894] ----D- C:\ProgramData\InstallShield
O43 - CFD: 16/05/2011 - 17:53:12 - [390405] ----D- C:\ProgramData\LogMeIn
O43 - CFD: 04/05/2011 - 21:26:48 - [10871] ----D- C:\ProgramData\Lx_cats
O43 - CFD: 08/04/2011 - 17:54:14 - [1210924] ----D- C:\ProgramData\ma-config.com
O43 - CFD: 16/05/2011 - 21:13:48 - [6699137] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 08/04/2011 - 17:31:02 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 28/04/2011 - 19:59:18 - [225456693] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 13/04/2011 - 17:37:38 - [66306] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 08/04/2011 - 17:31:02 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 20/04/2011 - 21:02:52 - [0] ----D- C:\ProgramData\Splashtop
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 09/04/2011 - 18:46:20 - [154] ----D- C:\ProgramData\Sun
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 21/04/2011 - 20:08:54 - [0] ----D- C:\ProgramData\ThumbnailCache4R
O43 - CFD: 10/04/2011 - 15:08:04 - [0] ----D- C:\ProgramData\Ubisoft
O43 - CFD: 21/04/2011 - 17:44:42 - [2489352] ----D- C:\Users\Bool\AppData\Roaming\Adobe
O43 - CFD: 09/04/2011 - 11:36:22 - [12376045] ----D- C:\Users\Bool\AppData\Roaming\Apple Computer
O43 - CFD: 09/04/2011 - 13:27:32 - [0] ----D- C:\Users\Bool\AppData\Roaming\ATI
O43 - CFD: 09/04/2011 - 10:47:24 - [0] ----D- C:\Users\Bool\AppData\Roaming\Avira
O43 - CFD: 12/04/2011 - 19:41:04 - [0] ----D- C:\Users\Bool\AppData\Roaming\Foxit Software
O43 - CFD: 21/04/2011 - 19:26:28 - [137375] ----D- C:\Users\Bool\AppData\Roaming\Lexmark Productivity Studio
O43 - CFD: 09/04/2011 - 08:41:44 - [1989] ----D- C:\Users\Bool\AppData\Roaming\Macromedia
O43 - CFD: 16/05/2011 - 21:13:54 - [2081] ----D- C:\Users\Bool\AppData\Roaming\Malwarebytes
O43 - CFD: 28/04/2011 - 19:58:42 - [16184403] -S--D- C:\Users\Bool\AppData\Roaming\Microsoft
O43 - CFD: 09/04/2011 - 08:31:22 - [22862296] ----D- C:\Users\Bool\AppData\Roaming\Mozilla
O43 - CFD: 10/04/2011 - 15:00:44 - [835440] ----D- C:\Users\Bool\AppData\Roaming\PunkBuster
O43 - CFD: 16/05/2011 - 17:57:24 - [1993732] ----D- C:\Users\Bool\AppData\Roaming\uTorrent
O43 - CFD: 11/04/2011 - 19:02:40 - [1479734] ----D- C:\Users\Bool\AppData\Roaming\vlc
O43 - CFD: 21/04/2011 - 17:44:44 - [2382490] ----D- C:\Users\Bool\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 - CFD: 10/04/2011 - 04:35:24 - [1237116] ----D- C:\Users\Bool\AppData\Roaming\WinRAR
O43 - CFD: 10/04/2011 - 11:01:06 - [4] ----D- C:\Users\Bool\Appdata\Local\Activision
O43 - CFD: 21/04/2011 - 17:43:26 - [228366] ----D- C:\Users\Bool\Appdata\Local\Adobe
O43 - CFD: 09/04/2011 - 11:17:42 - [0] ----D- C:\Users\Bool\Appdata\Local\Apple
O43 - CFD: 10/04/2011 - 04:53:26 - [17410385] ----D- C:\Users\Bool\Appdata\Local\Apple Computer
O43 - CFD: 09/04/2011 - 08:43:54 - [61172] ----D- C:\Users\Bool\Appdata\Local\ATI
O43 - CFD: 04/05/2011 - 21:05:50 - [126503] ----D- C:\Users\Bool\Appdata\Local\ElevatedDiagnostics
O43 - CFD: 11/04/2011 - 18:05:30 - [0] ----D- C:\Users\Bool\Appdata\Local\LogMeIn
O43 - CFD: 04/05/2011 - 21:21:56 - [124691179] ----D- C:\Users\Bool\Appdata\Local\Microsoft
O43 - CFD: 10/04/2011 - 15:39:36 - [0] ----D- C:\Users\Bool\Appdata\Local\Microsoft Help
O43 - CFD: 09/04/2011 - 08:31:20 - [50823202] ----D- C:\Users\Bool\Appdata\Local\Mozilla
O43 - CFD: 15/05/2011 - 14:04:28 - [313] ----D- C:\Users\Bool\Appdata\Local\SKIDROW
O43 - CFD: 16/05/2011 - 22:21:32 - [5764858] ----D- C:\Users\Bool\Appdata\Local\Temp
O43 - CFD: 16/05/2011 - 21:46:16 - [0] ----D- C:\Users\Bool\Appdata\Local\VirtualStore
O43 - CFD: 14/04/2011 - 08:43:38 - [36864] ----D- C:\Users\Bool\Appdata\Local\Windows Live
O43 - CFD: 10/04/2011 - 11:53:20 - [77024550] ----D- C:\Program Files (x86)\Activision
O43 - CFD: 16/05/2011 - 21:42:04 - [92577206] ----D- C:\Program Files (x86)\Ad-Remover
O43 - CFD: 21/04/2011 - 17:44:42 - [56466] ----D- C:\Program Files (x86)\Adobe
O43 - CFD: 10/04/2011 - 04:40:30 - [10822478] ----D- C:\Program Files (x86)\Alcohol Soft
O43 - CFD: 08/04/2011 - 17:47:56 - [0] ----D- C:\Program Files (x86)\AMD
O43 - CFD: 09/04/2011 - 11:17:40 - [2306366] ----D- C:\Program Files (x86)\Apple Software Update
O43 - CFD: 08/04/2011 - 17:59:10 - [556132] ----D- C:\Program Files (x86)\ATI
O43 - CFD: 08/04/2011 - 17:59:12 - [54221243] ----D- C:\Program Files (x86)\ATI Stream
O43 - CFD: 08/04/2011 - 17:58:48 - [40623439] ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 08/04/2011 - 18:44:28 - [119047042] ----D- C:\Program Files (x86)\Avira
O43 - CFD: 09/04/2011 - 09:48:32 - [0] ----D- C:\Program Files (x86)\Babylon
O43 - CFD: 09/04/2011 - 11:17:24 - [617144] ----D- C:\Program Files (x86)\Bonjour
O43 - CFD: 16/05/2011 - 20:29:44 - [506822534] ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 15/05/2011 - 15:50:10 - [11148808] ----D- C:\Program Files (x86)\Downloaded Installations
O43 - CFD: 08/04/2011 - 17:46:08 - [1171582] ----D- C:\Program Files (x86)\Etron Technology
O43 - CFD: 08/04/2011 - 17:49:28 - [133694222] ----D- C:\Program Files (x86)\GIGABYTE
O43 - CFD: 16/05/2011 - 17:57:24 - [38211705] --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 08/04/2011 - 17:46:38 - [11188611] ----D- C:\Program Files (x86)\Intel
O43 - CFD: 09/04/2011 - 11:17:54 - [6275704] ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 09/04/2011 - 11:18:18 - [125826839] ----D- C:\Program Files (x86)\iTunes
O43 - CFD: 10/04/2011 - 10:28:02 - [88363038] ----D- C:\Program Files (x86)\Java
O43 - CFD: 21/04/2011 - 19:22:14 - [69973965] ----D- C:\Program Files (x86)\Lexmark 3600-4600 Series
O43 - CFD: 21/04/2011 - 19:21:36 - [2315014] ----D- C:\Program Files (x86)\Lexmark Toolbar
O43 - CFD: 08/04/2011 - 17:54:16 - [5657562] ----D- C:\Program Files (x86)\ma-config.com
O43 - CFD: 10/04/2011 - 15:39:52 - [39848379] ----D- C:\Program Files (x86)\Microsoft Analysis Services
O43 - CFD: 25/04/2011 - 20:29:10 - [38388859] ----D- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 10/04/2011 - 15:41:36 - [1805760] ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 10/04/2011 - 15:41:36 - [793991] ----D- C:\Program Files (x86)\Microsoft Sync Framework
O43 - CFD: 10/04/2011 - 15:41:56 - [326800] ----D- C:\Program Files (x86)\Microsoft Synchronization Services
O43 - CFD: 10/04/2011 - 15:40:32 - [1378033] ----D- C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 10/04/2011 - 16:38:50 - [8167779] ----D- C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 30/04/2011 - 16:40:36 - [32660770] ----D- C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 10/04/2011 - 15:42:10 - [26521] ----D- C:\Program Files (x86)\MSBuild
O43 - CFD: 09/04/2011 - 11:17:52 - [76322555] ----D- C:\Program Files (x86)\QuickTime
O43 - CFD: 08/04/2011 - 18:09:26 - [5936185] ----D- C:\Program Files (x86)\Realtek
O43 - CFD: 14/07/2009 - 07:32:40 - [39159041] ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 20/04/2011 - 21:02:48 - [19444649] ----D- C:\Program Files (x86)\Splashtop
O43 - CFD: 10/04/2011 - 04:06:56 - [479232] ----D- C:\Program Files (x86)\SystemRequirementsLab
O43 - CFD: 08/04/2011 - 18:23:50 - [0] --H-D- C:\Program Files (x86)\Temp
O43 - CFD: 16/05/2011 - 17:28:10 - [413812] ----D- C:\Program Files (x86)\Trend Micro
O43 - CFD: 10/04/2011 - 15:00:12 - [19557952] ----D- C:\Program Files (x86)\Ubisoft
O43 - CFD: 14/07/2009 - 06:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 09/04/2011 - 12:02:40 - [399736] ----D- C:\Program Files (x86)\uTorrent
O43 - CFD: 09/04/2011 - 09:48:14 - [82554289] ----D- C:\Program Files (x86)\VideoLAN
O43 - CFD: 14/07/2009 - 17:24:10 - [524800] ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD: 11/04/2011 - 20:17:02 - [61030375] ----D- C:\Program Files (x86)\Windows Live
O43 - CFD: 10/04/2011 - 16:29:22 - [6181376] ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD: 10/04/2011 - 16:29:22 - [5024017] ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 14/07/2009 - 07:32:40 - [12197556] ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 10/04/2011 - 16:29:22 - [4417800] ----D- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 10/04/2011 - 16:29:22 - [189952] ----D- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 10/04/2011 - 16:29:22 - [5994626] ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 16/05/2011 - 22:21:58 - [3829597] ----D- C:\Program Files (x86)\ZHPDiag
O43 - CFD: 21/04/2011 - 17:44:42 - [31116142] ----D- C:\Program Files (x86)\Common Files\Adobe AIR
O43 - CFD: 09/04/2011 - 11:18:10 - [98096419] ----D- C:\Program Files (x86)\Common Files\Apple
O43 - CFD: 08/04/2011 - 17:59:14 - [198408] ----D- C:\Program Files (x86)\Common Files\ATI Technologies
O43 - CFD: 10/04/2011 - 15:41:54 - [99136] ----D- C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 08/04/2011 - 17:48:38 - [9345028] ----D- C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 10/04/2011 - 10:28:12 - [1247175] ----D- C:\Program Files (x86)\Common Files\Java
O43 - CFD: 11/04/2011 - 20:11:12 - [209676464] ----D- C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 08/04/2011 - 17:46:32 - [162236] ----D- C:\Program Files (x86)\Common Files\postureAgent
O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files (x86)\Common Files\Services
O43 - CFD: 14/07/2009 - 05:20:10 - [41103783] ----D- C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 10/04/2011 - 15:40:06 - [10861683] ----D- C:\Program Files (x86)\Common Files\System
O43 - CFD: 11/04/2011 - 20:08:46 - [104913358] ----D- C:\Program Files (x86)\Common Files\Windows Live
0
Réponse 12 / 21
gdbod Messages postés 14 Statut Membre
 
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5C000000000000000000000068EF1800] - 16/05/2011 - 20:48:59 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1354291]
O44 - LFC:[MD5.485055033BCDDFDE56325C0D2FEEA4F2] - 16/05/2011 - 20:46:03 ---A- . (...) -- C:\Windows\KMSEmulator.exe [151552]
O44 - LFC:[MD5.7907E14F9BCF3A4689C9A74A1A873CB6] - 16/05/2011 - 20:46:02 ---A- . (.Windows (R) Server 2003 DDK provider - GIGABYTE Tools.) -- C:\Windows\gdrv.sys [25640]
O44 - LFC:[MD5.9982DE5B241F4776F71698EB4D4FC7E9] - 16/05/2011 - 20:45:50 ---A- . (...) -- C:\Windows\setupact.log [168]
O44 - LFC:[MD5.E8CDEAAC90FB1B5DA5E5CDD8B47DACD1] - 16/05/2011 - 20:45:45 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.F243654FA467C2589709C9A9395F2F99] - 16/05/2011 - 20:44:46 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [11550]
O44 - LFC:[MD5.CDA7488584D6D2098F05B37F73B9D80F] - 16/05/2011 - 19:32:10 ---A- . (...) -- C:\ComboFix.txt [33849]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 16/05/2011 - 19:31:15 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 16/05/2011 - 19:27:28 ---A- . (.NirSoft - NirCmd.) -- C:\Windows\NIRCMD.exe [31232]
O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 16/05/2011 - 19:27:28 ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\Windows\SWREG.exe [161792]
O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 16/05/2011 - 19:27:28 ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\Windows\SWSC.exe [136704]
O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 16/05/2011 - 19:26:33 ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\Windows\SWXCACLS.exe [212480]
O44 - LFC:[MD5.8126331FBD4ED29EB3B356F9C905064D] - 16/05/2011 - 16:58:37 ---A- . (...) -- C:\Windows\GVTDrv64.sys [30528]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/05/2011 - 16:54:39 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.2322AC4F74D5033E8AF0EBD85DFC677B] - 14/05/2011 - 09:28:45 ---A- . (.mst software GmbH, Germany - mst Defrag SDK Boot.) -- C:\Windows\SysNative\DfSdkBt.exe [34304]
O44 - LFC:[MD5.5E8BD3CD544F8AB0B9A3843114ED8301] - 04/05/2011 - 20:06:19 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1549700]
O44 - LFC:[MD5.2EEED9DB556A580D008C133988A10DFD] - 04/05/2011 - 20:06:19 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [106190]
O44 - LFC:[MD5.F4987B1AFDACCE3D56B54D7165E7ED10] - 04/05/2011 - 20:06:19 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [130548]
O44 - LFC:[MD5.0978E4F75377A469D024D85F61700A33] - 04/05/2011 - 20:06:19 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [615810]
O44 - LFC:[MD5.E3296C607657B2E664732719A65ABF83] - 04/05/2011 - 20:06:19 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [704242]
O44 - LFC:[MD5.A10C7A2FE64368251D8B96733AF5F504] - 21/04/2011 - 18:22:06 ---A- . (...) -- C:\Windows\SysNative\LexFiles.ulf [80368]
O44 - LFC:[MD5.FDBFC8E6AADE302E1B475D343B46376F] - 21/04/2011 - 18:21:50 ---A- . (.Pas de propriétaire - VendorSetup.) -- C:\Windows\SysNative\lxdxvs.dll [109056]
O44 - LFC:[MD5.CB9253F26497B08F50758A8C6EBB913C] - 21/04/2011 - 18:21:40 ---A- . (.Lexmark International - config.) -- C:\Windows\SysNative\lxdxcfg64.dll [65536]
O44 - LFC:[MD5.96B87C87AA642E1D2D327B0BCA60DB6B] - 21/04/2011 - 18:21:40 ---A- . (.Pas de propriétaire - Data Retriever.) -- C:\Windows\SysNative\lxdxdrs64.dll [1024512]
O44 - LFC:[MD5.F969B05D533BD336E87608BEFA49E847] - 21/04/2011 - 18:21:32 ---A- . (.Lexmark International, Inc. - Cu resource DLL.) -- C:\Windows\System32\lxdxcur.dll [36864]
O44 - LFC:[MD5.F4C30C2554CADAB331F9537219CE67EC] - 21/04/2011 - 18:21:32 ---A- . (.Lexmark International, Inc. - Ins resource DLL.) -- C:\Windows\System32\lxdxinsr.dll [114688]
O44 - LFC:[MD5.6C3B27F361E81A6371BA58278F83667E] - 21/04/2011 - 18:21:32 ---A- . (.Lexmark International, Inc. - Jsw resource DLL.) -- C:\Windows\System32\lxdxjswr.dll [151552]
O44 - LFC:[MD5.123C88D04DEAA92844FC7A74E7CCB8D6] - 21/04/2011 - 18:21:32 ---A- . (.Lexmark International, Inc. - Lexmark WebUpdater Dynamic Link Library.) -- C:\Windows\SysNative\lxdxwupd.dll [110592]
O44 - LFC:[MD5.7202853DC710A2823B6B47BE4206E949] - 21/04/2011 - 18:21:32 ---A- . (.Lexmark International, Inc. - Lexmark WebUpdater Executable.) -- C:\Windows\SysNative\lxdxwupd.exe [11264]
O44 - LFC:[MD5.A6A3FB8EADA1295AC8A44FF06973E91A] - 21/04/2011 - 18:21:32 ---A- . (.Lexmark International, Inc. - utilities DLL.) -- C:\Windows\System32\lxdxutil.dll [544768]
O44 - LFC:[MD5.FB4B0660FE73893558FCC46BEC908721] - 21/04/2011 - 18:21:32 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxiesc.dll [339968]
O44 - LFC:[MD5.D040785BA94FAA006115C008C26120CD] - 21/04/2011 - 18:21:32 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxinpa.dll [364544]
O44 - LFC:[MD5.CB9253F26497B08F50758A8C6EBB913C] - 21/04/2011 - 18:21:31 ---A- . (.Lexmark International - config.) -- C:\Windows\System32\LXDXcfg.dll [77906]
O44 - LFC:[MD5.F6E680BD9546E67BE46D11B21ABD651E] - 21/04/2011 - 18:21:31 ---A- . (.Lexmark International, Inc. - CU bitmap resource DLL.) -- C:\Windows\System32\lxdxcub.dll [90112]
O44 - LFC:[MD5.2974C519B87DD96554C51799F3B43291] - 21/04/2011 - 18:21:31 ---A- . (.Lexmark International, Inc. - Cu DLL.) -- C:\Windows\System32\lxdxcu.dll [77824]
O44 - LFC:[MD5.1F5D3642C5A936371C1A7E2CD80A9235] - 21/04/2011 - 18:21:31 ---A- . (.Lexmark International, Inc. - INS bitmap resource DLL.) -- C:\Windows\System32\lxdxinsb.dll [200704]
O44 - LFC:[MD5.C0372BCB13ACA52F6239C7464A3D864F] - 21/04/2011 - 18:21:31 ---A- . (.Lexmark International, Inc. - ins DLL.) -- C:\Windows\System32\lxdxins.dll [176128]
O44 - LFC:[MD5.C33FBABBB81047F634ABC5E47BD81C6B] - 21/04/2011 - 18:21:31 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxcfg.exe [360448]
O44 - LFC:[MD5.2591008941B08869C6B0362436E72CD7] - 21/04/2011 - 18:21:31 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxcomc.dll [851968]
O44 - LFC:[MD5.819766166E2D432F68D14675C6438384] - 21/04/2011 - 18:21:31 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxcomm.dll [376832]
O44 - LFC:[MD5.C33DB2399CF1AB7B8C9306A3CF3E8C80] - 21/04/2011 - 18:21:31 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxcoms.exe [589824]
O44 - LFC:[MD5.132D8AB0ECE6C6807A5F21008AAFE7E5] - 21/04/2011 - 18:21:31 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxhbn3.dll [663552]
O44 - LFC:[MD5.C08423BB1853BEA6E7B965721845702F] - 21/04/2011 - 18:21:31 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxih.exe [315392]
O44 - LFC:[MD5.24C33C8E58A8FAEF423D136821D2BB75] - 21/04/2011 - 18:21:31 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxlmpm.dll [569344]
O44 - LFC:[MD5.52B9BCB492C28B26446D0DFA31C6BB87] - 21/04/2011 - 18:21:31 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxpmui.dll [647168]
O44 - LFC:[MD5.F66D81F8C4659E13EB7477EC7AD2C743] - 21/04/2011 - 18:21:31 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxprox.dll [53248]
O44 - LFC:[MD5.BD7BF1C34B99C14308BE1DF3D50ADA69] - 21/04/2011 - 18:21:31 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxserv.dll [1105920]
O44 - LFC:[MD5.33ADE76B850894DA32119936F730D32D] - 21/04/2011 - 18:21:31 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxusb1.dll [843776]
O44 - LFC:[MD5.CB9253F26497B08F50758A8C6EBB913C] - 21/04/2011 - 18:21:21 ---A- . (.Lexmark International - config.) -- C:\Windows\SysNative\LXDXcfg.dll [65536]
O44 - LFC:[MD5.F6E680BD9546E67BE46D11B21ABD651E] - 21/04/2011 - 18:21:21 ---A- . (.Lexmark International, Inc. - CU bitmap resource DLL.) -- C:\Windows\SysNative\lxdxcub.dll [73216]
O44 - LFC:[MD5.2974C519B87DD96554C51799F3B43291] - 21/04/2011 - 18:21:21 ---A- . (.Lexmark International, Inc. - Cu DLL.) -- C:\Windows\SysNative\lxdxcu.dll [101888]
O44 - LFC:[MD5.F969B05D533BD336E87608BEFA49E847] - 21/04/2011 - 18:21:21 ---A- . (.Lexmark International, Inc. - Cu resource DLL.) -- C:\Windows\SysNative\lxdxcur.dll [24064]
O44 - LFC:[MD5.1F5D3642C5A936371C1A7E2CD80A9235] - 21/04/2011 - 18:21:21 ---A- . (.Lexmark International, Inc. - INS bitmap resource DLL.) -- C:\Windows\SysNative\lxdxinsb.dll [183296]
O44 - LFC:[MD5.F4C30C2554CADAB331F9537219CE67EC] - 21/04/2011 - 18:21:21 ---A- . (.Lexmark International, Inc. - Ins resource DLL.) -- C:\Windows\SysNative\lxdxinsr.dll [97280]
O44 - LFC:[MD5.6C3B27F361E81A6371BA58278F83667E] - 21/04/2011 - 18:21:21 ---A- . (.Lexmark International, Inc. - Jsw resource DLL.) -- C:\Windows\SysNative\lxdxjswr.dll [134656]
O44 - LFC:[MD5.C0372BCB13ACA52F6239C7464A3D864F] - 21/04/2011 - 18:21:21 ---A- . (.Lexmark International, Inc. - ins DLL.) -- C:\Windows\SysNative\lxdxins.dll [235520]
O44 - LFC:[MD5.A6A3FB8EADA1295AC8A44FF06973E91A] - 21/04/2011 - 18:21:21 ---A- . (.Lexmark International, Inc. - utilities DLL.) -- C:\Windows\SysNative\lxdxutil.dll [758272]
O44 - LFC:[MD5.E7495D35998AE403514414583EE785C1] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\LXDXhcp.dll [675328]
O44 - LFC:[MD5.C33FBABBB81047F634ABC5E47BD81C6B] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxcfg.exe [598528]
O44 - LFC:[MD5.2591008941B08869C6B0362436E72CD7] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxcomc.dll [1472512]
O44 - LFC:[MD5.819766166E2D432F68D14675C6438384] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxcomm.dll [578560]
O44 - LFC:[MD5.C33DB2399CF1AB7B8C9306A3CF3E8C80] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxcoms.exe [1039872]
O44 - LFC:[MD5.132D8AB0ECE6C6807A5F21008AAFE7E5] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxhbn3.dll [1069056]
O44 - LFC:[MD5.FB4B0660FE73893558FCC46BEC908721] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxiesc.dll [509952]
O44 - LFC:[MD5.C08423BB1853BEA6E7B965721845702F] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxih.exe [514048]
O44 - LFC:[MD5.D040785BA94FAA006115C008C26120CD] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxinpa.dll [545792]
O44 - LFC:[MD5.24C33C8E58A8FAEF423D136821D2BB75] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxlmpm.dll [884736]
O44 - LFC:[MD5.52B9BCB492C28B26446D0DFA31C6BB87] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxpmui.dll [977920]
O44 - LFC:[MD5.F66D81F8C4659E13EB7477EC7AD2C743] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxprox.dll [47104]
O44 - LFC:[MD5.BD7BF1C34B99C14308BE1DF3D50ADA69] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxserv.dll [1734144]
O44 - LFC:[MD5.33ADE76B850894DA32119936F730D32D] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysNative\lxdxusb1.dll [1319936]
O44 - LFC:[MD5.199D043204E19FFB06E4D4151FB9C427] - 21/04/2011 - 18:21:21 ---A- . (.Pas de propriétaire - grd DLL.) -- C:\Windows\SysNative\lxdxgrd.dll [300032]
O44 - LFC:[MD5.7BF67538EBBC2FB7D3857E255846A581] - 21/04/2011 - 18:20:29 ---A- . (.Pas de propriétaire - Generic CoInstaller.) -- C:\Windows\SysNative\lxdxcoin.dll [745984]
O44 - LFC:[MD5.9DAA7218961710008D7385B01BD3F386] - 08/11/2010 - 00:20:24 ---A- . (...) -- C:\Windows\MBR.exe [89088]
O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 26/04/2010 - 14:58:12 ---A- . (...) -- C:\Windows\PEV.exe [256512]
O44 - LFC:[MD5.D386AA7209F178C060E5911BE12D0402] - 16/10/2009 - 12:29:47 ---A- . (...) -- C:\Windows\SysNative\lxdx.loc [1875]
O44 - LFC:[MD5.D386AA7209F178C060E5911BE12D0402] - 16/10/2009 - 12:29:47 ---A- . (...) -- C:\Windows\System32\lxdx.loc [1875]
O44 - LFC:[MD5.204C164220C4EB90C714CF993482F1D7] - 19/08/2009 - 08:06:23 ---A- . (...) -- C:\Windows\SysNative\lxdxcaps64.dll [25600]
O44 - LFC:[MD5.F779B1C66BE8A0DD9985C717268401BC] - 19/08/2009 - 08:00:12 ---A- . (...) -- C:\Windows\SysNative\lxdxcnv464.dll [54784]
O44 - LFC:[MD5.838A7CE3471EF26ACFE0A9EF14B05186] - 11/03/2008 - 01:37:35 ---A- . (...) -- C:\Windows\SysNative\lxdxprpr.chm [64737]
O44 - LFC:[MD5.BF0EBFD8F6496F2213892A0B3FAC1067] - 20/02/2008 - 16:33:14 ---A- . (...) -- C:\Windows\SysNative\LXDXinst.dll [530432]
O44 - LFC:[MD5.BF0EBFD8F6496F2213892A0B3FAC1067] - 20/02/2008 - 15:49:25 ---A- . (...) -- C:\Windows\System32\LXDXinst.dll [348160]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 31/08/2000 - 07:00:00 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 31/08/2000 - 07:00:00 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 31/08/2000 - 07:00:00 ---A- . (...) -- C:\Windows\zip.exe [68096]



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableRegistryTools"=0
O55 - MWPS:[HKCU\...\Policies\System] - "EnableLUA"=0



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDrives"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=0



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339536]
O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [182864]
O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15440]
O58 - SDL:[MD5.D4121AE6D0C0E7E13AA221AA57EF2D49] - 11/03/2011 - 07:41:12 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [107904]
O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys [194128]
O58 - SDL:[MD5.540DAF1CEA6094886D72126FD7C33048] - 11/03/2011 - 07:41:12 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [27008]
O58 - SDL:[MD5.6BE11AD81D4527D299F0CB5F3731AABC] - 10/01/2011 - 17:16:08 ---A- . (...) -- C:\Windows\system32\drivers\AppleCharger.sys [21104]
O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [87632]
O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [97856]
O58 - SDL:[MD5.4BF5BCA6E2608CD8A00BC4A6673A9F47] - 17/11/2010 - 13:04:32 ---A- . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\AtihdW76.sys [115216]
O58 - SDL:[MD5.DCC8177244FE79C61C4E73C65E63922A] - 27/01/2011 - 00:37:20 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [9085952]
O58 - SDL:[MD5.7FE67D107329DC2CF89136A8E19BCEB7] - 27/01/2011 - 23:13:32 ---A- . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys [299520]
O58 - SDL:[MD5.39C2E2870FC0C2AE0595B883CBE716B4] - 04/02/2011 - 11:09:08 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [83120]
O58 - SDL:[MD5.C98FA6E5AD0E857D22716BD2B8B1F399] - 04/02/2011 - 11:09:08 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [116568]
O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 10/06/2009 - 21:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys [270848]
O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432]
O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704]
O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 14/07/2009 - 02:19:07 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [286720]
O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104]
O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976]
O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720]
O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 10/06/2009 - 21:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys [468480]
O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 14/07/2009 - 02:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [17488]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [530496]
O58 - SDL:[MD5.6C17A702399B0205AB7836C2B45CD806] - 26/01/2011 - 07:06:02 ---A- . (.Etron Technology Inc - Etron eXtensible Hub Driver..) -- C:\Windows\system32\drivers\EtronHub3.sys [39808]
O58 - SDL:[MD5.B5348A55CC9541FFA930E30BB0CC8EF6] - 26/01/2011 - 07:06:00 ---A- . (.Etron Technology Inc - Etron eXtensible Host Controller Driver..) -- C:\Windows\system32\drivers\EtronXHCI.sys [64256]
O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 10/06/2009 - 21:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys [3286016]
O58 - SDL:[MD5.E403AACF8C7BB11375122D2464560311] - 18/05/2009 - 12:17:08 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\system32\drivers\GEARAspiWDM.sys [34152]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.A6518DCC42F7A6E999BB3BEA8FD87567] - 19/10/2010 - 16:34:26 ---A- . (.Intel Corporation - Intel(R) Management Engine Interface.) -- C:\Windows\system32\drivers\HECIx64.sys [56344]
O58 - SDL:[MD5.39D2ABCD392F3D8A6DCE7B60AE7B8EFC] - 20/11/2010 - 14:33:35 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [78720]
O58 - SDL:[MD5.AAAF44DB3BD0B9D1FB6969B23ECC8366] - 11/03/2011 - 07:41:26 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys [410496]
O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 14/07/2009 - 02:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44112]
O58 - SDL:[MD5.413ECDCFAD9A82804D3674C8D7EEC24E] - 17/09/2010 - 14:39:58 ---A- . (.LogMeIn, Inc. - LogMeIn Mirror Miniport Driver.) -- C:\Windows\system32\drivers\lmimirr.sys [11552]
O58 - SDL:[MD5.C57D3FAA50E6F395759FFB7C709BD944] - 17/09/2010 - 14:40:06 ---A- . (.LogMeIn, Inc. - LogMeIn Rfs Drivemap Driver.) -- C:\Windows\system32\drivers\LMIRfsDriver.sys [72216]
O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [114752]
O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [106560]
O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [65600]
O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [115776]
O58 - SDL:[MD5.3D3C4B63F11F63F50253E734F0ACE9F2] - 20/12/2010 - 17:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [24152]
O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys [35392]
O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [284736]
O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 14/07/2009 - 02:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51264]
O58 - SDL:[MD5.0A92CB65770442ED0DC44834632F66AD] - 11/03/2011 - 07:41:34 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [148352]
O58 - SDL:[MD5.DAB0E87525C10052BF65F06152F37E4A] - 11/03/2011 - 07:41:34 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [166272]
O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 14/07/2009 - 02:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1524816]
O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 14/07/2009 - 02:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [128592]
O58 - SDL:[MD5.58435613C2537715A9423597EC6635CC] - 08/12/2010 - 11:21:16 ---A- . (.LogMeIn, Inc. - RemotelyAnywhereDpmsSecure Device Driver.) -- C:\Windows\system32\drivers\radpms.sys [14944]
O58 - SDL:[MD5.712944C0A377E9B8743F95BD83E882D4] - 24/12/2010 - 08:32:54 ---A- . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver.) -- C:\Windows\system32\drivers\Rt64win7.sys [412264]
O58 - SDL:[MD5.13089F31AA37CDE1CE3784EE01A48484] - 25/01/2011 - 17:54:04 ---A- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHD64.sys [2727912]
O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 10/06/2009 - 21:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040]
O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 14/07/2009 - 02:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [43584]
O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 14/07/2009 - 02:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [80464]
O58 - SDL:[MD5.07000000000000000000000068EF1800] - 10/04/2011 - 00:00:00 ---A- . (...) -- C:\Windows\system32\drivers\sptd.sys [834544]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [24656]
O58 - SDL:[MD5.54D4B48D443E7228BF64CF7CDC3118AC] - 18/02/2011 - 15:36:58 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\system32\drivers\usbaapl64.sys [51712]
O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [17488]
O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [161872]
O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 17:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys [38224]



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM][64Bits] -- Ad-Remover
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM][64Bits] -- ZHPDiag_is1
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM][64Bits] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\DRIVERS\atikmdag.sys - amdkmdag(amdkmdag) .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - C:\Windows\System32\DRIVERS\AppleCharger.sys - AppleCharger (AppleCharger) .(...) - LEGACY_APPLECHARGER
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\DRIVERS\avgntflt.sys - avgntflt(avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT
O64 - Services: CurCS - 30/12/1899 - C:\Windows\System32\DRIVERS\avipbb.sys - avipbb(avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB
O64 - Services: CurCS - C:\Windows\system32\Drivers\BEEP.sys - (.not file.) - Beep (Beep) .(...) - LEGACY_BEEP
O64 - Services: CurCS - 30/08/2010 - C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys - driverhardwarev2x64(driverhardwarev2x64) .(.CybelSoft - Driver NT Ma-Config.com.) - LEGACY_DRIVERHARDWAREV2X64
O64 - Services: CurCS - 09/04/2011 - C:\Windows\etdrv.sys - etdrv(etdrv) .(.Windows (R) Server 2003 DDK provider - GIGABYTE Tools.) - LEGACY_ETDRV
O64 - Services: CurCS - C:\Windows\system32\Drivers\FASTFAT.sys - (.not file.) - FAT12/16/32 File System Driver (fastfat) .(...) - LEGACY_FASTFAT
O64 - Services: CurCS - C:\Windows\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(...) - LEGACY_FS_REC
O64 - Services: CurCS - 16/05/2011 - C:\Windows\gdrv.sys - gdrv(gdrv) .(.Windows (R) Server 2003 DDK provider - GIGABYTE Tools.) - LEGACY_GDRV
O64 - Services: CurCS - C:\Windows\GVTDrv64.sys - GVTDrv64 (GVTDrv64) .(...) - LEGACY_GVTDRV64
O64 - Services: CurCS - D:\Installation programmes\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys - Ashampoo LiveTuner ProcessMonitor Driver (LiveTunerPM) .(...) - LEGACY_LIVETUNERPM
O64 - Services: CurCS - 17/09/2010 - D:\Installation programmes\LogMeIn\x64\RaInfo.sys - LogMeIn Kernel Information Provider(LMIInfo) .(.LogMeIn, Inc. - RemotelyAnywhere Kernel Information Provide.) - LEGACY_LMIINFO
O64 - Services: CurCS - 30/12/1899 - C:\Windows\system32\drivers\LMIRfsDriver.sys - LogMeIn Remote File System Driver(LMIRfsDriver) .(.LogMeIn, Inc. - LogMeIn Rfs Drivemap Driver.) - LEGACY_LMIRFSDRIVER
O64 - Services: CurCS - C:\Windows\system32\Drivers\MSFS.sys - Msfs (Msfs) .(...) - LEGACY_MSFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(...) - LEGACY_NDPROXY
O64 - Services: CurCS - C:\Windows\system32\Drivers\NPFS.sys - Npfs (Npfs) .(...) - LEGACY_NPFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NTFS.sys - Ntfs (Ntfs) .(...) - LEGACY_NTFS
O64 - Services: CurCS - C:\Windows\system32\Drivers\NULL.sys - Null (Null) .(...) - LEGACY_NULL
O64 - Services: CurCS - (.not file.) - PROCEXP113 (PROCEXP113) .(...) - LEGACY_PROCEXP113
O64 - Services: CurCS - C:\Windows\system32\Drivers\SECDRV.sys - (.not file.) - Security Driver (secdrv) .(...) - LEGACY_SECDRV
O64 - Services: CurCS - C:\Windows\system32\Drivers\SPLDR.sys - (.not file.) - Security Processor Loader Driver (spldr) .(...) - LEGACY_SPLDR
O64 - Services: CurCS - C:\Windows\System32\Drivers\sptd.sys - sptd (sptd) .(...) - LEGACY_SPTD



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <ComFile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.com> <ComFile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (@ieframe.dll,-12512) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {05AD2802-DFF2-4c43-B5CE-0F1EEB3D8EF7} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {20308830-C8CA-469a-94A8-4E15A6A4BC04} - (Yahoo) - https://fr.search.yahoo.com/



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.5F877D4957B9E034FD4B66E048D44ED6] [SPRF] (.Ask - Wrapper Application.) -- C:\Users\Bool\AppData\Local\Temp\setup.exe [3325832]



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)
O87 - FAEL: "FPS-SpoolSvc-In-TCP" |In - Private - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" |Out - Domain - P6 - TRUE | .(...) -- C:\Windows\system32\lsass.exe (.not file.)
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.)
O87 - FAEL: "RemoteSvcAdmin-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "SPPSVC-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\sppsvc.exe (.not file.)
O87 - FAEL: "SPPSVC-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\sppsvc.exe (.not file.)
O87 - FAEL: "{45928543-EA10-4ACC-B658-56C8E1C20F67}" | In - Public - P6 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files (x86)\ma-config.com\maconfservice.exe
O87 - FAEL: "{55C75073-1611-4B67-A78E-08021D4F153F}" | In - Public - P17 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files (x86)\ma-config.com\maconfservice.exe
O87 - FAEL: "{72E9AD90-D986-4AE6-A7D5-5F20ECEA2613}" | In - Public - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O87 - FAEL: "{AA3570C0-29F3-442D-8BBC-D3ABE647F73F}" | In - Public - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O87 - FAEL: "{2A965BB0-DAD0-403C-A632-AABEA1BE9B42}" | In - None - P17 - TRUE | .(.Apple Inc. - iTunes.) -- C:\Program Files (x86)\iTunes\iTunes.exe
O87 - FAEL: "{E2C9930E-579D-4FC6-A23E-CE937A1B3A1B}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{02F5CD91-238C-4119-98ED-1FAFB36A46C4}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{32342EBB-5468-4BBE-86EC-98FD2A166472}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
O87 - FAEL: "{1AE5E2BE-7628-455D-8C71-6ACED609C03A}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
O87 - FAEL: "{4267CA5E-595C-46B9-A1CB-FE1FFC8E6A1B}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\SysWOW64\PnkBstrA.exe
O87 - FAEL: "{5922CFEB-EAB8-4F35-9A7A-5F74871A16A3}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\PnkBstrA.exe
O87 - FAEL: "{3014AFF7-1FC5-4498-96AC-C70526B0693A}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\SysWOW64\PnkBstrB.exe
O87 - FAEL: "{8232A7A7-F9AE-492C-B27C-87440D45BC2A}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\PnkBstrB.exe
O87 - FAEL: "{4A5B1E15-2108-4EF1-9849-52F6C5A85A79}" | In - Public - P6 - TRUE | .(...) -- D:\Installation jeux\Assassin's Creed Brotherhood\ACBSP.exe
O87 - FAEL: "{F9440E5B-2100-4604-A5EC-05BD14D029FF}" | In - Public - P17 - TRUE | .(...) -- D:\Installation jeux\Assassin's Creed Brotherhood\ACBSP.exe
O87 - FAEL: "{4B462534-B99B-47C9-A87A-13C67E9A3294}" | In - Public - P6 - TRUE | .(...) -- D:\Installation jeux\Assassin's Creed Brotherhood\ACBMP.exe
O87 - FAEL: "{C76CF551-E3B5-41DE-B77E-6B34AC33D5A2}" | In - Public - P17 - TRUE | .(...) -- D:\Installation jeux\Assassin's Creed Brotherhood\ACBMP.exe
O87 - FAEL: "{142E1698-0681-48AF-8A84-ADE840AC4850}" | In - Public - P6 - TRUE | .(...) -- D:\Installation jeux\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
O87 - FAEL: "{3D938355-2E13-47E6-9B81-B9140FE7D0EB}" | In - Public - P17 - TRUE | .(...) -- D:\Installation jeux\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
O87 - FAEL: "{AD40C46C-2166-4F75-9F9F-703AB2954722}" | In - Public - P6 - TRUE | .(.Ubisoft Entertainment - UPlayBrowser Application.) -- D:\Installation jeux\Assassin's Creed Brotherhood\UPlayBrowser.exe
O87 - FAEL: "{0453AD7B-E964-4CD3-BDB3-005C74D2A818}" | In - Public - P17 - TRUE | .(.Ubisoft Entertainment - UPlayBrowser Application.) -- D:\Installation jeux\Assassin's Creed Brotherhood\UPlayBrowser.exe
O87 - FAEL: "TCP Query User{6C9CA361-1358-4771-9CCA-140D139A0DED}C:\windows\kmsemulator.exe" | In - Public - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe
O87 - FAEL: "UDP Query User{734458E2-2A70-4E85-AA6B-F7B30C0CCC43}C:\windows\kmsemulator.exe" | In - Public - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe
O87 - FAEL: "{FD2CDA8E-45CB-4363-A2BB-51037AB5B5F0}" | In - None - P6 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O87 - FAEL: "{AE39BD65-2733-4BF6-865D-AA09FA56B59F}" |In - Public - P6 - TRUE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.)
O87 - FAEL: "TCP Query User{44BB9D34-1769-4E82-AA43-067EAC11BFF8}C:\users\bool\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\bool\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.)
O87 - FAEL: "UDP Query User{80EA6A9B-5363-42DD-96F7-D145C925552D}C:\users\bool\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\bool\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.)
O87 - FAEL: "{D27106E4-2F8A-4B48-8567-74BB0E20C0BC}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysWOW64\lxdxcoms.exe
O87 - FAEL: "{2C1B7C0F-B6BF-436B-B40D-21C9502D6079}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - Printer Communication System.) -- C:\Windows\SysWOW64\lxdxcoms.exe
O87 - FAEL: "{99EBB243-FF8D-4337-A133-E7EE51962F75}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxcoms.exe
O87 - FAEL: "{711F254D-A362-4FF6-8B4A-C1C05948467B}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxcoms.exe
O87 - FAEL: "{2B485357-4CAB-4A6E-8F6D-777B50F1E40C}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe
O87 - FAEL: "{F2A6A94F-41E5-423A-A9AA-19A4579791A2}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe
O87 - FAEL: "{FCDEF244-BF5A-499C-A283-F3F3F85F0CFC}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - Printing Application.) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\frun.exe
O87 - FAEL: "{A26F76DB-8C96-484D-917B-1FB5ED0D7107}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - Printing Application.) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\frun.exe
O87 - FAEL: "{0ED2DEA3-1F39-4471-9918-DBECBD005C6D}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - Printer Device Monitor.) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
O87 - FAEL: "{A1E5E9BB-A205-433E-8BDB-AE5D2B92EF68}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - Printer Device Monitor.) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
O87 - FAEL: "{273E98A1-1E49-4657-85BC-EDC10830F24F}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - Printer Status Window Interface.) -- C:\Windows\System32\spool\drivers\x64\3\lxdxpswx.exe
O87 - FAEL: "{7663D90F-BF1C-49F0-85CE-B4754C59F6FD}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - Printer Status Window Interface.) -- C:\Windows\System32\spool\drivers\x64\3\lxdxpswx.exe
O87 - FAEL: "{708F32EB-7F4A-4116-B74C-D6132A4E81B1}" | In - Public - P6 - TRUE | .(.Lexmark International, Inc. - Lexmark Connect Time Executable.) -- C:\Windows\System32\spool\drivers\x64\3\lxdxtime.exe
O87 - FAEL: "{DB8EECD0-DE58-4CAD-B87A-4CBCE776AD99}" | In - Public - P17 - TRUE | .(.Lexmark International, Inc. - Lexmark Connect Time Executable.) -- C:\Windows\System32\spool\drivers\x64\3\lxdxtime.exe
O87 - FAEL: "{BA7E56CD-9FA3-4A8A-B21A-597396007BDA}" | In - Public - P6 - TRUE | .(.Lexmark International, Inc. - Lexmark Connect Time Executable.) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxtime.exe
O87 - FAEL: "{2CF947D5-AEC1-44E5-A51A-CDA0F9E8913B}" | In - Public - P17 - TRUE | .(.Lexmark International, Inc. - Lexmark Connect Time Executable.) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxtime.exe
O87 - FAEL: "{8D86445E-3853-4174-9F18-0E04DE8DE6AA}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - Job Status Window Interface.) -- C:\Windows\System32\spool\drivers\x64\3\lxdxjswx.exe
O87 - FAEL: "{557698E7-484A-47DA-BC49-AAB7A5BCD372}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - Job Status Window Interface.) -- C:\Windows\System32\spool\drivers\x64\3\lxdxjswx.exe
O87 - FAEL: "{A18F7CAA-5CE3-4DB6-BCFC-2C07BA7A6C59}" | In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\Wireless\lxdxwpss.exe
O87 - FAEL: "{6560488A-181C-4387-9055-F2F81D1B1AD3}" | In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Lexmark 3600-4600 Series\Wireless\lxdxwpss.exe
O87 - FAEL: "{F4180F52-FCB9-4554-A430-83C27695AC6B}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxcfg.exe
O87 - FAEL: "{952331F2-1CB8-4797-B2DE-F9D77EF32320}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - Printer Communication System.) -- C:\Windows\System32\lxdxcfg.exe
O87 - FAEL: "TCP Query User{1D631C51-F933-46D2-B07A-E77F37AFE09A}C:\program files (x86)\mozilla firefox\plugin-container.exe" | In - Public - P6 - TRUE | .(.Mozilla Corporation.) -- C:\program files (x86)\mozilla firefox\plugin-container.exe
O87 - FAEL: "UDP Query User{4A088D51-D3E5-4FC1-83DF-99C8D9551B97}C:\program files (x86)\mozilla firefox\plugin-container.exe" | In - Public - P17 - TRUE | .(.Mozilla Corporation.) -- C:\program files (x86)\mozilla firefox\plugin-container.exe
O87 - FAEL: "TCP Query User{C9E75F90-9B30-4E3D-9CE0-AAEAA023AB2E}D:\installation jeux\portal 2\portal2.exe" | In - Public - P6 - TRUE | .(...) -- D:\installation jeux\portal 2\portal2.exe
O87 - FAEL: "UDP Query User{7F160AE9-49DC-4452-A55D-C8182ADA7C91}D:\installation jeux\portal 2\portal2.exe" | In - Public - P17 - TRUE | .(...) -- D:\installation jeux\portal 2\portal2.exe
O87 - FAEL: "{EC81488F-4400-4A81-B02B-91E0D610640A}" | In - None - P17 - TRUE | .(.Splashtop Inc. - Splashtop® Remote Streamer.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
O87 - FAEL: "{B5B81AD3-35CB-43F1-8F27-56D38E4EE462}" | In - None - P17 - TRUE | .(.Splashtop Inc. - Splashtop® Remote Streamer Feature.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
O87 - FAEL: "{032F744A-2087-4464-B8CE-60F711B4E115}" | In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe
O87 - FAEL: "{AEDA6F94-77F6-431C-9713-6FB562494A6B}" | In - None - P17 - TRUE | .(.Splashtop, Inc. - Splashtop® Remote Streamer Input Server.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\inputserv.exe



---\\ Scan Additionnel (O88)
Database Version : 7434 - (14/05/2011)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKCR\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Adware.AskSBar
[HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF] =>Adware.AskSBar
[HKCU\Software\cacaoweb] =>Adware.Agent
[HKCU\Software\AppDataLow\Software\uTorrentBar_FR] =>Toolbar.Conduit
C:\Users\Bool\Appdata\LocalLow\uTorrentBar_FR =>Toolbar.Conduit



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 0 | (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe
SR - | Auto 27/04/2011 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 09/04/2011 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 18/02/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Demand 18/02/2011 0 | (AppleChargerSrv) . (...) - c:\system32\AppleChargerSrv.exe
SR - | Auto 07/10/2010 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
SS - | Demand 12/05/2011 544768 | (DfSdkS) . (.mst software GmbH, Germany.) - D:\Installation programmes\Ashampoo WinOptimizer 8\DfsdkS64.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 07/03/2011 934176 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 01/03/2011 373640 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - D:\Installation programmes\LogMeIn\x64\LMIGuardianSvc.exe
SR - | Auto 01/03/2011 147336 | (LMIMaint) . (.LogMeIn, Inc..) - D:\Installation programmes\LogMeIn\x64\RaMaint.exe
SR - | Auto 22/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 08/11/2010 407424 | (LogMeIn) . (.LogMeIn, Inc..) - D:\Installation programmes\LogMeIn\x64\LogMeIn.exe
SS - | Auto 16/10/2009 29184 | (lxdxCATSCustConnectService) . (.Lexmark International, Inc..) - C:\Windows\system32\spool\DRIVERS\x64\3\lxdxserv.exe
SR - | Auto 16/10/2009 589824 | (lxdx_device) . (...) - C:\Windows\system32\lxdxcoms.exe
SS - | Demand 10/03/2011 311744 | (maconfservice) . (.CybelSoft.) - C:\Program Files (x86)\ma-config.com\maconfservice.exe
SR - | Auto 10/04/2011 75136 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 13/10/2009 114688 | (Smart TimeLock) . (.Gigabyte Technology CO., LTD..) - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
SR - | Auto 11/05/2011 1771336 | (SplashtopRemoteService) . (.Splashtop Inc..) - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
SR - | Auto 08/03/2011 341832 | (SSUService) . (.Splashtop Inc..) - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
SR - | Auto 23/12/2009 370688 | (StarWindServiceAE) . (.StarWind Software.) - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
SR - | Auto 22/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 12/05/2011 884608 | (WO_LiveService) . (...) - D:\Installation programmes\Ashampoo WinOptimizer 8\LiveTunerService.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Bool at 16/05/2011 22:23:09

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin



---\\ Liste des émulateurs de CD/DVD (Hook du MBR)
O58 - SDL:[MD5.07000000000000000000000068EF1800] - 10/04/2011 - 00:00:00 ---A- . (...) -- C:\Windows\system32\drivers\sptd.sys [834544]



End of the scan (1080 lines in 01mn 16s)(0)
0
Réponse 13 / 21
Vent d'ouest Messages postés 714 Statut Membre 41
 
Télécharge TDSS Killer (de Kaspersky Labs) sur ton Bureau:
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
Double-clique sur tdsskiller.exe (sous Vista/Seven, clic droit
dessus, et sur exécuter en tant qu''administrateur)
Clique sur Start Scan

Si TDSS.tdl2 est détecté l''option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
Si Suspicious file est indiqué, laisse l''option cochée sur Skip

A la fin clique sur Reboot Now
Le PC va redémarrer, et un rapport va s''ouvrir
Copie/colle le rapport (il est sauvegardé dans C:\TDSS Killer
N° de version_Date_Heure_log.txt) ');INSERT INTO speeches('category', 'name', 'speech') VALUES ('CCM', 'AD-R Clean', '? Relance AD-Remover, clique sur Nettoyer
Laisse le pc redémarrer.
Une fois revenu sur le bureau, le rapport devrait s''ouvrir : poste son contenu.
S''il ne s''ouvre pas; il se trouve là : C:\AD-Report[CLEAN]1.txt');INSERT INTO speeches('category', 'name', 'speech') VALUES ('CCM', 'FixLop Suppression', '? Relance FixLop et clique sur Suppression
Un backup du registre est effectué, c''est normal
Copie/colle le rapport de suppression.
0
Réponse 14 / 21
gdbod Messages postés 14 Statut Membre
 
2011/05/16 22:48:48.0453 3224 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/16 22:48:48.0562 3224 ================================================================================
2011/05/16 22:48:48.0562 3224 SystemInfo:
2011/05/16 22:48:48.0562 3224
2011/05/16 22:48:48.0562 3224 OS Version: 6.1.7601 ServicePack: 1.0
2011/05/16 22:48:48.0562 3224 Product type: Workstation
2011/05/16 22:48:48.0562 3224 ComputerName: BOOL-PC
2011/05/16 22:48:48.0562 3224 UserName: Bool
2011/05/16 22:48:48.0562 3224 Windows directory: C:\Windows
2011/05/16 22:48:48.0562 3224 System windows directory: C:\Windows
2011/05/16 22:48:48.0562 3224 Running under WOW64
2011/05/16 22:48:48.0562 3224 Processor architecture: Intel x64
2011/05/16 22:48:48.0562 3224 Number of processors: 4
2011/05/16 22:48:48.0562 3224 Page size: 0x1000
2011/05/16 22:48:48.0562 3224 Boot type: Normal boot
2011/05/16 22:48:48.0562 3224 ================================================================================
2011/05/16 22:48:48.0750 3224 Initialize success
2011/05/16 22:49:00.0091 5100 ================================================================================
2011/05/16 22:49:00.0091 5100 Scan started
2011/05/16 22:49:00.0091 5100 Mode: Manual;
2011/05/16 22:49:00.0091 5100 ================================================================================
2011/05/16 22:49:00.0668 5100 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/05/16 22:49:00.0715 5100 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/05/16 22:49:00.0746 5100 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/05/16 22:49:00.0808 5100 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/16 22:49:00.0840 5100 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/16 22:49:00.0871 5100 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/16 22:49:00.0933 5100 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/05/16 22:49:00.0964 5100 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/05/16 22:49:00.0980 5100 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/05/16 22:49:00.0996 5100 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/05/16 22:49:01.0027 5100 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/16 22:49:01.0152 5100 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/16 22:49:01.0214 5100 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/05/16 22:49:01.0245 5100 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/16 22:49:01.0292 5100 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/05/16 22:49:01.0323 5100 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/16 22:49:01.0339 5100 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/05/16 22:49:01.0417 5100 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/05/16 22:49:01.0464 5100 AppleCharger (6be11ad81d4527d299f0cb5f3731aabc) C:\Windows\system32\DRIVERS\AppleCharger.sys
2011/05/16 22:49:01.0510 5100 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/16 22:49:01.0510 5100 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/16 22:49:01.0526 5100 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/16 22:49:01.0588 5100 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/05/16 22:49:01.0620 5100 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/05/16 22:49:01.0666 5100 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/16 22:49:01.0698 5100 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/16 22:49:01.0744 5100 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/16 22:49:01.0776 5100 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/16 22:49:01.0791 5100 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/16 22:49:01.0838 5100 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/16 22:49:01.0885 5100 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/16 22:49:01.0916 5100 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/16 22:49:01.0932 5100 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/16 22:49:01.0963 5100 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/16 22:49:01.0978 5100 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/16 22:49:01.0978 5100 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/16 22:49:01.0994 5100 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/16 22:49:02.0010 5100 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/16 22:49:02.0041 5100 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/16 22:49:02.0088 5100 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/05/16 22:49:02.0103 5100 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/16 22:49:02.0134 5100 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/16 22:49:02.0166 5100 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/16 22:49:02.0181 5100 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/05/16 22:49:02.0228 5100 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/05/16 22:49:02.0259 5100 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/16 22:49:02.0306 5100 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/05/16 22:49:02.0337 5100 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/16 22:49:02.0368 5100 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/05/16 22:49:02.0431 5100 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/05/16 22:49:02.0478 5100 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/16 22:49:02.0509 5100 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/16 22:49:02.0571 5100 driverhardwarev2x64 (3f9933fac064a84a293207f039860de7) C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys
2011/05/16 22:49:02.0618 5100 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/16 22:49:02.0696 5100 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/16 22:49:02.0774 5100 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/16 22:49:02.0821 5100 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/16 22:49:02.0852 5100 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/05/16 22:49:02.0914 5100 etdrv (84486624268e078255bc7aa47f0960bc) C:\Windows\etdrv.sys
2011/05/16 22:49:02.0946 5100 EtronHub3 (6c17a702399b0205ab7836c2b45cd806) C:\Windows\system32\Drivers\EtronHub3.sys
2011/05/16 22:49:02.0961 5100 EtronXHCI (b5348a55cc9541ffa930e30bb0cc8ef6) C:\Windows\system32\Drivers\EtronXHCI.sys
2011/05/16 22:49:02.0992 5100 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/16 22:49:03.0008 5100 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/16 22:49:03.0039 5100 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/16 22:49:03.0055 5100 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/16 22:49:03.0070 5100 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/16 22:49:03.0070 5100 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/16 22:49:03.0117 5100 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/05/16 22:49:03.0164 5100 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/16 22:49:03.0180 5100 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/16 22:49:03.0226 5100 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/16 22:49:03.0242 5100 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/16 22:49:03.0304 5100 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2011/05/16 22:49:03.0351 5100 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/16 22:49:03.0414 5100 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
2011/05/16 22:49:03.0429 5100 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/16 22:49:03.0476 5100 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/05/16 22:49:03.0492 5100 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/05/16 22:49:03.0507 5100 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/16 22:49:03.0538 5100 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/16 22:49:03.0554 5100 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/16 22:49:03.0585 5100 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/16 22:49:03.0616 5100 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/05/16 22:49:03.0694 5100 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/05/16 22:49:03.0741 5100 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/16 22:49:03.0757 5100 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/05/16 22:49:03.0819 5100 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/05/16 22:49:03.0850 5100 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/16 22:49:03.0913 5100 IntcAzAudAddService (13089f31aa37cde1ce3784ee01a48484) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/16 22:49:03.0960 5100 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/05/16 22:49:03.0991 5100 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/16 22:49:04.0053 5100 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/16 22:49:04.0084 5100 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/05/16 22:49:04.0116 5100 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/16 22:49:04.0147 5100 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/16 22:49:04.0194 5100 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/05/16 22:49:04.0225 5100 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/05/16 22:49:04.0240 5100 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/05/16 22:49:04.0272 5100 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/05/16 22:49:04.0318 5100 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/16 22:49:04.0350 5100 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/16 22:49:04.0381 5100 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/16 22:49:04.0490 5100 LiveTunerPM (101cfc3764c27259847188581b185ea6) D:\Installation programmes\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys
2011/05/16 22:49:04.0537 5100 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/16 22:49:04.0599 5100 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) D:\Installation programmes\LogMeIn\x64\RaInfo.sys
2011/05/16 22:49:04.0662 5100 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/05/16 22:49:04.0693 5100 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/05/16 22:49:04.0724 5100 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/16 22:49:04.0740 5100 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/16 22:49:04.0786 5100 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/16 22:49:04.0802 5100 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/16 22:49:04.0802 5100 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/16 22:49:04.0849 5100 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/16 22:49:04.0864 5100 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/16 22:49:04.0896 5100 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/05/16 22:49:04.0927 5100 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/16 22:49:04.0942 5100 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/16 22:49:05.0020 5100 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/05/16 22:49:05.0052 5100 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/16 22:49:05.0098 5100 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/05/16 22:49:05.0161 5100 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/05/16 22:49:05.0176 5100 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/16 22:49:05.0208 5100 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/05/16 22:49:05.0239 5100 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/16 22:49:05.0286 5100 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/16 22:49:05.0317 5100 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/16 22:49:05.0332 5100 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/05/16 22:49:05.0348 5100 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/05/16 22:49:05.0395 5100 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/16 22:49:05.0410 5100 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/16 22:49:05.0426 5100 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/05/16 22:49:05.0457 5100 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/16 22:49:05.0473 5100 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/16 22:49:05.0488 5100 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/16 22:49:05.0520 5100 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/05/16 22:49:05.0551 5100 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/05/16 22:49:05.0566 5100 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/16 22:49:05.0582 5100 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/16 22:49:05.0613 5100 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/16 22:49:05.0660 5100 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/16 22:49:05.0707 5100 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/05/16 22:49:05.0738 5100 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/16 22:49:05.0754 5100 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/16 22:49:05.0800 5100 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/16 22:49:05.0847 5100 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/16 22:49:05.0878 5100 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/05/16 22:49:05.0910 5100 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/16 22:49:05.0941 5100 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/16 22:49:05.0972 5100 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/16 22:49:05.0988 5100 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/16 22:49:06.0003 5100 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/16 22:49:06.0066 5100 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/05/16 22:49:06.0112 5100 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/16 22:49:06.0175 5100 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/05/16 22:49:06.0206 5100 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/05/16 22:49:06.0253 5100 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/05/16 22:49:06.0284 5100 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/05/16 22:49:06.0331 5100 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/16 22:49:06.0362 5100 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/05/16 22:49:06.0409 5100 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/05/16 22:49:06.0424 5100 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/05/16 22:49:06.0440 5100 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/16 22:49:06.0471 5100 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/16 22:49:06.0487 5100 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/16 22:49:06.0580 5100 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/16 22:49:06.0596 5100 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/16 22:49:06.0643 5100 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/16 22:49:06.0690 5100 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/16 22:49:06.0752 5100 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/16 22:49:06.0783 5100 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/16 22:49:06.0814 5100 radpms (58435613c2537715a9423597ec6635cc) C:\Windows\system32\DRIVERS\radpms.sys
2011/05/16 22:49:06.0846 5100 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/16 22:49:06.0877 5100 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/16 22:49:06.0908 5100 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/16 22:49:06.0939 5100 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/16 22:49:06.0939 5100 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/16 22:49:07.0002 5100 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/16 22:49:07.0017 5100 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/16 22:49:07.0048 5100 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/16 22:49:07.0080 5100 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/05/16 22:49:07.0095 5100 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/16 22:49:07.0111 5100 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/16 22:49:07.0142 5100 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/05/16 22:49:07.0204 5100 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/05/16 22:49:07.0236 5100 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/16 22:49:07.0282 5100 RTL8167 (712944c0a377e9b8743f95bd83e882d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/05/16 22:49:07.0329 5100 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/05/16 22:49:07.0360 5100 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/16 22:49:07.0392 5100 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/16 22:49:07.0423 5100 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/16 22:49:07.0485 5100 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/16 22:49:07.0516 5100 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/16 22:49:07.0532 5100 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/16 22:49:07.0579 5100 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/05/16 22:49:07.0594 5100 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/16 22:49:07.0594 5100 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/16 22:49:07.0626 5100 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/16 22:49:07.0641 5100 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/16 22:49:07.0657 5100 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/16 22:49:07.0688 5100 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/16 22:49:07.0735 5100 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/16 22:49:07.0797 5100 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/05/16 22:49:07.0797 5100 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/05/16 22:49:07.0797 5100 sptd - detected LockedFile.Multi.Generic (1)
2011/05/16 22:49:07.0828 5100 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/05/16 22:49:07.0875 5100 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/16 22:49:07.0922 5100 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/16 22:49:07.0984 5100 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/16 22:49:08.0031 5100 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/05/16 22:49:08.0062 5100 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/05/16 22:49:08.0078 5100 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/05/16 22:49:08.0140 5100 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/05/16 22:49:08.0187 5100 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/16 22:49:08.0234 5100 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/16 22:49:08.0265 5100 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/16 22:49:08.0281 5100 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/16 22:49:08.0328 5100 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/16 22:49:08.0343 5100 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/05/16 22:49:08.0390 5100 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/16 22:49:08.0406 5100 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/05/16 22:49:08.0452 5100 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/16 22:49:08.0468 5100 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/16 22:49:08.0515 5100 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/16 22:49:08.0562 5100 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/16 22:49:08.0608 5100 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/16 22:49:08.0640 5100 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/16 22:49:08.0671 5100 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/05/16 22:49:08.0718 5100 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/16 22:49:08.0764 5100 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/05/16 22:49:08.0780 5100 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
2011/05/16 22:49:08.0811 5100 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
2011/05/16 22:49:08.0842 5100 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/16 22:49:08.0858 5100 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/16 22:49:08.0905 5100 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/16 22:49:08.0936 5100 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
2011/05/16 22:49:08.0952 5100 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/16 22:49:08.0967 5100 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/05/16 22:49:08.0998 5100 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/16 22:49:09.0014 5100 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/16 22:49:09.0045 5100 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/05/16 22:49:09.0076 5100 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/05/16 22:49:09.0092 5100 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/05/16 22:49:09.0108 5100 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/05/16 22:49:09.0139 5100 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/05/16 22:49:09.0170 5100 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/05/16 22:49:09.0186 5100 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/05/16 22:49:09.0217 5100 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/16 22:49:09.0264 5100 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/05/16 22:49:09.0295 5100 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/16 22:49:09.0326 5100 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 22:49:09.0326 5100 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/16 22:49:09.0388 5100 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/16 22:49:09.0404 5100 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/16 22:49:09.0435 5100 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/16 22:49:09.0451 5100 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/16 22:49:09.0529 5100 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/05/16 22:49:09.0560 5100 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/16 22:49:09.0607 5100 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/16 22:49:09.0638 5100 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/05/16 22:49:09.0654 5100 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/16 22:49:09.0685 5100 ================================================================================
2011/05/16 22:49:09.0685 5100 Scan finished
2011/05/16 22:49:09.0685 5100 ================================================================================
2011/05/16 22:49:09.0700 3628 Detected object count: 1
2011/05/16 22:49:30.0121 3628 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/05/16 22:49:56.0532 2008 Deinitialize success
0
Réponse 15 / 21
gdbod Messages postés 14 Statut Membre
 
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 22:54:18 le 16/05/2011, Mode normal

Microsoft Windows 7 Professionnel Service Pack 1 (X64)
Bool@BOOL-PC (Gigabyte Technology Co., Ltd. P61-USB3-B3)

============== ACTION(S) ==============



(!) -- Fichiers temporaires supprimés.




============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [4.0.1 (fr)] ****

Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)

-- C:\Users\Bool\AppData\Roaming\Mozilla\FireFox\Profiles\1v62jq6a.default --
Extensions\cacaoweb@cacaoweb.org (cacaoweb)
Extensions\LogMeInClient@logmein.com (LogMeIn, Inc. Remote Access Plugin)
Prefs.js - browser.download.dir, D:\\Téléchargement
Prefs.js - browser.startup.homepage, hxxp://www.google.com/
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
Prefs.js - keyword.URL, hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?)
HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - D:\Installation programmes\Veetle\Player\vtl_hfs.exe (?)
HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - D:\Installation programmes\Veetle\Player\player.exe (?)
HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - D:\Installation programmes\Veetle\Player\vtl_hfax.exe (?)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - D:\Installation programmes\Veetle\Player\vtl_hfs.exe (?)
HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - D:\Installation programmes\Veetle\Player\player.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - D:\Installation programmes\Veetle\Player\vtl_hfax.exe (?)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 34 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 16/05/2011 21:44:13 (11550 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 16/05/2011 22:54:21 (3472 Octet(s))

Fin à: 22:54:57, 16/05/2011

============== E.O.F ==============
0
Réponse 16 / 21
gdbod Messages postés 14 Statut Membre
 
qu'est ce qui se passe????
0
juju666 Messages postés 38404 Statut Contributeur sécurité 4 796
 
ComboFix -> inutile
TDSS Killer -> inutile également
0
gdbod Messages postés 14 Statut Membre
 
mais rien de dommageable?
0
juju666 Messages postés 38404 Statut Contributeur sécurité 4 796
 
bah, combofix t as pété cacaoweb [pas entièrement en plus]
0
Réponse 17 / 21
gdbod Messages postés 14 Statut Membre
 
####### FixLop vers 1.0.2.6 [ Suppression ] #######

# Exécuté depuis C:\Program Files (x86)\FixLop
# Le 16/05/2011 à 23h02
# Utilisateur : Bool | BOOL-PC

# S.E : Windows 7 Professional | | 64 bits
# CPU : Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz

# Internet Explorer version [9.0.8112.16421]
# Mozilla Firefox : 4.0.1 (fr)

############## [ Processus ]


############## [ Dossiers & Fichiers ]


~~~~ Lecture fichier prefs.js ~~~~


(!) Backup ERDNT crée avec succès dans C:\Windows

############## [ Clés de registres ]


############## [ Internet Explorer ]

-- [ HKLM\Software\Microsoft\Internet Explorer\Main ] --

Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url : hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url : hxxp://www.google.fr
Start Page : hxxp://fr.msn.com/
Local Page : C:\Windows\system32\blank.htm

-- [ HKCU\Software\Microsoft\Internet Explorer\Main ] --

Search Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url : hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_search_url : hxxp://www.google.fr
Start Page : hxxp://fr.msn.com/
Local Page : C:\Windows\system32\blank.htm

########## [ ! Suppression finie le 16/05/2011 à 23h02 ]
0
Réponse 18 / 21
juju666 Messages postés 38404 Statut Contributeur sécurité 4 796
 
Pourquoi mes messages sont disparus ?

A+
.::. Contributeur Sécurité .::.
0
Réponse 19 / 21
Utilisateur anonyme
 
salut à vous

et dans tout ca personne a vu le crack pour microsoft office ?
0
juju666 Messages postés 38404 Statut Contributeur sécurité 4 796
 
si le KMS
0
gdbod Messages postés 14 Statut Membre
 
je comprend pas tout là
0
Réponse 20 / 21
juju666 Messages postés 38404 Statut Contributeur sécurité 4 796
 
2011-05-16 15:58 . 2011-04-10 13:44 151552 ----a-w- c:\windows\KMSEmulator.exe

Crack Office 2010

A+
0

Discussions similaires

PIX
plart -
jordane45 -

1 réponse