Luha.Fiha.A ???

Fermé
Jess - 3 janv. 2012 à 03:13
 jess - 3 janv. 2012 à 20:43
Bonjour,

J'ai scanné mon ordinateur avec AVG et on me dit que C\windows\system32\sys\system\Your.exe est infecté par Luha.Fiha.A et il ne répare pas. Tout ce que je peux faire c'est supprimer et j'hésite évidemment vu que c'est quelque chose dans le systeme. J'ai cherché partout sur internet et je ne trouve rien qui peut m'aider. Mon ordinateur semble fonctionner normalement pour l'instant... Est-ce une fausse menace ? Dois-je supprimer ? Merci beaucoup!

20 réponses

¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
Modifié par ¡El Desaparecido! le 3/01/2012 à 07:35
Bonjour Jess,

Nous allons éffectuer un diagnostic de ton ordinateur.

# Télécharge ZHPDiag de Nicolas Coolman et enregistre-le sur ton Bureau.

# Double-clique sur ZHPDiag2.exe pour lancer l'installation.
# Sous Windows Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur.
# N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.

# L'outil a créé 2 icônes ZHPDiag et ZHPFix sur le Bureau.
# Double-clique sur ZHPDiag pour lancer l'exécution.
# Sous Windows Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur.

# Clique sur la loupe pour lancer l'analyse.
# Tu patientes jusqu'à ce que le scan affiche 100%.
# Le rapport est sauvegardé sur le bureau.
# Ferme ZHPDiag.

# Héberger et transmettre un rapport.

# Rend toi sur Pjjoint de Malekal.
# Clique sur Parcourir et cherche le rapport de ZHPDiag sur ton bureau
# Clique ensuite sur Envoyer le fichier.
# Tu obtiendras un message de confirmation avec un lien.
# Transmet ce lien dans ta prochaine réponse.

El Desaparecido
0
O43 - CFD: 2011-09-07 - 20:40:28 - [0] ----D- C:\Users\User\AppData\Local\{9EEBB9BC-B915-47D5-B3A6-BCBE57E7DDAA}
O43 - CFD: 2011-12-20 - 08:08:38 - [0] ----D- C:\Users\User\AppData\Local\{9F593A67-FE5F-4070-A848-4F81AD6E1AB9}
O43 - CFD: 2011-09-07 - 06:27:38 - [0] ----D- C:\Users\User\AppData\Local\{9FDD9A30-656E-4621-8F32-5DFA70BF6C5A}
O43 - CFD: 2011-08-01 - 07:02:12 - [0] ----D- C:\Users\User\AppData\Local\{A01BAA17-E279-47D3-B8A0-6133377EBF9D}
O43 - CFD: 2011-07-11 - 08:48:52 - [0] ----D- C:\Users\User\AppData\Local\{A01D007F-CAF1-43B7-8F9F-C13C9D96AE11}
O43 - CFD: 2011-04-15 - 07:57:52 - [0] ----D- C:\Users\User\AppData\Local\{A037ADA6-F327-457F-B93E-DAA759BC3F6D}
O43 - CFD: 2011-08-13 - 09:07:46 - [0] ----D- C:\Users\User\AppData\Local\{A1022818-EBA4-420A-A9D4-026C0A765188}
O43 - CFD: 2011-07-29 - 20:45:36 - [0] ----D- C:\Users\User\AppData\Local\{A11E23E4-8A6A-421B-ABB2-123B94D176C9}
O43 - CFD: 2011-07-09 - 16:53:22 - [0] ----D- C:\Users\User\AppData\Local\{A1730FA0-9AE0-4D41-BFD7-3CA0719CBEF7}
O43 - CFD: 2011-09-25 - 08:36:26 - [0] ----D- C:\Users\User\AppData\Local\{A1853BC8-82B0-4731-9A9E-B5B1F66A1039}
O43 - CFD: 2011-10-08 - 07:31:20 - [0] ----D- C:\Users\User\AppData\Local\{A1ED984E-8A4B-4FE6-B66A-43CC6DD4F32F}
O43 - CFD: 2011-11-24 - 15:24:50 - [0] ----D- C:\Users\User\AppData\Local\{A25C68EF-F4B5-4950-A833-C84B7A826B29}
O43 - CFD: 2011-07-19 - 19:21:00 - [0] ----D- C:\Users\User\AppData\Local\{A2C56D84-1743-4BD9-99B8-8C2C17D557A1}
O43 - CFD: 2011-09-12 - 08:45:18 - [0] ----D- C:\Users\User\AppData\Local\{A3279747-B11D-4AF2-8694-4EDFFE374139}
O43 - CFD: 2011-09-02 - 20:09:34 - [0] ----D- C:\Users\User\AppData\Local\{A33AD297-E41D-45C6-B45E-10AED685033F}
O43 - CFD: 2011-12-06 - 19:51:16 - [0] ----D- C:\Users\User\AppData\Local\{A374E595-826C-40E9-8335-2CB4001911AB}
O43 - CFD: 2011-04-26 - 07:08:00 - [0] ----D- C:\Users\User\AppData\Local\{A3FCC8A0-49CB-44CE-957D-0E5DAEA59540}
O43 - CFD: 2011-12-01 - 08:06:08 - [0] ----D- C:\Users\User\AppData\Local\{A4445763-992D-491E-904E-406087407AF2}
O43 - CFD: 2011-11-23 - 19:06:26 - [0] ----D- C:\Users\User\AppData\Local\{A4B6AA9E-74D8-45AF-BDD0-443B598F18C4}
O43 - CFD: 2011-06-08 - 08:12:10 - [0] ----D- C:\Users\User\AppData\Local\{A57A967B-F8BC-4E87-9B45-2285003F3189}
O43 - CFD: 2011-08-18 - 20:35:38 - [0] ----D- C:\Users\User\AppData\Local\{A58C1D1C-1340-499F-9053-B22BA6100290}
O43 - CFD: 2011-06-22 - 08:49:20 - [0] ----D- C:\Users\User\AppData\Local\{A5C7A699-1313-4F9C-BEB1-A31EE0B55D89}
O43 - CFD: 2011-11-15 - 16:18:12 - [0] ----D- C:\Users\User\AppData\Local\{A5D0DE71-0C53-4D44-AA2B-6245ABDF015C}
O43 - CFD: 2011-12-06 - 07:50:50 - [0] ----D- C:\Users\User\AppData\Local\{A6627876-A435-4D2C-846B-507421A30895}
O43 - CFD: 2011-11-09 - 19:11:22 - [0] ----D- C:\Users\User\AppData\Local\{A711A0E4-427E-4144-B8B3-E5496064F0A6}
O43 - CFD: 2011-05-11 - 07:08:40 - [0] ----D- C:\Users\User\AppData\Local\{A7807D42-B6FB-4D48-9941-5AFFA03CC7D6}
O43 - CFD: 2011-12-07 - 15:36:44 - [0] ----D- C:\Users\User\AppData\Local\{A82A43CE-55BA-4247-A840-3792289AF00F}
O43 - CFD: 2011-05-18 - 20:10:24 - [0] ----D- C:\Users\User\AppData\Local\{A8AC76C0-B7B7-4D64-9D37-E2A393F237CB}
O43 - CFD: 2011-12-13 - 20:47:04 - [0] ----D- C:\Users\User\AppData\Local\{A8E5345C-8400-47AF-BDE8-E6B8A9F13F0E}
O43 - CFD: 2011-05-20 - 08:46:30 - [0] ----D- C:\Users\User\AppData\Local\{A93F084D-DFF0-42C0-8C2A-47058B4B0F20}
O43 - CFD: 2011-04-15 - 19:58:30 - [0] ----D- C:\Users\User\AppData\Local\{A9F9AC85-F723-4016-B8FC-52E505EB5E5F}
O43 - CFD: 2011-10-22 - 07:51:10 - [0] ----D- C:\Users\User\AppData\Local\{AA3C7D5F-8AF4-41BA-A226-7039F0D6F81C}
O43 - CFD: 2011-12-14 - 10:13:32 - [0] ----D- C:\Users\User\AppData\Local\{AA7009E2-DE97-4ACF-8366-48571C118635}
O43 - CFD: 2011-12-17 - 09:32:22 - [0] ----D- C:\Users\User\AppData\Local\{AAD25906-71DA-45DE-A7C6-4C16E0813A41}
O43 - CFD: 2011-09-09 - 07:05:26 - [0] ----D- C:\Users\User\AppData\Local\{AB0184F3-9AFC-4421-81B1-6357082671B5}
O43 - CFD: 2011-07-22 - 08:51:18 - [0] ----D- C:\Users\User\AppData\Local\{AB39EA72-B985-4646-BB32-853CF81AB2CE}
O43 - CFD: 2011-11-12 - 07:39:50 - [0] ----D- C:\Users\User\AppData\Local\{AB6593C6-F40A-48A2-A877-B5DA46254403}
O43 - CFD: 2011-10-01 - 19:16:14 - [0] ----D- C:\Users\User\AppData\Local\{AB6E643F-592F-4876-903F-4FE293F5C193}
O43 - CFD: 2011-05-25 - 08:38:22 - [0] ----D- C:\Users\User\AppData\Local\{ABD515F1-62CA-4480-AA60-9F2768AC6D03}
O43 - CFD: 2011-04-16 - 08:00:06 - [0] ----D- C:\Users\User\AppData\Local\{AC64F3B9-5FE4-44BA-90A3-7E2E998CF759}
O43 - CFD: 2011-11-17 - 20:41:40 - [0] ----D- C:\Users\User\AppData\Local\{AC750826-71D4-40A5-B188-528171AF2974}
O43 - CFD: 2011-10-16 - 19:56:16 - [0] ----D- C:\Users\User\AppData\Local\{ACC777B7-90CA-4DD2-A4F1-81022685A158}
O43 - CFD: 2011-07-02 - 20:57:50 - [0] ----D- C:\Users\User\AppData\Local\{AD0FE4EB-90BE-4149-85CE-33AC167F169F}
O43 - CFD: 2011-09-19 - 07:33:36 - [0] ----D- C:\Users\User\AppData\Local\{ADD7887E-150C-4861-8E1A-36ACCCD437B2}
O43 - CFD: 2011-11-27 - 08:34:42 - [0] ----D- C:\Users\User\AppData\Local\{AE2DACD8-116B-4667-826D-67200C111A26}
O43 - CFD: 2011-12-13 - 20:47:16 - [0] ----D- C:\Users\User\AppData\Local\{AE8CDC54-F387-4F43-98FB-8F362669DD40}
O43 - CFD: 2011-03-31 - 07:39:38 - [0] ----D- C:\Users\User\AppData\Local\{AEF2C1DB-6953-473F-9B6C-60DBBAA14E28}
O43 - CFD: 2011-08-09 - 20:28:44 - [0] ----D- C:\Users\User\AppData\Local\{AF5101D8-FE02-4442-B9B2-D24093DD8D98}
O43 - CFD: 2011-09-13 - 06:22:10 - [0] ----D- C:\Users\User\AppData\Local\{AFBE4085-782C-407C-86D1-BD61FBF46DAB}
O43 - CFD: 2011-12-19 - 00:26:12 - [0] ----D- C:\Users\User\AppData\Local\{AFE990F4-A85E-4735-B9AB-11842AB916EF}
O43 - CFD: 2011-09-01 - 08:07:56 - [0] ----D- C:\Users\User\AppData\Local\{B025FB8E-BB5A-4D15-A39B-AF522A2EADB5}
O43 - CFD: 2011-10-12 - 10:28:52 - [0] ----D- C:\Users\User\AppData\Local\{B047B9DF-E56A-4627-A5A4-9CAF23755728}
O43 - CFD: 2011-11-11 - 07:30:14 - [0] ----D- C:\Users\User\AppData\Local\{B055E2B6-3CAB-4495-BF3A-433928AAE993}
O43 - CFD: 2011-03-31 - 19:40:02 - [0] ----D- C:\Users\User\AppData\Local\{B0BE797F-061C-4C9A-9805-8328E5ED55EF}
O43 - CFD: 2011-08-31 - 08:07:22 - [0] ----D- C:\Users\User\AppData\Local\{B0FC6FA3-1479-4FF1-8C1F-7FD71390EEFC}
O43 - CFD: 2011-09-04 - 20:12:00 - [0] ----D- C:\Users\User\AppData\Local\{B1024CA1-55DF-4624-ACA3-A89FE2DA3E94}
O43 - CFD: 2011-12-08 - 20:16:40 - [0] ----D- C:\Users\User\AppData\Local\{B15FABFB-FC31-4AA4-A9F3-68D4E930D1B3}
O43 - CFD: 2011-12-16 - 07:53:14 - [0] ----D- C:\Users\User\AppData\Local\{B18B374B-F8BA-49C2-BEAF-824A52244AF6}
O43 - CFD: 2011-09-15 - 20:06:46 - [0] ----D- C:\Users\User\AppData\Local\{B203CF7C-8961-4E8D-A11A-9E3EA9C28D05}
O43 - CFD: 2011-10-04 - 07:19:06 - [0] ----D- C:\Users\User\AppData\Local\{B26C88FB-D959-4D71-A98C-0D7974003F8E}
O43 - CFD: 2011-11-12 - 19:40:16 - [0] ----D- C:\Users\User\AppData\Local\{B2B60C6F-0024-46F1-86F8-8F5C108F42A4}
O43 - CFD: 2011-05-17 - 08:08:38 - [0] ----D- C:\Users\User\AppData\Local\{B5A5EBB3-9D11-45FF-BB5A-96606C4354C0}
O43 - CFD: 2011-09-25 - 08:36:38 - [0] ----D- C:\Users\User\AppData\Local\{B6EEE990-407B-472F-BD8C-BBEA50B60DF6}
O43 - CFD: 2011-08-09 - 20:28:34 - [0] ----D- C:\Users\User\AppData\Local\{B7196FB4-F8B0-4E00-8681-B40FF3CFEDD1}
O43 - CFD: 2011-07-04 - 21:00:14 - [0] ----D- C:\Users\User\AppData\Local\{B7632CFF-E973-4DE5-BDCF-72B3292063E7}
O43 - CFD: 2011-10-11 - 06:45:12 - [0] ----D- C:\Users\User\AppData\Local\{B7BBBD2B-3114-4766-8F2E-E80EB2579956}
O43 - CFD: 2011-04-25 - 19:07:24 - [0] ----D- C:\Users\User\AppData\Local\{B7C6A2EB-5B72-4AC2-A3FF-D4FA9A80D037}
O43 - CFD: 2011-09-24 - 08:34:58 - [0] ----D- C:\Users\User\AppData\Local\{B817BEA6-E524-49BF-9A2D-0DA8C8C9BAC3}
O43 - CFD: 2011-08-08 - 20:27:30 - [0] ----D- C:\Users\User\AppData\Local\{B83F453C-C889-4320-918B-7037E45177B7}
O43 - CFD: 2011-11-23 - 19:06:38 - [0] ----D- C:\Users\User\AppData\Local\{B96ED38F-409B-48B7-A16B-416DC2BDDA2A}
O43 - CFD: 2011-04-06 - 07:25:58 - [0] ----D- C:\Users\User\AppData\Local\{B9C36780-3502-43D8-89D8-0C6C4E57D873}
O43 - CFD: 2011-06-09 - 20:14:02 - [0] ----D- C:\Users\User\AppData\Local\{BA257486-DB81-4903-B596-9A85B93CEA78}
O43 - CFD: 2011-06-16 - 09:03:24 - [0] ----D- C:\Users\User\AppData\Local\{BA608CF8-A0F3-47F9-A06B-6C261D82517A}
O43 - CFD: 2011-10-26 - 07:05:00 - [0] ----D- C:\Users\User\AppData\Local\{BAA06D41-4B7C-488E-A582-8EDA81629314}
O43 - CFD: 2011-12-07 - 15:37:00 - [0] ----D- C:\Users\User\AppData\Local\{BBB62039-8303-4AE7-B5B4-51F786F66A86}
O43 - CFD: 2011-09-10 - 20:41:06 - [0] ----D- C:\Users\User\AppData\Local\{BC4068A4-E2EC-4F25-9311-293005B0B61F}
O43 - CFD: 2011-06-04 - 09:02:26 - [0] ----D- C:\Users\User\AppData\Local\{BDEBC551-F40B-4676-9C53-1773B224ACFB}
O43 - CFD: 2011-06-30 - 20:55:24 - [0] ----D- C:\Users\User\AppData\Local\{BE02F173-405D-47F2-BD93-53181E3D2568}
O43 - CFD: 2011-09-04 - 20:12:12 - [0] ----D- C:\Users\User\AppData\Local\{BE20E620-E01E-4988-84F7-FBA144C43450}
O43 - CFD: 2011-08-12 - 08:00:02 - [0] ----D- C:\Users\User\AppData\Local\{BE611BF9-92CC-497F-8D26-EBCA7ABC082D}
O43 - CFD: 2011-08-05 - 06:53:58 - [0] ----D- C:\Users\User\AppData\Local\{BE6872C0-A652-41C9-9D51-B5806AC94993}
O43 - CFD: 2011-05-04 - 19:05:14 - [0] ----D- C:\Users\User\AppData\Local\{BE76D268-5FD4-4EE0-A31B-98CB60E24849}
O43 - CFD: 2011-08-22 - 19:59:56 - [0] ----D- C:\Users\User\AppData\Local\{BEBEAD34-7BA5-49A4-A6C6-80B870D6B15A}
O43 - CFD: 2011-05-30 - 08:42:12 - [0] ----D- C:\Users\User\AppData\Local\{BEF8ACD6-3870-4685-A800-A61973FC961E}
O43 - CFD: 2011-10-23 - 07:52:42 - [0] ----D- C:\Users\User\AppData\Local\{BF8AFF48-E69E-4AB0-A5F8-8062D553584F}
O43 - CFD: 2011-10-09 - 07:54:24 - [0] ----D- C:\Users\User\AppData\Local\{BFB07F3E-1A1A-47FA-9ACB-611E23B7B0A6}
O43 - CFD: 2011-12-17 - 09:32:12 - [0] ----D- C:\Users\User\AppData\Local\{C09ADAD8-87DE-4061-BDFA-405F31DB1811}
O43 - CFD: 2011-09-29 - 09:36:50 - [0] ----D- C:\Users\User\AppData\Local\{C0C4EDAC-D942-43EF-BE81-A29E3CEE412E}
O43 - CFD: 2011-04-25 - 07:07:00 - [0] ----D- C:\Users\User\AppData\Local\{C0E0B474-B5CB-4DEB-ABEE-0E1DDFBF2509}
O43 - CFD: 2011-08-16 - 08:33:24 - [0] ----D- C:\Users\User\AppData\Local\{C0EB2BDF-B405-4638-92E7-57EB52AD3D45}
O43 - CFD: 2011-11-30 - 19:06:08 - [0] ----D- C:\Users\User\AppData\Local\{C130A506-8E04-4573-8872-4C3E6CDA67EA}
O43 - CFD: 2011-08-26 - 20:58:00 - [0] ----D- C:\Users\User\AppData\Local\{C1773343-548C-47C3-8C0D-57E12BB988C1}
O43 - CFD: 2011-12-20 - 08:08:24 - [0] ----D- C:\Users\User\AppData\Local\{C352EC32-BE9C-4449-AF89-BB4205E53B0E}
O43 - CFD: 2011-10-10 - 08:09:26 - [0] ----D- C:\Users\User\AppData\Local\{C3964085-B58C-4116-A555-5D33313AEC65}
O43 - CFD: 2011-10-24 - 07:53:54 - [0] ----D- C:\Users\User\AppData\Local\{C4B5842C-5F4A-4081-96AA-29AFFD8EAFD6}
O43 - CFD: 2011-07-20 - 20:21:38 - [0] ----D- C:\Users\User\AppData\Local\{C5529083-E47A-4A4A-BFD9-03F64E80BF22}
O43 - CFD: 2011-12-18 - 09:33:28 - [0] ----D- C:\Users\User\AppData\Local\{C555140F-8909-491D-A626-E1D047D6BD6F}
O43 - CFD: 2011-12-11 - 08:44:00 - [0] ----D- C:\Users\User\AppData\Local\{C555BCAA-1AF7-4726-A220-794DA8BF3EBA}
O43 - CFD: 2011-08-20 - 08:37:28 - [0] ----D- C:\Users\User\AppData\Local\{C57AAD95-3998-47FE-AE84-C21172FEB2E8}
O43 - CFD: 2011-04-18 - 07:30:28 - [0] ----D- C:\Users\User\AppData\Local\{C6713DB2-EBBB-45EB-AC1F-B8BC495F37AF}
O43 - CFD: 2011-10-13 - 07:48:54 - [0] ----D- C:\Users\User\AppData\Local\{C6AC1A14-8833-4B6D-A561-75734F745362}
O43 - CFD: 2011-06-17 - 21:11:20 - [0] ----D- C:\Users\User\AppData\Local\{C6B729EA-1A20-4470-89D8-034E801CD48E}
O43 - CFD: 2011-08-28 - 08:01:04 - [0] ----D- C:\Users\User\AppData\Local\{C6BD2C33-B67E-4F83-A05F-30FF798BC8A4}
O43 - CFD: 2011-11-30 - 07:05:42 - [0] ----D- C:\Users\User\AppData\Local\{C70E11A1-899B-4777-959B-C9BB8B5E40E0}
O43 - CFD: 2011-10-01 - 19:16:02 - [0] ----D- C:\Users\User\AppData\Local\{C75A0B20-9C46-4D44-B6DC-CF55434DF1A3}
O43 - CFD: 2011-06-10 - 08:16:40 - [0] ----D- C:\Users\User\AppData\Local\{C7B8106F-6ECE-4D1A-A7CD-2AF4DF41352E}
O43 - CFD: 2011-10-19 - 17:47:00 - [0] ----D- C:\Users\User\AppData\Local\{C7C51849-5581-4848-8244-D3C9F26EE231}
O43 - CFD: 2011-08-18 - 07:18:30 - [0] ----D- C:\Users\User\AppData\Local\{C8067C52-9838-4B6E-8236-C7B5158C9C8E}
O43 - CFD: 2011-12-26 - 09:16:48 - [0] ----D- C:\Users\User\AppData\Local\{C86AA563-0712-45D8-B616-5C104B13F70D}
O43 - CFD: 2011-11-21 - 08:51:42 - [0] ----D- C:\Users\User\AppData\Local\{C891A138-4BD4-4BCB-ACC4-8E37A703D3D1}
O43 - CFD: 2011-09-28 - 21:36:00 - [0] ----D- C:\Users\User\AppData\Local\{C8D572A0-9E3A-450E-B496-E7A95B720857}
O43 - CFD: 2011-10-02 - 07:16:50 - [0] ----D- C:\Users\User\AppData\Local\{C8E2CF6E-B302-4C0F-BF2B-EDF67B9E6AF2}
O43 - CFD: 2011-05-18 - 08:09:50 - [0] ----D- C:\Users\User\AppData\Local\{C8F429F8-950E-402C-9FE9-6750B53A514D}
O43 - CFD: 2011-06-15 - 09:02:12 - [0] ----D- C:\Users\User\AppData\Local\{C9B592BB-72F4-49DD-BD5C-06232F914E95}
O43 - CFD: 2011-09-20 - 18:45:26 - [0] ----D- C:\Users\User\AppData\Local\{CA217723-54E0-450C-8F21-498A1A71596F}
O43 - CFD: 2011-10-24 - 19:54:42 - [0] ----D- C:\Users\User\AppData\Local\{CA557A78-0595-4F37-B444-316CADD1C506}
O43 - CFD: 2011-12-27 - 20:09:18 - [0] ----D- C:\Users\User\AppData\Local\{CAC76738-0946-4A5F-B116-3F3D1F1B1B19}
O43 - CFD: 2011-12-11 - 20:44:38 - [0] ----D- C:\Users\User\AppData\Local\{CAFFC99F-72BF-4D0D-B0FF-3358E3593D34}
O43 - CFD: 2011-08-26 - 08:57:12 - [0] ----D- C:\Users\User\AppData\Local\{CB1DE779-358A-45BB-9EE3-A52DFDF0E10F}
O43 - CFD: 2011-04-21 - 07:16:48 - [0] ----D- C:\Users\User\AppData\Local\{CB6830EF-5F64-444D-9A1F-33869E18E8B4}
O43 - CFD: 2011-05-10 - 07:07:28 - [0] ----D- C:\Users\User\AppData\Local\{CB90C367-AE34-4B45-8293-1F13B680BD2C}
O43 - CFD: 2011-09-21 - 06:46:02 - [0] ----D- C:\Users\User\AppData\Local\{CBA86D74-883F-4E84-97DD-DFA60118AFE9}
O43 - CFD: 2011-11-27 - 20:35:30 - [0] ----D- C:\Users\User\AppData\Local\{CBE8B470-F491-43F0-A546-411C4149FF0F}
O43 - CFD: 2011-05-27 - 08:18:42 - [0] ----D- C:\Users\User\AppData\Local\{CD61ABC2-E6E0-4AC5-B447-5216E2183CD5}
O43 - CFD: 2011-11-13 - 20:50:28 - [0] ----D- C:\Users\User\AppData\Local\{CDA7CBD5-EFF5-4BCE-8384-4B0B8F4F5AFE}
O43 - CFD: 2011-08-05 - 06:54:10 - [0] ----D- C:\Users\User\AppData\Local\{CE0584FF-6D04-42E6-BF89-55AE7F6B372D}
O43 - CFD: 2011-11-19 - 21:35:10 - [0] ----D- C:\Users\User\AppData\Local\{CE0D835A-682C-411E-B32F-48C255CE7682}
O43 - CFD: 2011-07-05 - 09:04:42 - [0] ----D- C:\Users\User\AppData\Local\{CE1D93D8-E8CB-4C3B-9AD5-ADFF61678CFC}
O43 - CFD: 2011-12-03 - 08:45:16 - [0] ----D- C:\Users\User\AppData\Local\{CE7C6A8E-7A2F-42A8-B151-14858C31E3C0}
O43 - CFD: 2011-09-06 - 18:27:00 - [0] ----D- C:\Users\User\AppData\Local\{CF76AE57-79DA-4EEF-BE4F-8660A97C780E}
O43 - CFD: 2011-11-29 - 09:00:42 - [0] ----D- C:\Users\User\AppData\Local\{D0380A83-D125-4F05-9F1E-DF292885BA71}
O43 - CFD: 2011-10-15 - 07:54:34 - [0] ----D- C:\Users\User\AppData\Local\{D0727094-19D9-47FC-9C05-27DB80A102DF}
O43 - CFD: 2011-07-21 - 08:22:42 - [0] ----D- C:\Users\User\AppData\Local\{D09A3A50-DE2A-43D4-AA7C-A9B3134BDFAF}
O43 - CFD: 2011-09-26 - 08:37:50 - [0] ----D- C:\Users\User\AppData\Local\{D1A24D41-5498-4839-B1CF-6F79EA828AC6}
O43 - CFD: 2011-07-21 - 20:50:38 - [0] ----D- C:\Users\User\AppData\Local\{D1DF37AD-EEBC-45C3-AACB-CB6F6B782F3C}
O43 - CFD: 2011-12-19 - 00:26:24 - [0] ----D- C:\Users\User\AppData\Local\{D20F8199-16DC-436C-955A-38C3D0EA1D2D}
O43 - CFD: 2011-06-20 - 21:14:46 - [0] ----D- C:\Users\User\AppData\Local\{D2701FF4-76B9-4A52-ADEC-74BED1500173}
O43 - CFD: 2011-08-22 - 07:59:30 - [0] ----D- C:\Users\User\AppData\Local\{D2740CBB-740D-4E48-BC7D-A04FE5FE91EA}
O43 - CFD: 2011-05-28 - 20:40:24 - [0] ----D- C:\Users\User\AppData\Local\{D29F6F8E-BAA6-49C4-861C-3D626B6BAEED}
O43 - CFD: 2011-11-17 - 08:41:12 - [0] ----D- C:\Users\User\AppData\Local\{D2B3F1D9-AD92-4F7D-B639-D5D8F31CFD21}
O43 - CFD: 2011-09-01 - 20:08:34 - [0] ----D- C:\Users\User\AppData\Local\{D319FD0C-BCD5-4FA5-85C5-4DF3959B76C1}
O43 - CFD: 2011-11-21 - 08:51:32 - [0] ----D- C:\Users\User\AppData\Local\{D33B7F72-FCA3-49FC-AA51-CAC501836254}
O43 - CFD: 2011-10-02 - 19:17:16 - [0] ----D- C:\Users\User\AppData\Local\{D37BE9E6-EA24-45AB-93CC-3A02AB5EAB56}
O43 - CFD: 2011-08-26 - 08:57:22 - [0] ----D- C:\Users\User\AppData\Local\{D3B6E2AD-DA80-401C-BA9E-8744EFB07E5A}
O43 - CFD: 2011-11-19 - 21:35:20 - [0] ----D- C:\Users\User\AppData\Local\{D4F84B08-C56D-43D9-B4EC-6DA177E56E39}
O43 - CFD: 2011-05-19 - 20:45:48 - [0] ----D- C:\Users\User\AppData\Local\{D50AD837-EC0A-4C40-92DE-E8708E5957F5}
O43 - CFD: 2011-09-19 - 20:33:34 - [0] ----D- C:\Users\User\AppData\Local\{D510DA09-E3E3-431C-B799-A3C8B9A75656}
O43 - CFD: 2011-09-20 - 18:45:14 - [0] ----D- C:\Users\User\AppData\Local\{D513E72E-C93A-4B85-8EFD-A76E039CDF67}
O43 - CFD: 2011-05-11 - 19:09:16 - [0] ----D- C:\Users\User\AppData\Local\{D5CB9598-2FDD-4BE4-B84C-B34AD70187AB}
O43 - CFD: 2011-11-04 - 07:59:40 - [0] ----D- C:\Users\User\AppData\Local\{D5CE038F-6506-46E0-9ABA-15F4EEE1E120}
O43 - CFD: 2011-12-12 - 20:45:50 - [0] ----D- C:\Users\User\AppData\Local\{D601DEEC-3808-4E60-8CC1-56FA4D2379DE}
O43 - CFD: 2011-11-10 - 19:29:26 - [0] ----D- C:\Users\User\AppData\Local\{D6638483-5209-4C12-8112-2356443B54CF}
O43 - CFD: 2011-06-13 - 09:00:12 - [0] ----D- C:\Users\User\AppData\Local\{D71F498C-471E-47AB-A2B9-7A0F58EA2A5A}
O43 - CFD: 2011-10-05 - 18:47:58 - [0] ----D- C:\Users\User\AppData\Local\{D7505F26-564C-43DB-8AF2-6EDB6BFEB817}
O43 - CFD: 2011-09-23 - 16:30:08 - [0] ----D- C:\Users\User\AppData\Local\{D774C4E3-8CB2-4CD1-A684-D7AD4051B303}
O43 - CFD: 2011-09-19 - 19:34:04 - [0] ----D- C:\Users\User\AppData\Local\{D79FBB35-DD7E-468F-AABA-32C7AF6508DC}
O43 - CFD: 2011-07-12 - 21:29:34 - [0] ----D- C:\Users\User\AppData\Local\{D7D02C30-71E2-4469-A86F-C97E80BF091D}
O43 - CFD: 2011-06-29 - 20:22:56 - [0] ----D- C:\Users\User\AppData\Local\{D800A1D8-734A-44CD-8BCA-33E4ACD89EA8}
O43 - CFD: 2011-08-10 - 08:29:10 - [0] ----D- C:\Users\User\AppData\Local\{D806EA52-A7F6-44BF-A5C3-25313DEB2BC8}
O43 - CFD: 2011-10-04 - 19:19:42 - [0] ----D- C:\Users\User\AppData\Local\{D884B56A-9992-409C-8D7A-5E5803BA30A9}
O43 - CFD: 2012-01-03 - 09:05:16 - [0] ----D- C:\Users\User\AppData\Local\{D8A5E797-819B-41FF-A77B-D99840549C00}
O43 - CFD: 2011-12-10 - 08:40:22 - [0] ----D- C:\Users\User\AppData\Local\{D8E27834-2C16-4397-ACB3-968B3B0FFADB}
O43 - CFD: 2011-11-12 - 07:40:02 - [0] ----D- C:\Users\User\AppData\Local\{D8EA8601-E6C9-4069-BCCC-18D574C333D7}
O43 - CFD: 2011-08-08 - 08:27:06 - [0] ----D- C:\Users\User\AppData\Local\{D95D7D9C-3703-48F8-9052-4FDD5C732F1C}
O43 - CFD: 2011-11-25 - 19:31:14 - [0] ----D- C:\Users\User\AppData\Local\{DA26609E-793C-4CD0-A311-A6F8ACF1BD98}
O43 - CFD: 2011-12-28 - 08:40:52 - [0] ----D- C:\Users\User\AppData\Local\{DA5B04B7-804B-4535-A1F0-1006A0A115ED}
O43 - CFD: 2011-12-06 - 07:50:38 - [0] ----D- C:\Users\User\AppData\Local\{DADB715C-95E3-4ABF-8ED2-D78B0475C32D}
O43 - CFD: 2011-07-16 - 17:51:14 - [0] ----D- C:\Users\User\AppData\Local\{DB9B29BD-81F9-4FA2-8419-11EA1E657D16}
O43 - CFD: 2011-08-31 - 08:07:10 - [0] ----D- C:\Users\User\AppData\Local\{DBCE619F-5BA8-4954-9986-04488C3325D4}
O43 - CFD: 2011-10-07 - 15:51:08 - [0] ----D- C:\Users\User\AppData\Local\{DDA1CEB4-28CE-4F82-AB56-6BAA3187CE7B}
O43 - CFD: 2011-12-10 - 20:40:46 - [0] ----D- C:\Users\User\AppData\Local\{DE01C277-2971-45E9-9DB4-A0FBBFE1E341}
O43 - CFD: 2011-09-10 - 08:31:20 - [0] ----D- C:\Users\User\AppData\Local\{DE10A698-B2D4-4000-A1C3-6A0F4563EC49}
O43 - CFD: 2011-08-18 - 07:18:42 - [0] ----D- C:\Users\User\AppData\Local\{DE23FE1B-EE06-432D-94AB-33F9798A9717}
O43 - CFD: 2011-11-22 - 15:21:44 - [0] ----D- C:\Users\User\AppData\Local\{DE2EA837-2E9A-4B9A-9A3C-2BC879C76248}
O43 - CFD: 2011-09-01 - 20:08:44 - [0] ----D- C:\Users\User\AppData\Local\{DE68FE77-5482-4D52-8C89-51F157F8CB7B}
O43 - CFD: 2011-05-28 - 08:39:48 - [0] ----D- C:\Users\User\AppData\Local\{DEB501A7-C7CE-4BC7-8806-BBF52555E5FD}
O43 - CFD: 2011-12-02 - 08:07:10 - [0] ----D- C:\Users\User\AppData\Local\{DF10EAF4-EC4A-4750-B0BB-C27FBDB39B8A}
O43 - CFD: 2011-09-15 - 08:06:10 - [0] ----D- C:\Users\User\AppData\Local\{DF370312-9961-47D6-8B58-312EF364A2FB}
O43 - CFD: 2011-11-01 - 06:40:54 - [0] ----D- C:\Users\User\AppData\Local\{DFD92819-2D66-4987-B432-2F1BD1942B71}
O43 - CFD: 2011-10-03 - 19:18:40 - [0] ----D- C:\Users\User\AppData\Local\{E092D6AD-6FDD-49FA-89BF-6D9FD50341AB}
O43 - CFD: 2011-11-10 - 07:29:00 - [0] ----D- C:\Users\User\AppData\Local\{E14114A5-32C2-481E-842C-4C260F22A58D}
O43 - CFD: 2011-04-20 - 07:54:00 - [0] ----D- C:\Users\User\AppData\Local\{E22160E7-C50C-48C8-A65F-E6B9A7ECF778}
O43 - CFD: 2011-08-11 - 07:15:46 - [0] ----D- C:\Users\User\AppData\Local\{E26A753A-A31A-4D36-9B56-3E2ADAA3B263}
O43 - CFD: 2011-10-14 - 18:29:20 - [0] ----D- C:\Users\User\AppData\Local\{E2E193AE-DEC0-4674-9101-87D2282C7BC9}
O43 - CFD: 2011-09-14 - 06:23:12 - [0] ----D- C:\Users\User\AppData\Local\{E38C26EF-E5F8-48E8-93EB-723A1DE9088F}
O43 - CFD: 2011-08-13 - 09:07:58 - [0] ----D- C:\Users\User\AppData\Local\{E3A14724-424D-4349-AB25-92B18C096DD2}
O43 - CFD: 2011-05-16 - 08:07:36 - [0] ----D- C:\Users\User\AppData\Local\{E3B5F829-F572-4B78-84AC-FC7B7D1CE1CA}
O43 - CFD: 2011-05-21 - 08:47:42 - [0] ----D- C:\Users\User\AppData\Local\{E3E1F77B-FE61-4F7D-98AC-8E2BBC741B40}
O43 - CFD: 2011-04-29 - 07:35:08 - [0] ----D- C:\Users\User\AppData\Local\{E45C4297-CAD8-461C-8768-EAE485D4C572}
O43 - CFD: 2011-08-18 - 20:35:26 - [0] ----D- C:\Users\User\AppData\Local\{E5207B0D-9507-4260-93CB-AC9B9C294715}
O43 - CFD: 2011-09-25 - 20:37:14 - [0] ----D- C:\Users\User\AppData\Local\{E543A9F8-3833-4A89-8D62-1A64BA13DE75}
O43 - CFD: 2011-10-28 - 17:59:38 - [0] ----D- C:\Users\User\AppData\Local\{E54585E1-4BD7-442A-B565-4582FFF67885}
O43 - CFD: 2011-11-28 - 20:36:34 - [0] ----D- C:\Users\User\AppData\Local\{E57686AE-E510-46C4-93BC-168E29BAF2D8}
O43 - CFD: 2011-11-28 - 08:35:56 - [0] ----D- C:\Users\User\AppData\Local\{E5E647C8-04E6-4E83-A9ED-994A76E1B189}
O43 - CFD: 2011-08-29 - 08:04:56 - [0] ----D- C:\Users\User\AppData\Local\{E6797AEF-B671-4613-8410-9BE59F51CFC3}
O43 - CFD: 2011-08-04 - 07:29:16 - [0] ----D- C:\Users\User\AppData\Local\{E6A115BB-EC1B-4C69-99EE-34CD99F00AD2}
O43 - CFD: 2011-04-14 - 10:41:54 - [0] ----D- C:\Users\User\AppData\Local\{E6FF53FA-ABBC-48D9-8864-1E0E2A842323}
O43 - CFD: 2011-07-08 - 09:06:02 - [0] ----D- C:\Users\User\AppData\Local\{E711EBE8-09C9-4AAA-9DF0-7432B0FD70FE}
O43 - CFD: 2011-09-11 - 08:44:06 - [0] ----D- C:\Users\User\AppData\Local\{E758F942-1DB5-4592-ADC5-314955228C35}
O43 - CFD: 2011-03-30 - 07:38:22 - [0] ----D- C:\Users\User\AppData\Local\{E7BB872A-C2C3-44F1-A97A-FEB263BD7F75}
O43 - CFD: 2011-10-15 - 07:54:20 - [0] ----D- C:\Users\User\AppData\Local\{E7D24F5F-C409-44F1-944C-7417DB6287F5}
O43 - CFD: 2011-10-09 - 19:55:02 - [0] ----D- C:\Users\User\AppData\Local\{E7ED0AFD-4E56-474C-908F-40834AAED081}
O43 - CFD: 2011-11-16 - 19:05:34 - [0] ----D- C:\Users\User\AppData\Local\{E8D3D9C8-6D6A-44CE-870C-539868E4E7DB}
O43 - CFD: 2011-09-07 - 06:27:26 - [0] ----D- C:\Users\User\AppData\Local\{E93BF784-AD30-4CEC-A419-EBB9E9ABBE41}
O43 - CFD: 2011-05-23 - 20:10:40 - [0] ----D- C:\Users\User\AppData\Local\{E96131DF-2023-4A8F-914C-B7F3A5D711C2}
O43 - CFD: 2011-09-04 - 08:11:36 - [0] ----D- C:\Users\User\AppData\Local\{E9BCFE82-901A-41E3-9C05-1D2D9DC996F2}
O43 - CFD: 2011-10-04 - 19:19:54 - [0] ----D- C:\Users\User\AppData\Local\{E9C066C6-5D9A-4B4C-93CD-D8626C274665}
O43 - CFD: 2011-08-15 - 07:36:58 - [0] ----D- C:\Users\User\AppData\Local\{EA483E2A-88A2-445A-BC5A-CFF77B158DD4}
O43 - CFD: 2011-12-09 - 16:39:22 - [0] ----D- C:\Users\User\AppData\Local\{EA5A6C16-D909-4C74-B205-673B0E7B8013}
O43 - CFD: 2011-11-27 - 20:35:18 - [0] ----D- C:\Users\User\AppData\Local\{EA5CD84A-9699-4019-B61F-F5D190E0F29D}
O43 - CFD: 2011-12-05 - 09:33:58 - [0] ----D- C:\Users\User\AppData\Local\{EA6A9467-5633-42E3-B21F-3A0ADD7876F0}
O43 - CFD: 2011-11-11 - 07:30:04 - [0] ----D- C:\Users\User\AppData\Local\{EB7714A8-632F-42B1-8FE2-D0D6F02721DC}
O43 - CFD: 2011-09-10 - 20:41:16 - [0] ----D- C:\Users\User\AppData\Local\{EC5C9FDE-143E-4725-B847-4BA8F4DBAE05}
O43 - CFD: 2011-10-20 - 08:01:34 - [0] ----D- C:\Users\User\AppData\Local\{ECBE06A7-AEA3-4AB8-961A-934584642AA8}
O43 - CFD: 2011-09-14 - 06:23:24 - [0] ----D- C:\Users\User\AppData\Local\{ECC33D06-7FE6-4FD5-AABD-17A84151B1B9}
O43 - CFD: 2011-09-17 - 20:03:32 - [0] ----D- C:\Users\User\AppData\Local\{ED5B600C-A15C-4732-9D9A-B82B9E4144FF}
O43 - CFD: 2011-10-21 - 18:20:08 - [0] ----D- C:\Users\User\AppData\Local\{ED965C17-4A3F-4435-AACD-A0B276FFFF10}
O43 - CFD: 2011-10-01 - 07:15:36 - [0] ----D- C:\Users\User\AppData\Local\{EDC928E2-C06F-46A0-8925-64CC48D0FA21}
O43 - CFD: 2011-07-30 - 21:58:42 - [0] ----D- C:\Users\User\AppData\Local\{EE2A7ECC-DD2D-4372-B5FB-704DA04A73BE}
O43 - CFD: 2011-04-26 - 19:08:24 - [0] ----D- C:\Users\User\AppData\Local\{F00504A0-57BC-4830-8A1A-0E1E741F85E2}
O43 - CFD: 2011-12-25 - 19:28:34 - [0] ----D- C:\Users\User\AppData\Local\{F1A45D11-BB19-4EC3-BEF8-5482BB05855B}
O43 - CFD: 2011-11-26 - 20:34:04 - [0] ----D- C:\Users\User\AppData\Local\{F1D4C2C3-9498-4DE1-9B6E-AADB4EFF45F5}
O43 - CFD: 2011-08-05 - 19:55:18 - [0] ----D- C:\Users\User\AppData\Local\{F213BA43-3CAE-4A00-A7E6-593A7F736B32}
O43 - CFD: 2011-11-15 - 16:18:00 - [0] ----D- C:\Users\User\AppData\Local\{F21AC856-6358-4C3F-82EB-3D632FE63C90}
O43 - CFD: 2011-08-09 - 08:27:56 - [0] ----D- C:\Users\User\AppData\Local\{F2C65696-4DF0-47FE-BB76-38B97F915597}
O43 - CFD: 2011-09-14 - 18:24:00 - [0] ----D- C:\Users\User\AppData\Local\{F381ECA5-79BB-4E16-A03E-CC830D87BD00}
O43 - CFD: 2011-09-21 - 18:46:38 - [0] ----D- C:\Users\User\AppData\Local\{F39F39FE-FF91-44D9-BF79-2AA3F8CC03C7}
O43 - CFD: 2011-12-13 - 08:46:28 - [0] ----D- C:\Users\User\AppData\Local\{F44E4C52-1DED-4709-A09B-C7E868C77E6A}
O43 - CFD: 2011-06-18 - 21:12:34 - [0] ----D- C:\Users\User\AppData\Local\{F47FAF19-4FF8-4097-A1F2-B54EAC477AF9}
O43 - CFD: 2011-11-02 - 19:48:12 - [0] ----D- C:\Users\User\AppData\Local\{F4AAE692-5BC4-4EFE-B8D9-D259E1103445}
O43 - CFD: 2011-07-19 - 07:19:58 - [0] ----D- C:\Users\User\AppData\Local\{F64B4973-18BB-4678-9268-629091BCB411}
O43 - CFD: 2011-04-24 - 18:57:10 - [0] ----D- C:\Users\User\AppData\Local\{F6C30466-A5B7-4463-801D-4E44D162AD7F}
O43 - CFD: 2011-10-17 - 19:57:30 - [0] ----D- C:\Users\User\AppData\Local\{F6DDD780-64AC-4A35-A912-1838EA8E0F16}
O43 - CFD: 2011-08-15 - 19:37:24 - [0] ----D- C:\Users\User\AppData\Local\{F6F75359-5701-49D6-806E-965328D5C0D1}
O43 - CFD: 2011-09-19 - 20:52:16 - [0] ----D- C:\Users\User\AppData\Local\{F6F7780A-77CC-4375-81E0-FC988E6A1B91}
O43 - CFD: 2011-11-11 - 19:30:52 - [0] ----D- C:\Users\User\AppData\Local\{F75479D8-17A2-4257-86BE-A1B8E4FA87AB}
O43 - CFD: 2011-04-11 - 07:31:36 - [0] ----D- C:\Users\User\AppData\Local\{F8CAEAB6-4D58-446D-89BC-BC92A6A2D980}
O43 - CFD: 2011-12-01 - 20:06:44 - [0] ----D- C:\Users\User\AppData\Local\{F91E1BFA-67F7-4363-9FB4-E576AB5FEC79}
O43 - CFD: 2011-10-26 - 07:04:50 - [0] ----D- C:\Users\User\AppData\Local\{F94CB44C-F5D3-4C80-BD2C-09C55D44743F}
O43 - CFD: 2011-11-07 - 08:53:08 - [0] ----D- C:\Users\User\AppData\Local\{F9AA0453-C13B-4951-827F-F2B1ECE632A3}
O43 - CFD: 2011-11-25 - 07:30:24 - [0] ----D- C:\Users\User\AppData\Local\{FA4CDBE2-AE88-40F4-9626-2D5F153FDBB1}
O43 - CFD: 2011-07-17 - 20:52:56 - [0] ----D- C:\Users\User\AppData\Local\{FAD5B27E-CE8F-456F-9D82-59811CCC11BE}
O43 - CFD: 2011-10-24 - 07:54:06 - [0] ----D- C:\Users\User\AppData\Local\{FB0D47EE-E5FD-433B-9143-303EEE5BBE35}
O43 - CFD: 2011-10-25 - 15:28:04 - [0] ----D- C:\Users\User\AppData\Local\{FB66C670-053D-4F0D-842A-1326E6A1B899}
O43 - CFD: 2011-10-01 - 07:15:24 - [0] ----D- C:\Users\User\AppData\Local\{FC13B9C4-AA64-4DA7-8D73-75E5C3F316E7}
O43 - CFD: 2011-09-21 - 18:46:28 - [0] ----D- C:\Users\User\AppData\Local\{FD8D879E-4A8C-4481-84DD-432B599EC36A}
O43 - CFD: 2011-09-03 - 08:10:22 - [0] ----D- C:\Users\User\AppData\Local\{FDBEDC77-27FB-4F07-999C-BF987DFC17AD}
O43 - CFD: 2011-05-10 - 19:08:04 - [0] ----D- C:\Users\User\AppData\Local\{FDCCB6E3-67F9-446A-ADAC-A7273972E900}
O43 - CFD: 2011-12-08 - 20:16:28 - [0] ----D- C:\Users\User\AppData\Local\{FDE27880-BB8E-4EEA-BA49-08E21E1D9AB2}
O43 - CFD: 2011-12-27 - 20:09:08 - [0] ----D- C:\Users\User\AppData\Local\{FDEAD39E-48F1-47BB-B6D4-50C8A63BD144}
O43 - CFD: 2011-12-19 - 12:26:50 - [0] ----D- C:\Users\User\AppData\Local\{FDF4F5F6-C646-461D-BE41-20A9E3BC0B37}
O43 - CFD: 2011-08-27 - 18:47:00 - [0] ----D- C:\Users\User\AppData\Local\{FE05DBFB-79C7-4984-9582-73CFA995AB1B}
O43 - CFD: 2011-12-26 - 09:17:02 - [0] ----D- C:\Users\User\AppData\Local\{FE2AA239-08D2-425E-9B04-7A0729BD2F96}
O43 - CFD: 2011-09-02 - 08:09:10 - [0] ----D- C:\Users\User\AppData\Local\{FE8415DC-1228-4498-B137-A1D5C4E6FBEE}
O43 - CFD: 2011-07-05 - 21:05:18 - [0] ----D- C:\Users\User\AppData\Local\{FEF78201-1216-4358-8631-993A3A609B05}
O43 - CFD: 2011-12-12 - 08:45:26 - [0] ----D- C:\Users\User\AppData\Local\{FF768BD6-3494-4F1F-B588-CA9C0B016D8A}
O43 - CFD: 2011-10-29 - 07:29:30 - [0] ----D- C:\Users\User\AppData\Local\{FF95DB98-FFF2-49DA-A853-6EE9870461A0}
~ Scan Program Folder in 00mn 25s
0
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5601E38190385D39A34D345284E0F628] - 2011-12-15 - 09:42:53 ---A- . (...) -- C:\Windows\PFRO.log [25774]
O44 - LFC:[MD5.D413F7D78A18011FD1EE0A2C4F53859F] - 2011-12-15 - 09:44:39 ---A- . (...) -- C:\Windows\system32\FNTCACHE.DAT [334152]
O44 - LFC:[MD5.391C8A11F084DB592667DC7030E0B2D9] - 2011-12-27 - 19:30:26 ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1549700]
O44 - LFC:[MD5.54F5CF4085DF1D0054D395C52B1AD2D7] - 2011-12-27 - 19:30:26 ---A- . (...) -- C:\Windows\system32\perfc009.dat [106190]
O44 - LFC:[MD5.BBBFE906A519F12DA919CE58F7AA8216] - 2011-12-27 - 19:30:26 ---A- . (...) -- C:\Windows\system32\perfc00C.dat [130548]
O44 - LFC:[MD5.87CB1C2144B70E3CCF5AB8E87903ED9F] - 2011-12-27 - 19:30:26 ---A- . (...) -- C:\Windows\system32\perfh009.dat [615810]
O44 - LFC:[MD5.E8050EDE855A44D90EF3FF8DE0B56E9F] - 2011-12-27 - 19:30:26 ---A- . (...) -- C:\Windows\system32\perfh00C.dat [704242]
O44 - LFC:[MD5.A5D3EA59E2A55C649AF420132939E5DF] - 2012-01-03 - 09:04:04 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.2B26E1FA6F34F385046E99524EDB55F2] - 2012-01-03 - 09:07:35 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1960205]
O44 - LFC:[MD5.BC69570C50BA1B37F7D879D372C866B8] - 2012-01-03 - 09:14:48 ---A- . (...) -- C:\Windows\setupact.log [561733]
~ Scan Files in 00mn 03s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\LIVESSP.dll
~ Scan Keys in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d'extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{4d0f0a9e-5744-11df-b4f1-806e6f6e6963}\AutoRun\command. (.InterActual Technologies, Inc. - Installation Manager.) -- D:\install.exe
~ Scan Keys in 00mn 03s



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.VP60"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
O52 - TDSD: \Drivers32\"vidc.VP61"="C:\Windows\system32\vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
O52 - TDSD: \Drivers32\"vidc.ffds"="C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll" . (...) -- (.not file.)
O52 - TDSD: \Drivers32\"VIDC.IV41"="IR41_32.AX" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\Windows\System32\ir41_32.ax
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"vp6vfw.dll"="EA VP6 Codec" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll
O52 - TDSD: \drivers.desc\"C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll"="FFDShow Video Codec" . (...) -- (.not file.)
~ Scan Keys in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
O53 - SMSR:HKLM\...\startupreg\LanguageShortcut [Key] . (.Pas de propriétaire - Language Application.) -- C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O53 - SMSR:HKLM\...\startupreg\RemoteControl [Key] . (.Cyberlink Corp. - PowerDVD RC Service.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
~ Scan SMSR Keys in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutorun"=0
~ Scan Keys in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 2009-06-10 - 20:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.0C676BC278D5B59FF5ABD57BBE9123F2] - 2009-07-13 - 20:26:17 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [297552]
O58 - SDL:[MD5.7C7B5EE4B7B822EC85321FE23A27DB33] - 2009-07-13 - 20:26:15 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [146512]
O58 - SDL:[MD5.0D40BCF52EA90FC7DF2AEAB6503DEA44] - 2009-07-13 - 20:26:15 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [14400]
O58 - SDL:[MD5.D320BF87125326F996D4904FE24300FC] - 2011-04-27 - 00:38:37 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [80256]
O58 - SDL:[MD5.EA43AF0C423FF267355F74E7A53BDABA] - 2009-06-10 - 20:26:15 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows fa.) -- C:\Windows\system32\drivers\amdsbs.sys [159312]
O58 - SDL:[MD5.46387FB17B086D16DEA267D5BE23A2F2] - 2011-04-27 - 00:38:37 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [22400]
O58 - SDL:[MD5.2932004F49677BD84DBC72EDB754FFB3] - 2009-07-13 - 20:26:15 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [76368]
O58 - SDL:[MD5.5D6F36C46FD283AE1B57BD2E9FEB0BC7] - 2009-07-13 - 20:26:15 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [86608]
O58 - SDL:[MD5.CBE71C122434805CB73FFB6619F60598] - 2010-05-03 - 22:36:30 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [13216]
O58 - SDL:[MD5.2B4E66FAC6503494A2C6F32BB6AB3826] - 2010-05-03 - 04:14:06 R--A- . (...) -- C:\Windows\system32\drivers\AsIO.sys [12400]
O58 - SDL:[MD5.E67493490466B5F04B58C22D2590E8CA] - 2010-05-03 - 21:48:02 R--A- . (...) -- C:\Windows\system32\drivers\AsUpIO.sys [11448]
O58 - SDL:[MD5.19166026A93206F9C6A8CD3A1F010AE4] - 2010-05-03 - 07:30:14 ---A- . (...) -- C:\Windows\system32\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:[MD5.B73C832088DD54B55E04FF6F9646AD8C] - 2010-05-03 - 15:30:28 ---A- . (.Advanced Micro Devices Inc. - AMD PCIE Filter Driver for ATI PCIE chipset.) -- C:\Windows\system32\drivers\AtiPcie.sys [14392]
O58 - SDL:[MD5.F6878B90A8A9795116BCE335238E65AF] - 2011-11-03 - 00:14:12 ---A- . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Driver..) -- C:\Windows\system32\drivers\AVGIDSDriver.sys [134736]
O58 - SDL:[MD5.19A08A6728A6E02099D64268218CD799] - 2011-11-03 - 00:14:12 ---A- . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Helper Driver..) -- C:\Windows\system32\drivers\AVGIDSEH.sys [23120]
O58 - SDL:[MD5.F8927AB1DD086EDEFF2924A64DC89869] - 2011-11-03 - 00:14:14 ---A- . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Filter Driver..) -- C:\Windows\system32\drivers\AVGIDSFilter.sys [24272]
O58 - SDL:[MD5.DADCA567891033DCF2EC4A3F9DA46AE4] - 2011-11-04 - 05:21:28 ---A- . (.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Loader Driver..) -- C:\Windows\system32\drivers\AVGIDSShim.sys [16720]
O58 - SDL:[MD5.BF8118CD5E2255387B715B534D64ACD1] - 2011-11-04 - 05:23:48 ---A- . (.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) -- C:\Windows\system32\drivers\avgldx86.sys [230608]
O58 - SDL:[MD5.1C77EF67F196466ADC9924CB288AFE87] - 2011-11-03 - 05:08:58 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) -- C:\Windows\system32\drivers\avgmfx86.sys [40016]
O58 - SDL:[MD5.F2038ED7284B79DCEF581468121192A9] - 2011-11-03 - 05:30:10 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Anti-Rootkit Driver.) -- C:\Windows\system32\drivers\avgrkx86.sys [32592]
O58 - SDL:[MD5.A6D562B612216D8D02A35EBEB92366BD] - 2011-11-03 - 00:14:38 ---A- . (.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) -- C:\Windows\system32\drivers\avgtdix.sys [295248]
O58 - SDL:[MD5.BD8869EB9CDE6BBE4508D869929869EE] - 2009-07-13 - 17:02:49 ---A- . (.Broadcom Corporation - Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) -- C:\Windows\system32\drivers\b57nd60x.sys [229888]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 2009-07-13 - 17:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 2009-07-13 - 17:53:28 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.845B8CE732E67F3B4133164868C666EA] - 2009-07-13 - 19:57:25 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [272128]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 2009-07-13 - 17:53:32 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 2009-07-13 - 17:53:33 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 2009-07-13 - 17:53:33 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.1A231ABEC60FD316EC54C66715543CEC] - 2009-06-10 - 17:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbdx.sys [430080]
O58 - SDL:[MD5.C537B1DB64D495B9B4717B4D6D9EDBF2] - 2009-07-13 - 20:26:21 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [15952]
O58 - SDL:[MD5.B5ECADF7708960F1818C7FA015F4C239] - 2010-09-30 - 13:28:02 ---A- . (.Cisco Systems, Inc. - Cisco Systems VPN Adapter.) -- C:\Windows\system32\drivers\CVirtA.sys [5275]
O58 - SDL:[MD5.1C2999966F0F36AA44EAECBEE70CF770] - 2010-09-30 - 15:17:08 ---A- . (.Cisco Systems, Inc. - Cisco Systems VPN Client IPSec Driver.) -- C:\Windows\system32\drivers\CVPNDRVA.sys [306295]
O58 - SDL:[MD5.8B30250D573A8F6B4BD23195160D8707] - 2009-06-10 - 20:20:28 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [70720]
O58 - SDL:[MD5.7B4FDFBE97C047175E613AA96F3DE987] - 2010-09-30 - 12:45:06 ---A- . (.Deterministic Networks, Inc. - Deterministic Network Enhancer.) -- C:\Windows\system32\drivers\dne2000.sys [127376]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 2009-06-10 - 20:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [453712]
O58 - SDL:[MD5.024E1B5CAC09731E4D868E64DBFB4AB0] - 2009-06-10 - 17:02:48 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbdx.sys [3100160]
O58 - SDL:[MD5.8182FF89C65E4D38B2DE4BB0FB18564E] - 2011-04-29 - 12:17:00 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\system32\drivers\GEARAspiWDM.sys [26600]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 2009-07-13 - 17:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.295FDC419039090EB8B49FFDBB374549] - 2009-07-13 - 20:20:28 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [67152]
O58 - SDL:[MD5.5CD5F9A5444E6CDCB0AC89BD62D8B76E] - 2011-04-27 - 00:38:51 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStorV.sys [332160]
O58 - SDL:[MD5.4173FF5708F3236CF25195FECD742915] - 2009-07-13 - 20:20:36 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41040]
O58 - SDL:[MD5.55C9B4252B751226B838EED2BC50BB64] - 2010-08-25 - 01:28:00 ---A- . (.Atheros Communications, Inc. - Atheros Security NDIS 6.0 Filter Driver.) -- C:\Windows\system32\drivers\jswpslwf.sys [20384]
O58 - SDL:[MD5.3705B2273E8EFC9A707864AB7324B614] - 2009-11-13 - 08:47:50 ---A- . (.Atheros Communications, Inc. - Atheros L1c PCI-E Gigabit Ethernet Controller.) -- C:\Windows\system32\drivers\L1C62x86.sys [58368]
O58 - SDL:[MD5.EB119A53CCF2ACC000AC71B065B78FEF] - 2009-07-13 - 20:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [95824]
O58 - SDL:[MD5.8ADE1C877256A22E49B75D1CC9161F9C] - 2009-07-13 - 20:20:37 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89168]
O58 - SDL:[MD5.DC9DC3D3DAA0E276FD2EC262E38B11E9] - 2009-07-13 - 20:20:36 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [54864]
O58 - SDL:[MD5.0A036C7D7CAB643A7F07135AC47E0524] - 2009-07-13 - 20:20:36 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96848]
O58 - SDL:[MD5.0FFF5B045293002AB38EB1FD1FC2FB74] - 2009-06-10 - 20:20:36 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7 for x86.) -- C:\Windows\system32\drivers\megasas.sys [30800]
O58 - SDL:[MD5.DCBAB2920C75F390CAF1D29F675D03D6] - 2009-07-13 - 20:20:36 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [235584]
O58 - SDL:[MD5.1D85C4B390B0EE09C7A46B91EFB2C097] - 2009-07-13 - 20:20:44 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [44624]
O58 - SDL:[MD5.C8CB6135884CBC2A10225C4C3CEF0F95] - 2010-04-03 - 21:55:32 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 197.45.) -- C:\Windows\system32\drivers\nvlddmkm.sys [11573800]
O58 - SDL:[MD5.B3E25EE28883877076E0E1FF877D02E0] - 2011-04-27 - 00:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [117120]
O58 - SDL:[MD5.4380E59A170D88C4F1022EFF6719A8A4] - 2011-04-27 - 00:39:00 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [143744]
O58 - SDL:[MD5.AB95ECF1F6659A60DDC166D8315B0751] - 2009-06-10 - 20:19:04 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1383488]
O58 - SDL:[MD5.B4DD51DD25182244B86737DC51AF2270] - 2009-07-13 - 20:19:04 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106064]
O58 - SDL:[MD5.3B68015683C27CB00C7A6B60A37CBCFD] - 2010-08-25 - 17:20:54 ---A- . (.Windows (R) Codename Longhorn DDK provider - NDIS User mode I/O Driver.) -- C:\Windows\system32\drivers\SCMNdisP.sys [21728]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 2009-07-13 - 15:50:20 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.A9F0486851BECB6DDA1D89D381E71055] - 2009-06-10 - 20:19:04 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [40016]
O58 - SDL:[MD5.3727097B55738E2F554972C3BE5BC1AA] - 2009-07-13 - 20:19:04 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [77888]
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2010-05-30 - 00:00:00 ---A- . (...) -- C:\Windows\system32\drivers\sptd.sys [691696]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 2009-07-13 - 20:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [21072]
O58 - SDL:[MD5.83CAFCB53201BBAC04D822F32438E244] - 2011-10-31 - 16:38:56 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\system32\drivers\usbaapl.sys [42496]
O58 - SDL:[MD5.DC56A867A2D92E1C51CB6D3F9C540548] - 2010-05-03 - 22:27:42 ---A- . (.VIA Technologies, Inc. - VIA High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\viahduaa.sys [1102848]
O58 - SDL:[MD5.E43574F6A56A0EE11809B48C09E4FD3C] - 2009-07-13 - 20:19:10 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [16976]
O58 - SDL:[MD5.9DFA0CC2F8855A04816729651175B631] - 2009-06-10 - 20:19:11 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [141904]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2009-07-13 - 16:40:41 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2009-07-13 - 16:40:44 ---A- . (...) -- C:\Windows\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2009-07-13 - 16:40:40 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 2009-07-13 - 16:40:43 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2009-07-13 - 16:40:43 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.9131FE60ADFAB595C8DA53AD6A06AA31] - 2010-05-14 - 10:43:08 ---A- . (.INCA Internet Co., Ltd. - nProtect NPSC Kernel Mode Driver for NT.) -- C:\Windows\system32\npptNT2.sys [4682]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2009-07-13 - 16:40:23 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2009-07-13 - 16:40:31 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2009-07-13 - 16:40:35 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2009-07-13 - 16:40:39 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2009-07-13 - 16:40:27 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 2009-07-13 - 16:40:11 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 2009-07-13 - 16:40:15 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 2009-07-13 - 16:40:17 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 2009-07-13 - 16:40:19 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 2009-07-13 - 16:40:13 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]
~ Scan Drivers in 00mn 21s
0
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ Scan ADS in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 2007-12-18 - C:\Windows\system32\drivers\AsIO.sys - AsIO (AsIO) .(...) - LEGACY_ASIO
O64 - Services: CurCS - 2009-07-06 - C:\Windows\system32\drivers\AsUpIO.sys - AsUpIO (AsUpIO) .(...) - LEGACY_ASUPIO
O64 - Services: CurCS - 2011-07-11 - C:\Windows\system32\DRIVERS\AVGIDSDriver.sys (AVGIDSDriver) .(.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Driver..) - LEGACY_AVGIDSDRIVER
O64 - Services: CurCS - 2011-07-11 - C:\Windows\system32\DRIVERS\AVGIDSEH.sys (AVGIDSEH) .(.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Helper Dri.) - LEGACY_AVGIDSEH
O64 - Services: CurCS - 2011-07-11 - C:\Windows\system32\DRIVERS\AVGIDSFilter.sys (AVGIDSFilter) .(.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Filter Dri.) - LEGACY_AVGIDSFILTER
O64 - Services: CurCS - 2011-10-04 - C:\Windows\system32\DRIVERS\AVGIDSShim.sys (AVGIDSShim) .(.AVG Technologies CZ, s.r.o. - IDS Application Activity Monitor Loader Dri.) - LEGACY_AVGIDSSHIM
O64 - Services: CurCS - 2011-10-07 - C:\Windows\system32\DRIVERS\avgldx86.sys (Avgldx86) .(.AVG Technologies CZ, s.r.o. - AVG AVI Loader Driver.) - LEGACY_AVGLDX86
O64 - Services: CurCS - 2011-08-08 - C:\Windows\system32\DRIVERS\avgmfx86.sys (Avgmfx86) .(.AVG Technologies CZ, s.r.o. - AVG Resident Shield Minifilter Driver.) - LEGACY_AVGMFX86
O64 - Services: CurCS - 2011-09-13 - C:\Windows\system32\DRIVERS\avgrkx86.sys (Avgrkx86) .(.AVG Technologies CZ, s.r.o. - AVG Anti-Rootkit Driver.) - LEGACY_AVGRKX86
O64 - Services: CurCS - 2011-07-11 - C:\Windows\system32\DRIVERS\avgtdix.sys (AvgTdiX) .(.AVG Technologies CZ, s.r.o. - AVG Network connection watcher.) - LEGACY_AVGTDIX
O64 - Services: CurCS - 2007-04-03 - C:\Windows\system32\Drivers\CVPNDRVA.sys (CVPNDRVA) .(.Cisco Systems, Inc. - Cisco Systems VPN Client IPSec Driver.) - LEGACY_CVPNDRVA
O64 - Services: CurCS - 1899-12-30 - C:\Windows\system32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 1899-12-30 - C:\Windows\system32\Drivers\sptd.sys - sptd (sptd) .(...) - LEGACY_SPTD
~ Scan Services in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {AC9BDA4E-0067-4EDE-87DD-F1D9B477B7BD} - (Yahoo! Search) - http://search.yahoo.com
~ Scan Keys in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d'application.) -- C:\Windows\system32\aelupsvc.dll [62464]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [67584]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [67584]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\system32\srvsvc.dll [168960]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\system32\gpsvc.dll [593408]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\system32\ikeext.dll [674304]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\system32\Audiosrv.dll [473600]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d'accès distant.) -- C:\Windows\system32\rasauto.dll [90624]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d'accès distant.) -- C:\Windows\system32\rasmans.dll [286208]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d'interface dynamique.) -- C:\Windows\system32\mprdim.dll [75264]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d'événements système (SENS).) -- C:\Windows\system32\sens.dll [49664]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à Microsoft NAT.) -- C:\Windows\system32\ipnathlp.dll [300544]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\system32\tapisrv.dll [242176]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\system32\termsrv.dll [521216]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\system32\wuaueng.dll [1914368]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\system32\qmgr.dll [585728]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\system32\shsvcs.dll [328192]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\system32\iphlpsvc.dll [499712]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [21504]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d'application.) -- C:\Windows\system32\appinfo.dll [47104]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [114688]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\system32\mmcss.dll [49664]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\system32\wercplsupport.dll [61440]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\system32\eapsvc.dll [98304]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [164352]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [750592]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\system32\kmsvc.dll [71168]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\system32\sessenv.dll [113664]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [168960]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d'ordinateurs.) -- C:\Windows\system32\browser.dll [102400]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\system32\themeservice.dll [37376]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\system32\bdesvc.dll [76800]
~ Scan Services in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.C7CE2786127E063389E5571587661ABA] [SPRF][2009-11-25] (.Electronic Arts Inc. - Electronic Arts AutoRun.) -- C:\Users\User\AppData\Local\Temp\AutoRun.exe [703552]
[MD5.3DDF7CE37789AFD55A15EBF07073BED9] [SPRF][2009-11-25] (.Electronic Arts Inc. - AutoRun GUI.) -- C:\Users\User\AppData\Local\Temp\AutoRunGUI.dll [719936]
[MD5.0A721A6495837E3740CBF1D0A51C4D03] [SPRF][2010-08-23] (...) -- C:\Users\User\AppData\Local\Temp\bfguni.exe [191231]
[MD5.7F7FE3BB0D18C329425916190C18AEB4] [SPRF][2011-07-06] (.Sony DADC Austria AG - SecuROM dynamic-data module.) -- C:\Users\User\AppData\Local\Temp\drm_dyndata_7400009.dll [204800]
[MD5.EB474D90BA1911FC176F22194CF3A7B5] [SPRF][2007-01-26] (.Electronic Arts Inc. - Uninstall.) -- C:\Users\User\AppData\Local\Temp\eauninstall.exe [356352]
[MD5.030D544D8A2A12BAC4AF2456C02562FC] [SPRF][2010-07-14] (.small-games.info - Farm Frenzy 3 Madagascar 1.0 Installation.) -- C:\Users\User\AppData\Local\Temp\FarmFrenzy3Madagascar(2).exe [67187233]
[MD5.BFD203827AB373DE4650A8898DCD7E6A] [SPRF][2004-08-18] (.Macromedia, Inc. - Macromedia Flash Player 6.0 r21.) -- C:\Users\User\AppData\Local\Temp\First15.exe [1453843]
[MD5.3BA3C21D186D6F0AAB95EB232C8A43E7] [SPRF][2010-09-12] (...) -- C:\Users\User\AppData\Local\Temp\GLFAD0.tmp.ConduitEngineSetup.exe [157536]
[MD5.7A00F09FD89CF49CF3FF4EF2E828ADEC] [SPRF][2010-05-10] (.Adobe Systems Incorporated - Adobe® Flash® Player Plugin Installer.) -- C:\Users\User\AppData\Local\Temp\install_flash_player.exe [1924976]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][2011-12-28] (...) -- C:\Users\User\AppData\Local\Temp\java2323557951224916860.reg [0]
[MD5.DB5D2225E502A7E6329C8A0CAC2CBF1A] [SPRF][2010-08-04] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\User\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe [875296]
[MD5.6B026DE68C8D0D2BC87D382F56800B5D] [SPRF][2010-05-10] (.Microsoft Corporation - Self-Extracting Cabinet.) -- C:\Users\User\AppData\Local\Temp\Lifecam3.0.204.0.exe [29551984]
[MD5.0ED571ADE0987EF12DBA8065F009BA25] [SPRF][2010-03-28] (.Lime Wire LLC - The Fastest File Sharing Program on Earth.) -- C:\Users\User\AppData\Local\Temp\LimeWireWin.exe [24182552]
[MD5.EB93FCABB7A81F17F575A6EE0918C245] [SPRF][2008-09-12] (.MAGIX AG - MgxVistaTools.) -- C:\Users\User\AppData\Local\Temp\MgxVistaTools.dll [217088]
[MD5.496AAF0AAEAD72A979467F54FAE30F52] [SPRF][2010-11-18] (.Cisco Systems, Inc. - WebVPN Relay.) -- C:\Users\User\AppData\Local\Temp\Relay.dll [113152]
[MD5.63ACBBDF3394664DB23F5BF44C0ADE98] [SPRF][2010-11-18] (.Cisco Systems, Inc. - SSL VPN Relay Java applet loader.) -- C:\Users\User\AppData\Local\Temp\RelayL.dll [7168]
[MD5.8C3FCE9D92A3FB0EB35E1E494ED9CD9C] [SPRF][2010-07-14] (.Adobe Systems Inc. - Adobe Shockwave Player.) -- C:\Users\User\AppData\Local\Temp\Shockwave_Installer_Slim.exe [4390760]
[MD5.DC1D2BA8336E63E4F84503455D66E706] [SPRF][2010-08-23] (...) -- C:\Users\User\AppData\Local\Temp\smartinstallAllinOne.exe [202624]
[MD5.AE162CDF337AC734B62A543B7CD2D032] [SPRF][2010-05-14] (.Eclipse Foundation - SWT for Windows native library.) -- C:\Users\User\AppData\Local\Temp\swt-win32-3349.dll [135168]
[MD5.10E34D67E58D6EEE360A9374C9BEA552] [SPRF][2007-01-26] (.Electronic Arts Inc. - Uninstalls the CD key.) -- C:\Users\User\AppData\Local\Temp\The Sims 2 Seasons_uninst.exe [73728]
[MD5.2DA4A3EBD6AC48168A37D0BE8A790D0F] [SPRF][2010-05-30] (.MAGIX AG - unwise_adf.) -- C:\Users\User\AppData\Local\Temp\unwise.exe [201944]
[MD5.9B8BBF96B67046D2CBB39AD220CB267D] [SPRF][2011-03-01] (.BitTorrent, Inc. - µTorrent.) -- C:\Users\User\AppData\Local\Temp\utt2C5F.tmp.exe [395640]
[MD5.008F2FE191618133A68F1AC190DC6044] [SPRF][2010-09-27] (.BitTorrent, Inc. - µTorrent.) -- C:\Users\User\AppData\Local\Temp\utt4385.tmp.exe [328056]
[MD5.276AC7BAE1F596A3A1D4B6D43AEF099C] [SPRF][2011-05-24] (.BitTorrent, Inc. - µTorrent.) -- C:\Users\User\AppData\Local\Temp\utt9436.tmp.exe [399736]
[MD5.5B2DA96D90C95228239806D40B720BD2] [SPRF][2004-08-18] (...) -- C:\Users\User\AppData\Local\Temp\VP6.reg [340]
[MD5.1410ADCB69C267916EE702E2A443E93F] [SPRF][2004-08-18] (...) -- C:\Users\User\AppData\Local\Temp\VP6Install.exe [23040]
[MD5.4D6F38D3CDA2D0BA502BC1C499A622CF] [SPRF][2004-08-18] (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Users\User\AppData\Local\Temp\VP6VFW.dll [442368]
[MD5.74F8E4EE837B063138CED3E8EC171176] [SPRF][2010-03-08] (...) -- C:\Users\User\AppData\Local\Temp\xfire_installer.grandfantasia.exe [6606888]
[MD5.EA091A801612EC81F6D4023F2E61B5DB] [SPRF][2011-08-22] (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Temp\{7EFB733F-2099-49DD-BA12-0411286C30D3}-chrome_updater.exe [299064]
[MD5.7006E06D433FF27DE1E3FBF3E4B54563] [SPRF][2011-06-05] (.Google Inc. - Google Chrome.) -- C:\Users\User\AppData\Local\Temp\{8921E3AF-8B39-4644-8888-FF48FDFA1227}-chrome_updater.exe [591928]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][2011-10-28] (...) -- C:\Users\User\AppData\LocalLow\prvlcl.dat [0]
[MD5.61FB16B6016BCC9AA42E02F787DC87FC] [SPRF][2010-01-26] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1955384]
[MD5.80F4A456633F78A26A3C6B16E64EFEC5] [SPRF][2007-09-28] (.Microsoft - Uno Messenger.) -- C:\Windows\Downloaded Program Files\GAME_UNO1.dll [381960]
[MD5.8945CCA5FC4F25168E8B6F401EFAF51F] [SPRF][2007-02-22] (.Microsoft Corporation - Zone.com Stats Client for MSN Messenger.) -- C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll [304544]
[MD5.1E5CFDF9AEBDD84305A4C8154277A269] [SPRF][2007-02-28] (.Microsoft Corporation - Zone.com Checkers for MSN Messenger.) -- C:\Windows\Downloaded Program Files\msgrchkr.dll [131472]
~ Scan Files in 00mn 04s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "{762B969D-4177-40E9-A89E-7B20EEA3773A}" | In - None - P6 - TRUE | .(.CyberLink Corp. - PowerDVD.) -- C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
O87 - FAEL: "TCP Query User{D115CF58-5C27-4A10-99F2-060DE8CA0BE3}C:\program files\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "UDP Query User{F88DD61F-0C85-47F8-90AF-533C71FE63F4}C:\program files\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "{A2240761-1DD9-4A8C-9FD1-1A0CC1544DAE}" | In - Public - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{75DED7C4-F0E7-4E14-92E8-9A0575E2B571}" | In - Public - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{39A09088-CE83-43FB-9903-5677124C2360}" | In - Public - P6 - TRUE | .(.Apple Inc. - iTunes.) -- C:\Program Files\iTunes\iTunes.exe
O87 - FAEL: "TCP Query User{E80E2B8F-A094-4485-A4C8-D9B79667FF38}C:\program files\limewire\limewire.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{7697BD30-1684-40CC-A41B-267DD2D7C4E8}C:\program files\limewire\limewire.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files\limewire\limewire.exe (.not file.)
O87 - FAEL: "{5563EBA9-4762-4A62-B5FC-DEACC06B3416}" | In - Domain - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{01F07431-AA52-4EE0-9701-54046D9F1777}" | In - Domain - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{44205878-F9CD-4314-9C14-CBC5A436A230}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{0DA1E6FE-03D8-4AAD-84E6-3A9966E25FAC}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{294DBBF4-7A86-4DC8-B364-DD40F3E4CE51}" | In - None - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{5AC87E5D-AAB4-465C-8C7C-B1F4E0D74A85}" |In - Public - P6 - TRUE | .(...) -- C:\gPotato\Luna Online\LunaLauncher.exe (.not file.)
O87 - FAEL: "{305FA1AF-1CA3-446D-8E3D-07EE3345B52B}" |In - Public - P17 - TRUE | .(...) -- C:\gPotato\Luna Online\LunaLauncher.exe (.not file.)
O87 - FAEL: "{71885472-BB50-4F17-B00A-01ABDACC8B02}" |In - Domain - P6 - FALSE | .(...) -- C:\gPotato\Luna Online\LunaLauncher.exe (.not file.)
O87 - FAEL: "{77CD9E56-2AE0-4792-8787-5F91E9E3A3F4}" |In - Domain - P17 - FALSE | .(...) -- C:\gPotato\Luna Online\LunaLauncher.exe (.not file.)
O87 - FAEL: "{58006D1B-E4A4-4356-94FD-5A52FF5FE456}" |In - Public - P6 - TRUE | .(...) -- C:\gPotato\Luna Online\LUNAClient.exe (.not file.)
O87 - FAEL: "{A28C8BDF-BAD0-42AA-9F4A-B131D9AAC5F8}" |In - Public - P17 - TRUE | .(...) -- C:\gPotato\Luna Online\LUNAClient.exe (.not file.)
O87 - FAEL: "{D770829E-C72C-4A7D-AE93-B58F01C1C832}" |In - Domain - P6 - FALSE | .(...) -- C:\gPotato\Luna Online\LUNAClient.exe (.not file.)
O87 - FAEL: "{A6C7FCE4-22FF-4450-8770-E1FBEBF2E334}" |In - Domain - P17 - FALSE | .(...) -- C:\gPotato\Luna Online\LUNAClient.exe (.not file.)
O87 - FAEL: "TCP Query User{5118E50E-F66A-4058-89B3-92A92F5CE9EB}C:\program files\utorrent\utorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "UDP Query User{8BD353D1-8ED2-411F-91DE-FDE0CC69D634}C:\program files\utorrent\utorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe
O87 - FAEL: "TCP Query User{36E59BE9-376D-4BB8-AE7C-4A4922A7A629}C:\program files\limewire\limewire.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files\limewire\limewire.exe (.not file.)
O87 - FAEL: "UDP Query User{7E0CB946-141B-4D33-9F55-FF3F0E063D1E}C:\program files\limewire\limewire.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files\limewire\limewire.exe (.not file.)
O87 - FAEL: "TCP Query User{FE82F57D-ED9B-4C36-B39D-8B30043EE02D}C:\users\user\appdata\roaming\imvuclient\1vivoxvoice.exe" | In - Private - P6 - TRUE | .(.Vivox, Inc. - Pas de description.) -- C:\Users\User\AppData\Roaming\IMVUClient\1VivoxVoice.exe
O87 - FAEL: "UDP Query User{0964ECA6-0654-4E35-9976-8D3E63D4B78D}C:\users\user\appdata\roaming\imvuclient\1vivoxvoice.exe" | In - Private - P17 - TRUE | .(.Vivox, Inc..) -- C:\Users\User\AppData\Roaming\IMVUClient\1VivoxVoice.exe
O87 - FAEL: "TCP Query User{2359EF1F-F77A-479D-9D7F-7F99260C1709}C:\users\user\downloads\fogdownloader-rom_3_0_1_2153.exe" | In - Private - P6 - TRUE | .(...) -- C:\Users\User\Downloads\FOGDownloader-RoM_3_0_1_2153.exe
O87 - FAEL: "UDP Query User{FC4BD235-D3A4-4758-AA97-CA21AA5E8869}C:\users\user\downloads\fogdownloader-rom_3_0_1_2153.exe" | In - Private - P17 - TRUE | .(...) -- C:\Users\User\Downloads\FOGDownloader-RoM_3_0_1_2153.exe
O87 - FAEL: "{4283FF23-85FF-4C17-860B-DAFBB5FB9874}" | In - Private - P6 - TRUE | .(.FrostWire Group - FrostWire.) -- C:\Program Files\FrostWire\FrostWire.exe
O87 - FAEL: "{E48EF6F9-9E8A-481E-BED8-C85234458AE5}" | In - Private - P17 - TRUE | .(.FrostWire Group - FrostWire.) -- C:\Program Files\FrostWire\FrostWire.exe
O87 - FAEL: "TCP Query User{49108047-08DB-45B2-8F24-080BE9E721E5}D:\easysetupassistant\easysetupassistant.exe" |In - Private - P6 - TRUE | .(...) -- D:\easysetupassistant\easysetupassistant.exe (.not file.)
O87 - FAEL: "UDP Query User{D5962C31-5211-4C45-9EEC-5938FA9A3A64}D:\easysetupassistant\easysetupassistant.exe" |In - Private - P17 - TRUE | .(...) -- D:\easysetupassistant\easysetupassistant.exe (.not file.)
O87 - FAEL: "TCP Query User{6E74AF6D-89A1-4FDF-945C-076D6E313B08}D:\easysetupassistant\easysetupassistant.exe" |In - Public - P6 - TRUE | .(...) -- D:\easysetupassistant\easysetupassistant.exe (.not file.)
O87 - FAEL: "UDP Query User{53F0E103-DC51-4016-B55E-E26A5F2C63C8}D:\easysetupassistant\easysetupassistant.exe" |In - Public - P17 - TRUE | .(...) -- D:\easysetupassistant\easysetupassistant.exe (.not file.)
O87 - FAEL: "{61A315BE-5AD0-4AF9-B063-C4A370F0D6D6}" | In - None - P17 - TRUE | .(.Apple Inc. - WebKit2WebProcess.exe.) -- C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
O87 - FAEL: "{8A1CFC81-838F-4DCE-8FD4-34BF187355AE}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{BBB1368A-090E-41D4-BE98-496D1173222A}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{12A29D13-EF1C-43E6-8DCD-8FFF26D29558}" | In - Private - P6 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG Installer Application.) -- C:\Program Files\AVG\AVG2012\avgmfapx.exe
O87 - FAEL: "{FA9D8EFE-29F3-4035-8664-3CD4E9563A79}" | In - Private - P17 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG Installer Application.) -- C:\Program Files\AVG\AVG2012\avgmfapx.exe
O87 - FAEL: "{7E52A4F3-71D8-4DB3-B166-598D3F885C15}" | In - Private - P6 - TRUE | .(.Akamai Technologies, Inc - Akamai NetSession Client.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
O87 - FAEL: "{A9082DFA-417F-49EC-B120-7E90E8E774CB}" | In - Private - P17 - TRUE | .(.Akamai Technologies, Inc - Akamai NetSession Client.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe
O87 - FAEL: "{1D6430CC-A0CA-4674-83C8-A7219A21EB93}" | In - Private - P6 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
O87 - FAEL: "{CC352446-3A25-4E23-83EA-08F4D00BC858}" | In - Private - P17 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
O87 - FAEL: "{E83B02E0-B5DC-4099-A4E2-58B8D4EBFEFA}" | In - Private - P6 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG Diagnostics Utility.) -- C:\Program Files\AVG\AVG2012\avgdiagex.exe
O87 - FAEL: "{6523638C-2309-4DF5-8070-AEEA1146B9B7}" | In - Private - P17 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG Diagnostics Utility.) -- C:\Program Files\AVG\AVG2012\avgdiagex.exe
O87 - FAEL: "{74CB0628-CD68-4E84-8F54-EF1083C126A5}" | In - Private - P6 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
O87 - FAEL: "{957B3078-562A-4332-A90D-CEB0F098A656}" | In - Private - P17 - TRUE | .(.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
~ Scan Firewall in 00mn 01s



---\\ Scan Additionnel (O88)
Database Version : 8933 - (01/01/2012)
Clés trouvées (Keys found) : 12
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\Conduit.Engine] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2612669] =>Adware.Hotbar
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit
[HKCU\Software\AppDataLow\Software\conduitEngine] =>Toolbar.Conduit
[HKLM\Software\conduitEngine] =>Toolbar.Conduit
[HKCU\Software\iwin] =>Adware.BHO
[HKCU\Software\AppDataLow\Toolbar] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine] =>Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT2612669] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{30F9B915-B755-4826-820B-08FBA6BD249D} =>Toolbar.Conduit
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Program Files\ConduitEngine =>Toolbar.Conduit
C:\Users\User\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\User\AppData\LocalLow\ConduitEngine =>Toolbar.Conduit
C:\Users\User\AppData\Local\Temp\OpenCandy =>Adware.OpenCandy
~ Scan Additionnel in 00mn 05s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 2011-10-31 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2011-11-04 4433248 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
SR - | Auto 2011-12-23 192776 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
SR - | Auto 2011-10-31 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2010-09-30 1516584 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files\UnivLaval\VPN Client\cvpnd.exe
SR - | Demand 2011-10-31 821608 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 2010-05-03 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 2010-05-03 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 2010-05-14 3548504 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\System32\GameMon.des
SR - | Auto 2010-05-03 129640 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 272024 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 2009-07-13 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Scan Services in 00mn 06s



---\\ Liste des émulateurs de CD/DVD (Hook du MBR)
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2010-05-30 - 00:00:00 ---A- . (...) -- C:\Windows\system32\drivers\sptd.sys [691696]
~ Scan Emulateurs in 00mn 06s



End of the scan (2042 lines in 01mn 40s)(0)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
3 janv. 2012 à 18:27
Hello,

Le rapport ZHPDiag est impcomplet il faut l'héberger et transmettre le lien comme ceci :


# Héberger et transmettre un rapport.

# Rend toi sur Pjjoint de Malekal.
# Clique sur Parcourir et cherche le rapport de ZHPDiag sur ton bureau
# Clique ensuite sur Envoyer le fichier.
# Tu obtiendras un message de confirmation avec un lien.
# Transmet ce lien dans ta prochaine réponse.

#####

Ensuite :

# Télécharge AdwCleaner par Xplode sur ton bureau.
# Exécute AdwCleaner.exe.
# Clic sur Suppression, puis patiente le temps du scan.

# Une fois le scan fini, un rapport s'ouvrira. Poste son contenu dans ta prochaine réponse.
# Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
0
j'ai copier/coller tout ce qu'il y avait et le site pjjoint ne fonctionne pas j'ai essayé plusieurs fois.
0
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
3 janv. 2012 à 18:33
Re,

Ok , dépose le fichier ZHPDiag.txt ici alors :
http://eldesaparecido.com/upload.html dans le dossier Upload.
Ensuite passe à l'étape AdwCleaner stp.
0
# AdwCleaner v1.403 - Rapport créé le 03/01/2012 à 12:54:10
# Mis à jour le 24/12/11 à 14h par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (32 bits)
# Nom d'utilisateur : User - USER-PC (Administrateur)
# Exécuté depuis : C:\Users\User\Downloads\AdwCleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\User\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\User\AppData\LocalLow\ConduitEngine
Dossier Supprimé : C:\Program Files\Conduit
Dossier Supprimé : C:\Program Files\ConduitEngine

***** [Registre] *****

[*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Clé Supprimée : HKCU\Software\Headlight
Clé Supprimée : HKCU\Software\AppDataLow\Toolbar
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\conduitEngine
Clé Supprimée : HKLM\SOFTWARE\Conduit
Clé Supprimée : HKLM\SOFTWARE\conduitEngine
Clé Supprimée : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\SoftwareUpdate.exe
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v16.0.912.63

Fichier : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [2431 octets] - [03/01/2012 12:54:10]

*************************

Dossier Temporaire : 645 dossier(s)et 1981 fichier(s) supprimés

########## EOF - C:\AdwCleaner[S1].txt - [2655 octets] ##########
0
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
Modifié par ¡El Desaparecido! le 3/01/2012 à 19:12
Re,

Voici ton rapport ZHPDiag :
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120103_u11w10u85q14

ça n'a pas l'air méchant ;)

###


On va effectuer un scan généraliste :

# Télécharge MBAM et installe le.

# Lance Malwarebytes' Anti-Malware.
# Clique sur l'onglet "Mises à jours" puis sur "Rechercher des mises à jours".
# Clique sur l'onglet "Recherche", coche "éxécuter un examen rapide" puis clic sur Rechercher.

A la fin de l'analyse, si MBAM n'a rien trouvé :
# Clique sur OK, le rapport s'ouvre spontanément

Si des menaces ont été détectées :
# Clique sur OK puis "Afficher les résultats"
# Choisis l'option "Supprimer la sélection"
# Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
# Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs"
# Sinon le rapport s'ouvre automatiquement après la suppression.
# Post le rapport stp.

El Desaparecido
0
J'ai fait tout cela et il semble avoir supprimé mon ''virus'' (adware apparemment)
Je fais donc faire un scan a nouveau pour voir si avg trouve quelque chose.
Merci beaucoup pour ton aide c'est très apprécié :)
0
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
3 janv. 2012 à 19:27
Ok jess, tiens moi au courant pour AVG.

0
Bizarre ! AVG détecte encore la menace....Luha.fiha.a :S Je comprend rien!
0
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
3 janv. 2012 à 19:33
Tu peux me transmettre le rapport de AVG stp ?
-
El Desaparecido
0
Je ne sais pas comment. Tout ce qu'on me dit c'esyt que C\windows\system32\sys\system\Your.exe est infecté par Luha.Fiha.A. Et ne n'ai comme option que de le supprimer
0
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
Modifié par ¡El Desaparecido! le 3/01/2012 à 20:06
Ok ?

Fais ceci ::


# Télécharge OTM de OldTimer sur ton bureau.

# Double-clique sur OTM.exe pour le lancer.
# Sous Vista/Seven , clic droit -> lancer en tant qu'administrateur
# Copiez la liste ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste Instructions for Items to be Moved.



:files
C:\windows\system32\sys\system\Your.exe
C:\windows\system32\sys\system
C:\windows\system32\sys

:commands
[emptytemp]


# Clique sur "MoveIt!" .
# Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demanderas de redémarrer l'ordinateur.
# Si c'est le cas, accepte en cliquant sur "YES".
# Post le rapport dans ta prochaine réponse.
# Le rapport est situé dans C:\_OTM\MovedFiles (Le nom du rapport correspond au moment de sa création : date_heure.log).--
El Desaparecido
0
on va finir par l'avoir !

All processes killed
========== FILES ==========
C:\windows\system32\sys\system\Your.exe moved successfully.
C:\windows\system32\sys\system folder moved successfully.
C:\windows\system32\sys folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 2984948 bytes
->Temporary Internet Files folder emptied: 109308248 bytes
->Java cache emptied: 3637282 bytes
->Google Chrome cache emptied: 254342038 bytes
->Flash cache emptied: 312231 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62387815 bytes
RecycleBin emptied: 7448070685 bytes

Total Files Cleaned = 7 516,00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 01032012_140655
0
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
3 janv. 2012 à 20:21
:)

AVG devrait te laisser tranquille maintenant .

Fais ceci stp :

Fais un clic droit sur le dossier C:\_OTM
Choisi envoyer vers dossier compressé.
Cela va te créer une archive
Fais moi parvenir cette archive ici stp : http://eldesaparecido.com/upload.html

Cela va me permettre de tester ton infection.

J'aiemerai que tu me fasses ce scan quand meme , en mettant MBAM à jours.


https://forums.commentcamarche.net/forum/affich-24081066-luha-fiha-a#11
0
C'est très bizarre tout ça...je scan avec AVG et il détecte une menace : C:\OTM\movedfiles\ ......... \ your.exe

C'est comme si le virus avait changé de place et il est maintenant dans le dossier OTM. Je l'ai mis en quarantaine alors avg me dit qu'il est supprimé mais quand je regarde dans le rapport ça me dit : l'objet n'est pas trouvable...je vais rescanner.

J'ai essayer de compresser mais ça me dit fichier introuvable ou quelque chose du genre.
0
¡El Desaparecido! Messages postés 1519 Date d'inscription mardi 4 octobre 2011 Statut Membre Dernière intervention 23 octobre 2015 195
3 janv. 2012 à 20:39
Re,

C'est normal ;)

C:\OTM\movedfiles correspond à la zone de quarantaine de OTM

Oublie le message precedent :

Fais un clic droit sur le dossier C:\_OTM
Choisi envoyer vers dossier compressé.
Cela va te créer une archive
Fais moi parvenir cette archive ici stp : http://eldesaparecido.com/upload.html


Supprime le dossier : C:\_OTM et vide ta corbeille

redémarre le pc et verifie que AVG ne fait plus d'alerte, ce qui devrait etre le cas.

Un scan avec MBAM serait bien aussi.

0
ah ok !
Avg a l'air de se tenir tranquille !
Merci beaucoup pour ton aide! :)
0