Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have a rootkit


  • This topic is locked This topic is locked
48 replies to this topic

#1 anderlecht

anderlecht

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 19 September 2011 - 01:54 PM

Hello,

it's impossible to establish a connection whith my bank account;

i think i have a rootkit

anyone can help me ?

i runned otl that my 2 log:

OTL logfile created on: 19/09/2011 19:55:56 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\papa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,77% Memory free
6,21 Gb Paging File | 5,17 Gb Available in Paging File | 83,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 917,57 Gb Total Space | 734,72 Gb Free Space | 80,07% Space Free | Partition Type: NTFS
Drive D: | 13,94 Gb Total Space | 1,97 Gb Free Space | 14,12% Space Free | Partition Type: NTFS

Computer Name: PC-DE-PAPA | User Name: papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/19 18:08:17 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\papa\Desktop\OTL.exe
PRC - [2011/09/01 05:25:24 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/06 08:04:12 | 002,554,696 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/07/06 08:03:53 | 001,793,712 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/01 07:49:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/17 14:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 23:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/01/21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (No Company Name) ==========

MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/01 05:25:24 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/06 08:03:53 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/01 07:49:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/10/15 23:49:26 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/01/04 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/09/01 05:25:24 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/01 05:25:24 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/06 08:04:54 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/07/06 08:04:53 | 000,238,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/07/06 08:04:53 | 000,036,568 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/11/10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2010/11/10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 10:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/06/17 16:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/21 19:27:10 | 011,659,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/26 22:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/06/15 04:01:42 | 000,037,632 | ---- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a38usb.sys -- (ACSSCR)
DRV - [2009/04/11 06:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/20 16:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3790488275-2234851889-1404318780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-3790488275-2234851889-1404318780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3790488275-2234851889-1404318780-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.dhnet.be/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 22:11:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/13 11:59:50 | 000,000,000 | ---D | M]

[2009/09/05 15:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\papa\AppData\Roaming\mozilla\Extensions
[2011/09/10 13:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\papa\AppData\Roaming\mozilla\Firefox\Profiles\7vvw86zk.default\extensions
[2011/08/20 08:44:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\papa\AppData\Roaming\mozilla\Firefox\Profiles\7vvw86zk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/09/04 06:30:01 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\papa\AppData\Roaming\mozilla\Firefox\Profiles\7vvw86zk.default\extensions\firefox@ghostery.com
[2011/09/07 20:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/08/13 11:59:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\PAPA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7VVW86ZK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/03 08:24:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/13 11:59:36 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/03 02:54:18 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/09/03 02:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/03 02:54:18 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/09/03 02:54:18 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/09/03 02:54:18 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/09/03 02:54:18 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/12/23 21:08:04 | 000,000,780 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3790488275-2234851889-1404318780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14032ADF-8DF1-4427-B447-A1D0DCEFC3B9}: NameServer = 156.154.70.25 156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15A553E9-AF7D-4D01-A45D-36DE57300050}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15A553E9-AF7D-4D01-A45D-36DE57300050}: NameServer = 156.154.70.25,156.154.71.25
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/19 18:30:20 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\Temp
[2011/09/19 18:08:13 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\papa\Desktop\OTL.exe
[2011/09/19 17:51:22 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{8FC20C17-855A-478E-8B52-829A0002E149}
[2011/09/19 17:50:56 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{3D6BEDAA-EF71-4D04-A264-6E5065ED0ABF}
[2011/09/14 15:37:50 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{DB9F1BCE-DADD-4EB8-8A3E-B4540247FBA5}
[2011/09/13 21:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/10 16:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011/09/10 15:05:39 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\papa\Desktop\HiJackThis.exe
[2011/09/10 13:54:07 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/10 13:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/10 13:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/10 13:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/10 13:49:31 | 012,549,808 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\papa\Desktop\SUPERAntiSpyware.exe
[2011/09/10 07:57:52 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{B169FC32-B94B-48FC-A1FD-AE0EACCAA656}
[2011/09/09 10:38:58 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{59F3B982-8A03-42A3-AE4D-5AED06C65CB1}
[2011/09/08 08:14:57 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{09E44CED-81B2-4E0F-A694-58F636BF097D}
[2011/09/08 08:14:38 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{8CDB3B2D-715C-4B71-8B23-B370B27B9644}
[2011/09/07 09:20:51 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{E3D52A1F-4B10-4F12-B1E0-76124EE4D40E}
[2011/09/07 09:20:37 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{470F2E47-1FD7-489D-806D-C2A789D29D52}
[2011/09/06 09:24:20 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{BACB55E3-77D9-4E41-A73A-B093C00C94E1}
[2011/09/06 09:24:10 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{E408AA3B-7F70-460F-A04B-822E6CB8582F}
[2011/09/05 08:36:36 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{1E01EA66-37BC-48C1-B694-429C9FD7AFAB}
[2011/09/05 08:36:15 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{C65F1DC1-24CD-4DCE-8AF1-3F5277D44083}
[2011/08/27 07:14:51 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{2181A0D5-1997-4BCF-8BCD-95C3CB0E6DF9}
[2011/08/26 16:05:05 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{4CDF6F84-ECEE-404B-B4A9-269F65CF08B5}
[2011/08/26 04:04:32 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{D23FCA5A-4233-473D-9C7C-71EA63F3A9D2}
[2011/08/25 15:24:38 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{F8FD812F-64BD-4670-8A49-90479623C8A1}
[2011/08/25 15:24:19 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{D0C3625C-B411-46B2-B4B5-F33C7D77BCAD}
[2011/08/24 15:47:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/24 15:34:24 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{0855CD50-C952-4577-9BFA-D5FC5B5684A3}
[2011/08/24 15:34:02 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{378B9EF5-FC97-4F23-B7FA-8D057439C7C7}
[2011/08/23 05:17:12 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{E7C6D04C-0F45-423B-830D-E4C6211D3FCD}
[2011/08/23 05:16:50 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{4C4A4515-4445-4473-8F47-03F24A357B9D}
[2011/08/22 04:34:31 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{FCFB7F32-07C6-4C84-9B41-45A44755538E}
[2011/08/22 04:34:11 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{01CED2FA-45AE-4777-83A8-9F52D923F200}
[2011/08/21 20:08:38 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{0F3EDB98-62DB-4B9D-85C9-1756BFC57A90}
[2011/08/21 07:47:27 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\{3F5A9F5E-9AF8-4B2A-BDB1-866C001A1480}

========== Files - Modified Within 30 Days ==========

[2011/09/19 19:50:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/19 19:50:11 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/19 18:08:17 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\papa\Desktop\OTL.exe
[2011/09/19 17:50:39 | 000,097,589 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/19 17:50:39 | 000,097,589 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/19 17:50:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/19 10:37:58 | 000,341,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/19 10:29:48 | 000,094,236 | ---- | M] () -- C:\ZHPRegY0.zhp
[2011/09/19 10:24:45 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2011/09/13 21:02:45 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/13 19:59:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/10 16:02:47 | 000,001,678 | ---- | M] () -- C:\Users\papa\Desktop\AD-R.lnk
[2011/09/10 15:05:02 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\papa\Desktop\HiJackThis.exe
[2011/09/10 13:53:49 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/10 13:52:53 | 012,549,808 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\papa\Desktop\SUPERAntiSpyware.exe
[2011/09/07 20:30:16 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/01 05:25:24 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/09/01 05:25:24 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2011/09/19 10:37:03 | 000,341,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/19 10:29:48 | 000,094,236 | ---- | C] () -- C:\ZHPRegY0.zhp
[2011/09/13 21:02:45 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/10 16:02:47 | 000,001,678 | ---- | C] () -- C:\Users\papa\Desktop\AD-R.lnk
[2011/09/10 13:53:49 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/01 15:39:57 | 000,522,125 | ---- | C] () -- C:\Users\papa\AppData\Local\census.cache
[2011/08/01 15:39:32 | 000,194,260 | ---- | C] () -- C:\Users\papa\AppData\Local\ars.cache
[2011/08/01 10:58:48 | 000,000,036 | ---- | C] () -- C:\Users\papa\AppData\Local\housecall.guid.cache
[2010/12/16 11:01:15 | 000,171,520 | ---- | C] () -- C:\Windows\System32\taskeng.exe
[2010/11/10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 03:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/05/07 19:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/01/30 14:42:24 | 000,006,525 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/11/06 21:07:09 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/11/06 21:07:09 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/11/06 21:07:09 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/11/06 21:07:09 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/11/06 21:07:09 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/11/06 21:07:09 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/11/06 21:07:09 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/11/06 21:07:09 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/11/06 21:07:09 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/11/06 21:07:09 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/11/06 21:07:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/11/06 21:07:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/11/06 21:07:09 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/11/06 21:07:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/11/06 21:07:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/11/06 21:07:09 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/11/06 21:07:09 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/11/06 21:07:09 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/11/06 21:07:09 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/11/06 21:05:24 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2009/10/07 17:50:56 | 000,017,089 | ---- | C] () -- C:\Users\papa\AppData\Roaming\UserTile.png
[2009/09/27 09:23:14 | 000,001,510 | ---- | C] () -- C:\Users\papa\AppData\Roaming\wklnhst.dat
[2009/09/24 08:36:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 08:36:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/07 05:32:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/28 04:12:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/28 03:57:42 | 000,678,804 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/07/28 03:57:42 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/07/28 03:57:42 | 000,126,420 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/07/28 03:57:42 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/07/27 19:35:55 | 000,009,300 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2009/07/27 19:12:35 | 000,097,589 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/27 19:12:30 | 000,097,589 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/10/29 12:43:26 | 004,202,496 | ---- | C] () -- C:\Windows\System32\qt-mt334.dll
[2008/09/25 18:18:40 | 000,073,728 | ---- | C] () -- C:\Windows\System32\belpicppgui.dll
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/09 06:10:54 | 000,110,592 | ---- | C] () -- C:\Windows\System32\usbr38.dll

========== LOP Check ==========

[2009/11/06 21:24:11 | 000,000,000 | ---D | M] -- C:\Users\anne\AppData\Roaming\EPSON
[2010/07/25 13:24:58 | 000,000,000 | ---D | M] -- C:\Users\anne\AppData\Roaming\LG Electronics
[2009/10/17 06:05:01 | 000,000,000 | ---D | M] -- C:\Users\anne\AppData\Roaming\WildTangent
[2009/12/19 09:25:39 | 000,000,000 | ---D | M] -- C:\Users\anne\AppData\Roaming\WinBatch
[2009/09/07 05:32:09 | 000,000,000 | ---D | M] -- C:\Users\anne\AppData\Roaming\_MDLogs
[2011/07/05 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\EPSON
[2011/08/13 12:10:24 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\f-secure
[2010/11/09 17:18:15 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Leadertech
[2009/10/07 17:50:56 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\PeerNetworking
[2011/07/31 13:41:25 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\QuickScan
[2009/10/03 09:52:32 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Template
[2009/09/23 12:21:38 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\WildTangent
[2009/10/12 08:23:16 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\WinBatch
[2009/09/23 12:18:50 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\_MDLogs
[2011/09/19 10:40:22 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 3053 bytes -> C:\Users\papa\Desktop\euromillions mai - nouvelle formule.eml:OECustomProperty

< End of report >


Extra:

OTL Extras logfile created on: 19/09/2011 19:55:56 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\papa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 62,77% Memory free
6,21 Gb Paging File | 5,17 Gb Available in Paging File | 83,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 917,57 Gb Total Space | 734,72 Gb Free Space | 80,07% Space Free | Partition Type: NTFS
Drive D: | 13,94 Gb Total Space | 1,97 Gb Free Space | 14,12% Space Free | Partition Type: NTFS

Computer Name: PC-DE-PAPA | User Name: papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3790488275-2234851889-1404318780-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F7A737-B432-4F19-9826-922C279039BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3117D9BB-9141-4AA0-A8EB-5C7C0E07F3F1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4D9F91F4-CD8C-49C4-8DE5-479CE4AA38A3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{53B0DF0C-6BFF-43AC-9A64-DC7119FAEC7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{586FA032-D280-4D01-AAA0-AE7D07BB075C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6726D32B-A629-42C8-B700-8F50D9FC1C2E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8A0CDAB1-8FBE-4E94-8975-02EE10E83BAD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A5343C11-1922-4827-882D-6EEAAA0E6444}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C459A20D-4FBE-4E06-B38F-F45639B88B79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D712CDFD-4627-43B8-8A74-12E4D88250D5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF64E139-174E-4CEC-B6C6-EEEF9C4A492B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E4C146C5-5B9A-4717-8CA3-EBD961392048}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E539054-A02B-4725-B2C7-759F7372F3BC}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{2187FA09-5F31-4981-9AB2-92BDE24DEE7D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{61A0FFAF-7FB9-4CA8-9F76-7377C4510DD6}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{8F8A6B55-9552-4C0D-B214-063BCC453634}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{A64F6927-B966-4F9E-8BBF-7FCB571CD999}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{CF1D2D83-F66B-4F2A-852A-E8CEC4926CF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DB8A97C8-91A7-468A-801A-6BFD48C0414A}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{DD83D5D4-B316-4B8D-802F-7BCB798DB97C}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E1DB5490-3F3D-43E6-9EEC-5CC6B74A10F6}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{EC7923B0-C3E5-4766-98A7-F8522EF7C804}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{F5EDE226-430A-4D16-9B16-3A1B7D57775D}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"TCP Query User{D52846C6-EEE2-47CD-A279-868F3935780C}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{E2451021-D722-4A2D-8F98-FCA51477B358}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{155796AE-16D0-45D2-8939-6AE3AD67147B}" = ACR38U PCSC Driver 1.1.6.1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{824563DE-75AD-4166-9DC0-B6482F205775}" = Belgium e-ID middleware 3.5.2 (build 5775)
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Français
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF202088-CF66-4DCA-B1C3-185E7044CEE6}" = HP MediaSmart SmartMenu
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5B693A45377E76C1C6F833AC636C5D61522090CB" = Package de pilotes Windows - ACS (ACSSCR) SmartCardReader (06/15/2009 1.1.6.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ad-Remover" = Ad-Remover par C_XX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"EasyBits Magic Desktop" = Magic Desktop
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Version d'évaluation de Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Logitech Vid" = Logitech Vid HD
"MAGIX Video deluxe SE F" = MAGIX Video deluxe SE 6.0.5.0 (F)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox 6.0.2 (x86 fr)" = Mozilla Firefox 6.0.2 (x86 fr)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"pywin32-py2.6" = Python 2.6 pywin32-212
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live
"WinRAR archiver" = Logiciel d'archivage WinRAR
"ZHPDiag_is1" = ZHPDiag 1.27

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/03/2011 8:23:52 | Computer Name = PC-de-papa | Source = EventSystem | ID = 4621
Description =

Error - 9/03/2011 13:58:46 | Computer Name = PC-de-papa | Source = EventSystem | ID = 4621
Description =

Error - 10/03/2011 3:06:54 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 11/03/2011 2:45:12 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 12/03/2011 1:15:38 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 13/03/2011 2:06:00 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 14/03/2011 3:34:41 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 15/03/2011 6:03:45 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 16/03/2011 2:53:06 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 16/03/2011 14:01:44 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 16/09/2011 21:02:58 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7009
Description =

Error - 16/09/2011 21:02:58 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7000
Description =

Error - 16/09/2011 21:02:59 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7009
Description =

Error - 16/09/2011 21:02:59 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7000
Description =

Error - 16/09/2011 21:05:29 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7009
Description =

Error - 16/09/2011 21:05:29 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7000
Description =

Error - 16/09/2011 21:05:29 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7009
Description =

Error - 16/09/2011 21:05:29 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7000
Description =

Error - 19/09/2011 4:38:42 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7026
Description =

Error - 19/09/2011 4:43:23 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7026
Description =


< End of report >


Edited by Orange Blossom, 19 September 2011 - 01:57 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 anderlecht

anderlecht
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 20 September 2011 - 06:06 AM

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 7753

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

20/09/2011 11:52:55
mbam-log-2011-09-20 (11-52-55).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Elément(s) analysé(s): 375189
Temps écoulé: 1 heure(s), 29 minute(s), 3 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Rapport tdss

2011/09/20 13:17:38.0747 3828	TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
2011/09/20 13:17:38.0887 3828	================================================================================
2011/09/20 13:17:38.0887 3828	SystemInfo:
2011/09/20 13:17:38.0887 3828	
2011/09/20 13:17:38.0887 3828	OS Version: 6.0.6002 ServicePack: 2.0
2011/09/20 13:17:38.0887 3828	Product type: Workstation
2011/09/20 13:17:38.0887 3828	ComputerName: PC-DE-PAPA
2011/09/20 13:17:38.0887 3828	UserName: papa
2011/09/20 13:17:38.0887 3828	Windows directory: C:\Windows
2011/09/20 13:17:38.0887 3828	System windows directory: C:\Windows
2011/09/20 13:17:38.0887 3828	Processor architecture: Intel x86
2011/09/20 13:17:38.0887 3828	Number of processors: 2
2011/09/20 13:17:38.0887 3828	Page size: 0x1000
2011/09/20 13:17:38.0887 3828	Boot type: Normal boot
2011/09/20 13:17:38.0887 3828	================================================================================
2011/09/20 13:17:39.0199 3828	Initialize success
2011/09/20 13:17:42.0881 2480	================================================================================
2011/09/20 13:17:42.0881 2480	Scan started
2011/09/20 13:17:42.0881 2480	Mode: Manual; 
2011/09/20 13:17:42.0881 2480	================================================================================
2011/09/20 13:17:43.0224 2480	61883           (585e64bb6dfbc0a2f1f0b554ded012df) C:\Windows\system32\DRIVERS\61883.sys
2011/09/20 13:17:43.0271 2480	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/20 13:17:43.0333 2480	ACSSCR          (5f92e1e98ec2f4e6fe13d19aa3e24ad7) C:\Windows\system32\DRIVERS\a38usb.sys
2011/09/20 13:17:43.0380 2480	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/20 13:17:43.0427 2480	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/20 13:17:43.0458 2480	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/20 13:17:43.0505 2480	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/20 13:17:43.0583 2480	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/20 13:17:43.0614 2480	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/20 13:17:43.0629 2480	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/20 13:17:43.0676 2480	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/20 13:17:43.0692 2480	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/20 13:17:43.0739 2480	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/20 13:17:43.0770 2480	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/20 13:17:43.0801 2480	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/20 13:17:43.0895 2480	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/20 13:17:43.0926 2480	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/20 13:17:43.0988 2480	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/20 13:17:44.0051 2480	atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/09/20 13:17:44.0160 2480	Avc             (f4b56425a00beb32f5fa6603ff7b0ea2) C:\Windows\system32\DRIVERS\avc.sys
2011/09/20 13:17:44.0222 2480	avgio           (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/09/20 13:17:44.0269 2480	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/09/20 13:17:44.0300 2480	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/09/20 13:17:44.0363 2480	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/20 13:17:44.0425 2480	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/20 13:17:44.0487 2480	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/20 13:17:44.0503 2480	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/20 13:17:44.0550 2480	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/20 13:17:44.0597 2480	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/20 13:17:44.0628 2480	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/20 13:17:44.0643 2480	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/20 13:17:44.0675 2480	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/20 13:17:44.0706 2480	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/20 13:17:44.0753 2480	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/20 13:17:44.0799 2480	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/20 13:17:44.0815 2480	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/09/20 13:17:44.0862 2480	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/20 13:17:44.0909 2480	cmdGuard        (bbe32e04e88b0048ec16f1d6c8936c4b) C:\Windows\system32\DRIVERS\cmdguard.sys
2011/09/20 13:17:44.0940 2480	cmdHlp          (497590ea7a94b98ea7a4516ebf0fb8d2) C:\Windows\system32\DRIVERS\cmdhlp.sys
2011/09/20 13:17:44.0971 2480	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/20 13:17:45.0002 2480	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/09/20 13:17:45.0018 2480	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/20 13:17:45.0065 2480	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/20 13:17:45.0127 2480	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/20 13:17:45.0205 2480	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/20 13:17:45.0252 2480	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/20 13:17:45.0299 2480	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/20 13:17:45.0330 2480	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/20 13:17:45.0361 2480	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/20 13:17:45.0423 2480	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/20 13:17:45.0486 2480	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/20 13:17:45.0579 2480	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/20 13:17:45.0626 2480	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/20 13:17:45.0657 2480	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/20 13:17:45.0689 2480	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/20 13:17:45.0720 2480	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/20 13:17:45.0751 2480	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/20 13:17:45.0782 2480	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/20 13:17:45.0876 2480	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/20 13:17:45.0923 2480	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/20 13:17:45.0969 2480	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/20 13:17:46.0016 2480	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/20 13:17:46.0047 2480	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/20 13:17:46.0079 2480	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/20 13:17:46.0141 2480	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/20 13:17:46.0188 2480	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/20 13:17:46.0235 2480	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/20 13:17:46.0266 2480	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/20 13:17:46.0313 2480	iaStor          (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys
2011/09/20 13:17:46.0375 2480	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/20 13:17:46.0406 2480	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/20 13:17:46.0453 2480	inspect         (1c65e930aba113f2ce59d32c7d8bc03f) C:\Windows\system32\DRIVERS\inspect.sys
2011/09/20 13:17:46.0531 2480	IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/20 13:17:46.0609 2480	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/20 13:17:46.0640 2480	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/20 13:17:46.0671 2480	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/20 13:17:46.0749 2480	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/20 13:17:46.0765 2480	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/20 13:17:46.0796 2480	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/20 13:17:46.0812 2480	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/20 13:17:46.0859 2480	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/20 13:17:46.0890 2480	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/20 13:17:46.0905 2480	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/20 13:17:46.0937 2480	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/20 13:17:46.0968 2480	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/20 13:17:47.0015 2480	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/20 13:17:47.0077 2480	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/20 13:17:47.0124 2480	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/20 13:17:47.0155 2480	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/20 13:17:47.0202 2480	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/20 13:17:47.0217 2480	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/20 13:17:47.0280 2480	lvpopflt        (cbf0bf6af73a704211bbb52efacaa8a0) C:\Windows\system32\DRIVERS\lvpopflt.sys
2011/09/20 13:17:47.0358 2480	LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\Drivers\LVPr2Mon.sys
2011/09/20 13:17:47.0420 2480	LVRS            (a1857fbb9b4930eeb2fd92386c45c529) C:\Windows\system32\DRIVERS\lvrs.sys
2011/09/20 13:17:47.0545 2480	LVUVC           (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
2011/09/20 13:17:47.0607 2480	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/20 13:17:47.0654 2480	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/20 13:17:47.0701 2480	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/20 13:17:47.0748 2480	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/20 13:17:47.0779 2480	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/20 13:17:47.0795 2480	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/20 13:17:47.0810 2480	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/20 13:17:47.0857 2480	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/20 13:17:47.0904 2480	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/20 13:17:47.0951 2480	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/20 13:17:48.0013 2480	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/20 13:17:48.0044 2480	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/20 13:17:48.0107 2480	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/20 13:17:48.0122 2480	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/20 13:17:48.0153 2480	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/09/20 13:17:48.0185 2480	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/20 13:17:48.0263 2480	MSDV            (343291a4dfd7c923c3f71f550830ec1c) C:\Windows\system32\DRIVERS\msdv.sys
2011/09/20 13:17:48.0278 2480	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/20 13:17:48.0294 2480	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/20 13:17:48.0356 2480	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/20 13:17:48.0387 2480	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/20 13:17:48.0419 2480	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/20 13:17:48.0465 2480	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/20 13:17:48.0497 2480	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/20 13:17:48.0528 2480	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/20 13:17:48.0559 2480	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/20 13:17:48.0606 2480	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/20 13:17:48.0637 2480	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/20 13:17:48.0668 2480	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/20 13:17:48.0699 2480	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/20 13:17:48.0762 2480	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/20 13:17:48.0777 2480	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/20 13:17:48.0793 2480	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/20 13:17:48.0840 2480	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/20 13:17:48.0918 2480	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/20 13:17:48.0933 2480	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/20 13:17:48.0965 2480	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/20 13:17:49.0043 2480	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/20 13:17:49.0074 2480	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/20 13:17:49.0089 2480	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/20 13:17:49.0152 2480	NVHDA           (d2f4c4b22969236382ca853b8daa2d4e) C:\Windows\system32\drivers\nvhda32v.sys
2011/09/20 13:17:49.0448 2480	nvlddmkm        (53569a28455a2f9906d34b2c37f80d12) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/20 13:17:49.0604 2480	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/20 13:17:49.0635 2480	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/20 13:17:49.0713 2480	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/20 13:17:49.0823 2480	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/20 13:17:49.0885 2480	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/20 13:17:49.0916 2480	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/20 13:17:49.0947 2480	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/20 13:17:49.0994 2480	pavboot         (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys
2011/09/20 13:17:50.0025 2480	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/20 13:17:50.0057 2480	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/09/20 13:17:50.0088 2480	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/20 13:17:50.0150 2480	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/20 13:17:50.0259 2480	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/20 13:17:50.0291 2480	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/09/20 13:17:50.0369 2480	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/20 13:17:50.0431 2480	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/20 13:17:50.0478 2480	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/20 13:17:50.0509 2480	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/20 13:17:50.0525 2480	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/20 13:17:50.0571 2480	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/20 13:17:50.0603 2480	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/20 13:17:50.0634 2480	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/20 13:17:50.0665 2480	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/20 13:17:50.0696 2480	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/20 13:17:50.0727 2480	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/20 13:17:50.0743 2480	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/20 13:17:50.0790 2480	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/20 13:17:50.0852 2480	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/20 13:17:50.0899 2480	RTL8169         (53892cbd9735a80712ee9439268344b4) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/09/20 13:17:51.0055 2480	SASDIFSV        (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/09/20 13:17:51.0117 2480	SASKUTIL        (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/09/20 13:17:51.0133 2480	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/20 13:17:51.0180 2480	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/20 13:17:51.0211 2480	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/20 13:17:51.0242 2480	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/20 13:17:51.0273 2480	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/20 13:17:51.0320 2480	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/20 13:17:51.0336 2480	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/20 13:17:51.0367 2480	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/20 13:17:51.0398 2480	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/20 13:17:51.0429 2480	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/20 13:17:51.0461 2480	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/20 13:17:51.0492 2480	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/20 13:17:51.0554 2480	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/20 13:17:51.0585 2480	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/20 13:17:51.0648 2480	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/20 13:17:51.0679 2480	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/20 13:17:51.0710 2480	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/20 13:17:51.0741 2480	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/09/20 13:17:51.0788 2480	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/20 13:17:51.0819 2480	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/20 13:17:51.0851 2480	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/20 13:17:51.0882 2480	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/20 13:17:51.0991 2480	Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/20 13:17:52.0038 2480	Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/20 13:17:52.0085 2480	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/20 13:17:52.0116 2480	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/20 13:17:52.0147 2480	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/20 13:17:52.0178 2480	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/20 13:17:52.0209 2480	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/20 13:17:52.0287 2480	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/20 13:17:52.0303 2480	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/20 13:17:52.0334 2480	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/20 13:17:52.0365 2480	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/20 13:17:52.0412 2480	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/20 13:17:52.0443 2480	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/20 13:17:52.0490 2480	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/20 13:17:52.0537 2480	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/20 13:17:52.0568 2480	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/20 13:17:52.0599 2480	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/20 13:17:52.0677 2480	usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/09/20 13:17:52.0693 2480	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/20 13:17:52.0740 2480	USBCCID         (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
2011/09/20 13:17:52.0771 2480	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/20 13:17:52.0818 2480	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/20 13:17:52.0833 2480	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/20 13:17:52.0865 2480	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/20 13:17:52.0896 2480	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/20 13:17:52.0943 2480	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/20 13:17:52.0958 2480	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/20 13:17:52.0989 2480	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/20 13:17:53.0021 2480	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/20 13:17:53.0052 2480	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/20 13:17:53.0083 2480	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/20 13:17:53.0114 2480	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/20 13:17:53.0145 2480	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/20 13:17:53.0192 2480	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/20 13:17:53.0223 2480	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/20 13:17:53.0270 2480	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/20 13:17:53.0301 2480	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/20 13:17:53.0348 2480	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/20 13:17:53.0411 2480	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/20 13:17:53.0457 2480	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/20 13:17:53.0473 2480	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/20 13:17:53.0520 2480	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/20 13:17:53.0551 2480	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/20 13:17:53.0660 2480	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/20 13:17:53.0738 2480	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/20 13:17:53.0801 2480	MBR (0x1B8)     (03ba8f890b47c0be359a4d5a636d214d) \Device\Harddisk0\DR0
2011/09/20 13:17:54.0035 2480	Boot (0x1200)   (0411fc8480f6f422b990edf73ce5a3b0) \Device\Harddisk0\DR0\Partition0
2011/09/20 13:17:54.0081 2480	Boot (0x1200)   (04d04bdf7e9924b55784f386b57ba832) \Device\Harddisk0\DR0\Partition1
2011/09/20 13:17:54.0081 2480	================================================================================
2011/09/20 13:17:54.0081 2480	Scan finished
2011/09/20 13:17:54.0081 2480	================================================================================
2011/09/20 13:17:54.0097 3680	Detected object count: 0
2011/09/20 13:17:54.0097 3680	Actual detected object count: 0

Edited by anderlecht, 20 September 2011 - 06:22 AM.


#3 anderlecht

anderlecht
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 22 September 2011 - 01:54 AM

updated software, fixed firewall; uac off...

new log OTL:

OTL logfile created on: 21/09/2011 18:13:23 - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\papa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,35% Memory free
6,21 Gb Paging File | 5,29 Gb Available in Paging File | 85,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 917,57 Gb Total Space | 733,21 Gb Free Space | 79,91% Space Free | Partition Type: NTFS
Drive D: | 13,94 Gb Total Space | 1,97 Gb Free Space | 14,12% Space Free | Partition Type: NTFS

Computer Name: PC-DE-PAPA | User Name: papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/21 18:11:12 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\papa\Desktop\OTL.exe
PRC - [2011/09/01 05:25:24 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/06 08:04:12 | 002,554,696 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/07/06 08:03:53 | 001,793,712 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/01 07:49:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/08/17 14:38:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/01/14 23:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe


========== Modules (No Company Name) ==========

MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/09/01 05:25:24 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/06 08:03:53 | 001,793,712 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/01 07:49:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/05/07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/10/15 23:49:26 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/01/04 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/09/01 05:25:24 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/01 05:25:24 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/06 08:04:54 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/07/06 08:04:53 | 000,238,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/07/06 08:04:53 | 000,036,568 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/11/10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
DRV - [2010/11/10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/07/27 10:12:26 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/06/17 16:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/21 19:27:10 | 011,659,976 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/06/26 22:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/06/15 04:01:42 | 000,037,632 | ---- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a38usb.sys -- (ACSSCR)
DRV - [2009/04/11 06:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/20 16:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3790488275-2234851889-1404318780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-3790488275-2234851889-1404318780-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3790488275-2234851889-1404318780-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.dhnet.be/"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/21 10:35:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/21 11:02:17 | 000,000,000 | ---D | M]

[2011/09/21 12:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\papa\AppData\Roaming\mozilla\Extensions
[2011/09/21 12:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\papa\AppData\Roaming\mozilla\Firefox\Profiles\7vvw86zk.default\extensions
[2011/09/04 06:30:01 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\papa\AppData\Roaming\mozilla\Firefox\Profiles\7vvw86zk.default\extensions\firefox@ghostery.com
[2011/09/21 10:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/08/13 11:59:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011/09/21 10:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\distribution\extensions
() (No name found) -- C:\USERS\PAPA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7VVW86ZK.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011/09/17 00:54:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/13 11:59:36 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/16 21:57:11 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/09/16 21:16:20 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/16 21:57:11 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/09/16 21:57:11 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/09/16 21:57:11 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/09/16 21:57:11 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/12/23 21:08:04 | 000,000,780 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-3790488275-2234851889-1404318780-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15A553E9-AF7D-4D01-A45D-36DE57300050}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15A553E9-AF7D-4D01-A45D-36DE57300050}: NameServer = 156.154.70.25,156.154.71.25
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\bwaterscene.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/21 18:11:11 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\papa\Desktop\OTL.exe
[2011/09/21 13:42:33 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\Malwarebytes
[2011/09/21 13:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/21 13:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/09/21 13:42:00 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/09/21 13:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/21 13:04:08 | 000,000,000 | ---D | C] -- C:\Users\papa\Desktop\javara
[2011/09/21 13:00:14 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\Macromedia
[2011/09/21 13:00:14 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\Adobe
[2011/09/21 11:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/09/21 11:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/09/21 10:46:09 | 003,797,664 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\papa\Desktop\flashplayer11_rc1_install_win_ax32_090611.exe
[2011/09/20 13:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/09/19 20:31:07 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011/09/19 18:30:20 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Local\Temp
[2011/09/13 21:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/09/10 16:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2011/09/10 15:05:39 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\papa\Desktop\HiJackThis.exe
[2011/09/10 13:54:07 | 000,000,000 | ---D | C] -- C:\Users\papa\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/10 13:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/09/10 13:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/09/10 13:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/09/10 13:49:31 | 012,549,808 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\papa\Desktop\SUPERAntiSpyware.exe
[2011/08/24 15:47:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files - Modified Within 30 Days ==========

[2011/09/21 18:11:12 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\papa\Desktop\OTL.exe
[2011/09/21 18:06:11 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/21 18:06:11 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/21 18:05:32 | 000,341,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/21 18:05:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/21 16:57:12 | 000,000,680 | ---- | M] () -- C:\Users\papa\AppData\Local\d3d9caps.dat
[2011/09/21 13:42:04 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/21 12:10:57 | 000,097,589 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/21 12:10:57 | 000,097,589 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/21 11:02:17 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/21 10:48:23 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/09/21 10:46:09 | 003,797,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\papa\Desktop\flashplayer11_rc1_install_win_ax32_090611.exe
[2011/09/21 10:35:03 | 000,000,872 | ---- | M] () -- C:\Users\papa\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/21 10:35:03 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/19 10:29:48 | 000,094,236 | ---- | M] () -- C:\ZHPRegY0.zhp
[2011/09/19 10:24:45 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2011/09/13 21:02:45 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/10 16:02:47 | 000,001,678 | ---- | M] () -- C:\Users\papa\Desktop\AD-R.lnk
[2011/09/10 15:05:02 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\papa\Desktop\HiJackThis.exe
[2011/09/10 13:53:49 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/09/10 13:52:53 | 012,549,808 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\papa\Desktop\SUPERAntiSpyware.exe
[2011/09/01 05:25:24 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/09/01 05:25:24 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/09/21 16:57:03 | 000,000,680 | ---- | C] () -- C:\Users\papa\AppData\Local\d3d9caps.dat
[2011/09/21 16:24:57 | 000,341,632 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/09/21 13:42:04 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/21 11:02:17 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/21 11:02:17 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/09/19 10:29:48 | 000,094,236 | ---- | C] () -- C:\ZHPRegY0.zhp
[2011/09/13 21:02:45 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/09/10 16:02:47 | 000,001,678 | ---- | C] () -- C:\Users\papa\Desktop\AD-R.lnk
[2011/09/10 13:53:49 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/16 11:01:15 | 000,171,520 | ---- | C] () -- C:\Windows\System32\taskeng.exe
[2010/11/10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/11/10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/11/10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/11/10 03:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/05/07 19:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 19:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/01/30 14:42:24 | 000,006,525 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009/11/06 21:07:09 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/11/06 21:07:09 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/11/06 21:07:09 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/11/06 21:07:09 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/11/06 21:07:09 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/11/06 21:07:09 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/11/06 21:07:09 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/11/06 21:07:09 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/11/06 21:07:09 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/11/06 21:07:09 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/11/06 21:07:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/11/06 21:07:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/11/06 21:07:09 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/11/06 21:07:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/11/06 21:07:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/11/06 21:07:09 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/11/06 21:07:09 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/11/06 21:07:09 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/11/06 21:07:09 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/11/06 21:05:24 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2009/10/07 17:50:56 | 000,017,089 | ---- | C] () -- C:\Users\papa\AppData\Roaming\UserTile.png
[2009/09/24 08:36:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 08:36:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/07 05:32:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/28 04:12:13 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/28 03:57:42 | 000,678,804 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2009/07/28 03:57:42 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2009/07/28 03:57:42 | 000,126,420 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2009/07/28 03:57:42 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2009/07/27 19:35:55 | 000,009,300 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat
[2009/07/27 19:12:35 | 000,097,589 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/27 19:12:30 | 000,097,589 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/10/29 12:43:26 | 004,202,496 | ---- | C] () -- C:\Windows\System32\qt-mt334.dll
[2008/09/25 18:18:40 | 000,073,728 | ---- | C] () -- C:\Windows\System32\belpicppgui.dll
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/09 06:10:54 | 000,110,592 | ---- | C] () -- C:\Windows\System32\usbr38.dll

========== LOP Check ==========

[2009/11/06 21:24:11 | 000,000,000 | ---D | M] -- C:\Users\anne\AppData\Roaming\EPSON
[2010/07/25 13:24:58 | 000,000,000 | ---D | M] -- C:\Users\anne\AppData\Roaming\LG Electronics
[2009/10/17 06:05:01 | 000,000,000 | ---D | M] -- C:\Users\anne\AppData\Roaming\WildTangent
[2009/12/19 09:25:39 | 000,000,000 | ---D | M] -- C:\Users\anne\AppData\Roaming\WinBatch
[2009/09/07 05:32:09 | 000,000,000 | ---D | M] -- C:\Users\anne\AppData\Roaming\_MDLogs
[2011/07/05 18:42:28 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\EPSON
[2009/10/07 17:50:56 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\PeerNetworking
[2011/07/31 13:41:25 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\QuickScan
[2011/09/21 12:55:56 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\Template
[2009/09/23 12:21:38 | 000,000,000 | ---D | M] -- C:\Users\papa\AppData\Roaming\WildTangent
[2011/09/21 16:36:10 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 3053 bytes -> C:\Users\papa\Desktop\euromillions mai - nouvelle formule.eml:OECustomProperty

< End of report >


OTL Extras logfile created on: 21/09/2011 18:13:23 - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\papa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080C | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

3,00 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,35% Memory free
6,21 Gb Paging File | 5,29 Gb Available in Paging File | 85,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 917,57 Gb Total Space | 733,21 Gb Free Space | 79,91% Space Free | Partition Type: NTFS
Drive D: | 13,94 Gb Total Space | 1,97 Gb Free Space | 14,12% Space Free | Partition Type: NTFS

Computer Name: PC-DE-PAPA | User Name: papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3790488275-2234851889-1404318780-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{155796AE-16D0-45D2-8939-6AE3AD67147B}" = ACR38U PCSC Driver 1.1.6.1
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1CC069FA-1A86-402E-9787-3F04E652C67A}" = HP Support Information
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java™ 7
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{32A3A4F4-B792-11D6-A78A-00B0D0170000}" = Java™ SE Development Kit 7
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
"{824563DE-75AD-4166-9DC0-B6482F205775}" = Belgium e-ID middleware 3.5.2 (build 5775)
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Français
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF202088-CF66-4DCA-B1C3-185E7044CEE6}" = HP MediaSmart SmartMenu
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5B693A45377E76C1C6F833AC636C5D61522090CB" = Package de pilotes Windows - ACS (ACSSCR) SmartCardReader (06/15/2009 1.1.6.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"EasyBits Magic Desktop" = Magic Desktop
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Version d'évaluation de Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Logitech Vid" = Logitech Vid HD
"MAGIX Video deluxe SE F" = MAGIX Video deluxe SE 6.0.5.0 (F)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox 7.0 (x86 fr)" = Mozilla Firefox 7.0 (x86 fr)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live
"WinRAR archiver" = Logiciel d'archivage WinRAR
"ZHPDiag_is1" = ZHPDiag 1.27

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/03/2011 3:06:54 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 11/03/2011 2:45:12 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 12/03/2011 1:15:38 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 13/03/2011 2:06:00 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 14/03/2011 3:34:41 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 15/03/2011 6:03:45 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 16/03/2011 2:53:06 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 16/03/2011 14:01:44 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 17/03/2011 3:51:13 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

Error - 18/03/2011 2:03:47 | Computer Name = PC-de-papa | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 21/09/2011 10:27:50 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7000
Description =

Error - 21/09/2011 10:28:03 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7026
Description =

Error - 21/09/2011 10:40:18 | Computer Name = PC-de-papa | Source = DCOM | ID = 10005
Description =

Error - 21/09/2011 10:40:30 | Computer Name = PC-de-papa | Source = DCOM | ID = 10005
Description =

Error - 21/09/2011 10:40:34 | Computer Name = PC-de-papa | Source = DCOM | ID = 10005
Description =

Error - 21/09/2011 10:40:35 | Computer Name = PC-de-papa | Source = DCOM | ID = 10005
Description =

Error - 21/09/2011 10:40:57 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7026
Description =

Error - 21/09/2011 12:06:35 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7009
Description =

Error - 21/09/2011 12:06:35 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7000
Description =

Error - 21/09/2011 12:06:35 | Computer Name = PC-de-papa | Source = Service Control Manager | ID = 7026
Description =


< End of report >


Antivirus quarantine: 03/11/2010: ezShellStart :TR/Agent.117808
27/02/2010: Plugin-changelog.pdf : Exploit pdfka.qyy.1162

Edited by anderlecht, 22 September 2011 - 02:20 AM.


#4 anderlecht

anderlecht
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 22 September 2011 - 03:04 PM

ZHPDiag log

Rapport de ZHPDiag v1.27.2352 par Nicolas Coolman, Update du 27/06/2011
Run by papa at 22/09/2011 21:46:26
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 7.0 v (Defaut)

---\\ System Information
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 735 GB (80%) free of 918 GB

---\\ Logged in mode
Computer Name: PC-DE-PAPA
User Name: papa
All Users Names: papa, anne, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Users\papa\AppData\Roaming
%LocalAppData%=C:\Users\papa\AppData\Local
%StartMenu%=C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 735 Go of 918 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.24/09/2009 - 7:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 3:23:42.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.2C7332C222D1FE1FC57D622699A8C001] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2011 - 3:48:26.) -- C:\Windows\system32\wininet.dll [1126912]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.24/09/2009 - 7:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 3:23:00.) -- C:\Windows\system32\drivers\atapi.sys [21560]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/09/2009 - 7:32:49.) -- C:\Windows\system32\drivers\ntfs.sys [1083880]



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 0/383
~ Mes musiques (My Musics) : 0/2
~ Mes Videos (My Video) : 0/2
~ Mes Favoris (My Favorites) : 0/20
~ Mes Documents (My Documents) : 0/4
~ Mon Bureau (My Desktop) : 0/218
~ Menu demarrer (Programs) : 0/21



---\\ Processus lancés
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.895E17BFF96D3114FD19CEC65A0E749E] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2554696]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184]
[MD5.01CA6E9F4E6E8B2DBE0D365CCAA312C1] - (.Avira GmbH - On-Demand Scanner.) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe [484008]
[MD5.5132FB1B120FB3FB5442008422FFEF4D] - (.Avira GmbH - Antivirus Control Center.) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe [400040]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376]
[MD5.DA659301855BD4C7BBBE48DA21429422] - (.Pas de propriétaire - Core functionality module for HP Remote sof.) -- C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE [143360]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\eHome\EHTray.exe [125952]
[MD5.6B635DF82F1825963BC482EF86E5B419] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [660992]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\7vvw86zk.default\prefs.js
M3 - MFPP: Plugins - [papa] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [papa] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll
P2 - FPN:Firefox Plugin Navigator . (.Oracle Corporation - NPRuntime Script Plug-in Library for Java™ Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.1.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Oracle Corporation - Next Generation Java Plug-in 10.0.0 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60531.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.1.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
M0 - MFSP: prefs.js [papa - 7vvw86zk.default] http://www.dhnet.be/
M2 - MFEP: prefs.js [papa - 7vvw86zk.default\firefox@ghostery.com] [] Ghostery v2.6.0.1 (.Evidon, Inc..)



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKUS\S-1-5-21-3790488275-2234851889-1404318780-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\system32\ieframe.dll



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3790488275-2234851889-1404318780-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-3790488275-2234851889-1404318780-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk . (.CyberLink.) -- C:\Program Files\Cyberlink\CyberLink DVD Suite Deluxe\PowerStarter.exe
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\papa\Desktop\Courrier électronique - Raccourci.lnk - Clé orpheline
O4 - Global Startup: C:\Users\papa\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~3\Office12\EXCEL.exe



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{15A553E9-AF7D-4D01-A45D-36DE57300050}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{15A553E9-AF7D-4D01-A45D-36DE57300050}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{15A553E9-AF7D-4D01-A45D-36DE57300050}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{15A553E9-AF7D-4D01-A45D-36DE57300050}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: !SASWinLogon . (.SUPERAntiSpyware.com - SUPERAntiSpyware WinLogon Processor.) -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: SAS Core Service (!SASCORE) . (.SUPERAntiSpyware.com - Core Service.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) . (.COMODO - COMODO Internet Security.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP Health Check Service (HP Health Check Service) . (.Hewlett-Packard - HP Health Check Service.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 197.9.) - C:\Windows\system32\nvvsvc.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)



---\\ Tâches planifiées en automatique (O39)
[MD5.0C8A70BC3BAAF7BF69DCA495C1E1AB79] [APT] [HP Health Check] (.Hewlett-Packard.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[MD5.A933F72E5CB6A67270B931468EB0490A] [APT] [HPCeeScheduleForpapa] (.Hewlett-Packard.) -- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
[MD5.C1028CBDF27FCF0AA6D39DF121D0B134] [APT] [RecoveryCD] (...) -- C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (cmdGuard) . (.COMODO - COMODO Internet Security Sandbox Driver.) - C:\Windows\System32\DRIVERS\cmdguard.sys
O41 - Driver: (cmdHlp) . (.COMODO - COMODO Internet Security Helper Driver.) - C:\Windows\System32\DRIVERS\cmdhlp.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (inspect) . (.COMODO - COMODO Internet Security Firewall Driver.) - C:\Windows\System32\DRIVERS\inspect.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre clavier HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: (SASDIFSV) . (.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys
O41 - Driver: (SASKUTIL) . (.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASKUTIL.SYS.) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\System32\DRIVERS\ssmdrv.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: Update for Microsoft Office 2007 (KB2508958) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
O42 - Logiciel: ACR38U PCSC Driver 1.1.6.1 - (.Advanced Card Systems Ltd..) [HKLM] -- {155796AE-16D0-45D2-8939-6AE3AD67147B}
O42 - Logiciel: Activation Assistant for the 2007 Microsoft Office suites - (.Microsoft Corporation.) [HKLM] -- Activation Assistant for the 2007 Microsoft Office suites
O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader X (10.1.1) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Belgium e-ID middleware 3.5.2 (build 5775) - (.Belgian Government.) [HKLM] -- {824563DE-75AD-4166-9DC0-B6482F205775}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: COMODO Internet Security - (.COMODO Security Solutions Inc..) [HKLM] -- {FD8E178D-8B4E-42DA-B434-EFF270329B1C}
O42 - Logiciel: Camera RAW Plug-In for EPSON Creativity Suite - (.Pas de propriétaire.) [HKLM] -- {8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}
O42 - Logiciel: CameraHelperMsi - (.Logitech.) [HKLM] -- {15634701-BACE-4449-8B25-1567DA8C9FD3}
O42 - Logiciel: CyberLink DVD Suite Deluxe - (.CyberLink Corp..) [HKLM] -- InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: CyberLink DVD Suite Deluxe - (.CyberLink Corp..) [HKLM] -- {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: EPSON Copy Utility 3 - (.Pas de propriétaire.) [HKLM] -- {67EDD823-135A-4D59-87BD-950616D6E857}
O42 - Logiciel: EPSON File Manager - (.Pas de propriétaire.) [HKLM] -- {2EB81825-E9EE-44F4-8F51-1240C3898DC6}
O42 - Logiciel: EPSON Logiciel imprimante - (.SEIKO EPSON Corporation.) [HKLM] -- EPSON Printer and Utilities
O42 - Logiciel: EPSON Scan - (.Pas de propriétaire.) [HKLM] -- EPSON Scanner
O42 - Logiciel: EPSON Scan Assistant - (.Pas de propriétaire.) [HKLM] -- {2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}
O42 - Logiciel: HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {0295F89F-F698-4101-9A7D-49F407EC2D82}
O42 - Logiciel: HP Advisor - (.Hewlett-Packard.) [HKLM] -- {40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {B84739A3-F943-47E4-95D8-96381EF5AC48}
O42 - Logiciel: HP Games - (.WildTangent.) [HKLM] -- WildTangent hp Master Uninstall
O42 - Logiciel: HP MediaSmart DVD - (.Hewlett-Packard.) [HKLM] -- InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}
O42 - Logiciel: HP MediaSmart DVD - (.Hewlett-Packard.) [HKLM] -- {DCCAD079-F92C-44DA-B258-624FC6517A5A}
O42 - Logiciel: HP MediaSmart Music/Photo/Video - (.Hewlett-Packard.) [HKLM] -- InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}
O42 - Logiciel: HP MediaSmart Music/Photo/Video - (.Hewlett-Packard.) [HKLM] -- {B2EE25B9-5B00-4ACF-94F0-92433C28C39E}
O42 - Logiciel: HP MediaSmart SmartMenu - (.Hewlett-Packard.) [HKLM] -- {FF202088-CF66-4DCA-B1C3-185E7044CEE6}
O42 - Logiciel: HP Picasso Media Center Add-In - (.HP.) [HKLM] -- {55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
O42 - Logiciel: HP Recovery Manager RSS - (.Hewlet Packard Company.) [HKLM] -- {A0640EC2-B97E-4FC1-AD14-227C9E386BB4}
O42 - Logiciel: HP Remote Software - (.Hewlett-Packard.) [HKLM] -- {5F240DB8-0D74-4F13-86C3-929760392A8D}
O42 - Logiciel: HP Total Care Setup - (.Hewlett-Packard.) [HKLM] -- {784BEA84-FA66-4B19-BB80-7B545F248AC6}
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM] -- {47F36D92-E58E-456D-B73C-3382737E4C42}
O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Intel® Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: Java™ 7 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217000FF}
O42 - Logiciel: Java™ SE Development Kit 7 - (.Oracle.) [HKLM] -- {32A3A4F4-B792-11D6-A78A-00B0D0170000}
O42 - Logiciel: LWS Facebook - (.Logitech.) [HKLM] -- {FF167195-9EE4-46C0-8CD7-FBA3457E88AB}
O42 - Logiciel: LWS Gallery - (.Logitech.) [HKLM] -- {6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}
O42 - Logiciel: LWS Help_main - (.Logitech.) [HKLM] -- {1651216E-E7AD-4250-92A1-FB8ED61391C9}
O42 - Logiciel: LWS Launcher - (.Logitech.) [HKLM] -- {83C8FA3C-F4EA-46C4-8392-D3CE353738D6}
O42 - Logiciel: LWS Motion Detection - (.Logitech.) [HKLM] -- {71E66D3F-A009-44AB-8784-75E2819BA4BA}
O42 - Logiciel: LWS Pictures And Video - (.Logitech.) [HKLM] -- {08610298-29AE-445B-B37D-EFBE05802967}
O42 - Logiciel: LWS Twitter - (.Logitech.) [HKLM] -- {174A3B31-4C43-43DD-866F-73C9DB887B48}
O42 - Logiciel: LWS Video Mask Maker - (.Logitech.) [HKLM] -- {EED027B7-0DB6-404B-8F45-6DFEE34A0441}
O42 - Logiciel: LWS VideoEffects - (.Logitech.) [HKLM] -- {138A4072-9E64-46BD-B5F9-DB2BB395391F}
O42 - Logiciel: LWS WLM Plugin - (.Logitech.) [HKLM] -- {9DAEA76B-E50F-4272-A595-0124E826553D}
O42 - Logiciel: LWS Webcam Software - (.Logitech.) [HKLM] -- {8937D274-C281-42E4-8CDB-A0B2DF979189}
O42 - Logiciel: LWS YouTube Plugin - (.Logitech.) [HKLM] -- {21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}
O42 - Logiciel: LabelPrint - (.CyberLink Corp..) [HKLM] -- InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: LabelPrint - (.CyberLink Corp..) [HKLM] -- {C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: LightScribe System Software - (.LightScribe.) [HKLM] -- {7F10292C-A190-4176-A665-A1ED3478DF86}
O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Logitech Vid HD - (.Logitech Inc...) [HKLM] -- Logitech Vid
O42 - Logiciel: Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- {D40EB009-0499-459c-A8AF-C9C110766215}
O42 - Logiciel: MAGIX Video deluxe SE 6.0.5.0 (F) - (.MAGIX AG.) [HKLM] -- MAGIX Video deluxe SE F
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Magic Desktop - (.EasyBits Software AS.) [HKLM] -- EasyBits Magic Desktop
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.2.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office File Validation Add-In - (.Microsoft Corporation.) [HKLM] -- {90140000-2005-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office OneNote MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00A1-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint Viewer 2007 (French) - (.Microsoft Corporation.) [HKLM] -- {95120000-00AF-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - (.Microsoft Corporation.) [HKLM] -- {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 - (.Microsoft Corporation.) [HKLM] -- {3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM] -- {3B160861-7250-451E-B5EE-8B92BF30A710}
O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0020-040C-0000-0000000FF1CE}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Mozilla Firefox 7.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 7.0 (x86 fr)
O42 - Logiciel: NVIDIA Display Control Panel - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Display Control Panel
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: OGA Notifier 2.0.0048.0 - (.Microsoft Corporation.) [HKLM] -- {B2544A03-10D0-4E5E-BA69-0362FFC20D18}
O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) [HKLM] -- {3D3E663D-4E7E-4577-A560-7ECDDD45548A}
O42 - Logiciel: Package de pilotes Windows - ACS (ACSSCR) SmartCardReader (06/15/2009 1.1.6.1) - (.ACS.) [HKLM] -- 5B693A45377E76C1C6F833AC636C5D61522090CB
O42 - Logiciel: Power2Go - (.CyberLink Corp..) [HKLM] -- InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: Power2Go - (.CyberLink Corp..) [HKLM] -- {40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: PowerDirector - (.CyberLink Corp..) [HKLM] -- InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: PowerDirector - (.CyberLink Corp..) [HKLM] -- {CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: Python 2.6.1 - (.Python Software Foundation.) [HKLM] -- {9CC89170-000B-457D-91F1-53691F85B223}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: SUPERAntiSpyware - (.SUPERAntiSpyware.com.) [HKLM] -- {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CD769337-C8AC-46DB-A7DC-643E50089263}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{536FB502-775F-4494-BACE-C02CC90B7A5B}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2553074) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5729F1AE-5895-468F-9165-BAD161C9E982}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2553089) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2553090) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{643C12A2-AF9A-4712-B8BE-3B7650AFE00A}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2584063) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2553073) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{65EA4836-B5A3-4C1D-8883-0C35E471003A}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2535818) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523
O42 - Logiciel: Update for Microsoft Office 2007 System (KB2539530) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
O42 - Logiciel: Update for Microsoft Office OneNote 2007 (KB980729) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}
O42 - Logiciel: Version d'évaluation de Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- HOMESTUDENTR
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}
O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM] -- {0B0F231F-CE6A-483D-AA23-77B364F75917}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {E5B21F11-6933-4E0B-A25C-7963E3C07D11}
O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM] -- {83C292B7-38A5-440B-A731-07070E81A64F}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70}
O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4}
O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F}
O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM] -- {05E379CC-F626-4E7D-8354-463865B303BF}
O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
O42 - Logiciel: erLT - (.Logitech, Inc..) [HKLM] -- {3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avira]
[HKCU\Software\BEID]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\ComodoGroup]
[HKCU\Software\CyberLink]
[HKCU\Software\EPSON]
[HKCU\Software\ESET]
[HKCU\Software\F-Secure]
[HKCU\Software\Freeware]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\JavaSoft]
[HKCU\Software\Leadertech]
[HKCU\Software\LightScribe]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\LogiShrd]
[HKCU\Software\Logitech]
[HKCU\Software\MAGIX AG]
[HKCU\Software\Macromedia]
[HKCU\Software\Magix]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MimarSinan]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\Norton]
[HKCU\Software\ODBC]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\SUPERAntiSpyware.com]
[HKCU\Software\Skype]
[HKCU\Software\Softthinks]
[HKCU\Software\SupportSoft]
[HKCU\Software\Theorica]
[HKCU\Software\Trolltech]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKLM\Software\Acudata]
[HKLM\Software\Adobe]
[HKLM\Software\Avira]
[HKLM\Software\BEID]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\ComodoGroup]
[HKLM\Software\CyberLink]
[HKLM\Software\EPSON]
[HKLM\Software\EasyBits]
[HKLM\Software\Eset]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IDAVLab]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Khronos]
[HKLM\Software\LightScribe]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Magix]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\Panda Software]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\SUPERAntiSpyware.com]
[HKLM\Software\Sonic]
[HKLM\Software\SymNRT]
[HKLM\Software\Symantec]
[HKLM\Software\TrendMicro]
[HKLM\Software\Volatile]
[HKLM\Software\WOW6432Node]
[HKLM\Software\WildTangent]
[HKLM\Software\Wilson WindowWare]
[HKLM\Software\WinRAR]
[HKLM\Software\X-AVCSD]
[HKLM\Software\eFilm Medical]
[HKLM\Software\logishrd]
[HKLM\Software\mozilla.org]



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 3/02/2010 - 21:04:18 - [376383] ----D- C:\Program Files\ACR38U PCSC Driver 1.1.6.1
O43 - CFD: 6/12/2009 - 14:03:42 - [12686438] ----D- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
O43 - CFD: 21/09/2011 - 11:00:58 - [116852806] ----D- C:\Program Files\Adobe
O43 - CFD: 5/09/2009 - 15:34:42 - [208328895] ----D- C:\Program Files\Avira
O43 - CFD: 3/02/2010 - 21:05:14 - [12872915] ----D- C:\Program Files\Belgium Identity Card
O43 - CFD: 13/09/2011 - 21:02:46 - [4118120] ----D- C:\Program Files\CCleaner
O43 - CFD: 21/09/2011 - 11:00:58 - [850613926] ----D- C:\Program Files\Common Files
O43 - CFD: 27/06/2011 - 7:43:48 - [102494734] ----D- C:\Program Files\COMODO
O43 - CFD: 27/07/2009 - 19:19:26 - [910828798] ----D- C:\Program Files\Cyberlink
O43 - CFD: 3/02/2010 - 21:04:20 - [361440] ----D- C:\Program Files\DIFX
O43 - CFD: 7/09/2009 - 5:32:40 - [90816158] ----D- C:\Program Files\EasyBits For Kids
O43 - CFD: 2/05/2011 - 11:27:36 - [52934285] ----D- C:\Program Files\epson
O43 - CFD: 20/09/2011 - 13:38:58 - [124628152] ----D- C:\Program Files\ESET
O43 - CFD: 20/08/2010 - 15:36:30 - [642130844] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 27/07/2009 - 19:23:20 - [4057249] ----D- C:\Program Files\HP
O43 - CFD: 27/07/2009 - 19:35:28 - [374054055] ----D- C:\Program Files\HP Games
O43 - CFD: 2/05/2011 - 11:39:40 - [90850395] ----D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 5/09/2009 - 14:35:38 - [61739168] ----D- C:\Program Files\Intel
O43 - CFD: 10/08/2011 - 14:52:22 - [5388902] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 13/08/2011 - 11:59:36 - [327524406] ----D- C:\Program Files\Java
O43 - CFD: 11/11/2010 - 7:22:24 - [131425896] ----D- C:\Program Files\Logitech
O43 - CFD: 30/01/2010 - 14:43:32 - [319952302] ----D- C:\Program Files\MAGIX
O43 - CFD: 21/09/2011 - 13:42:06 - [7003649] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 12/11/2010 - 9:40:46 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 2/11/2006 - 14:37:36 - [93446071] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 2/07/2011 - 10:37:46 - [378251367] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 16/06/2011 - 8:38:28 - [38411899] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 17/12/2010 - 6:38:34 - [145421942] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 26/06/2010 - 8:59:48 - [8167779] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 13/08/2010 - 5:28:34 - [99342446] ----D- C:\Program Files\Movie Maker
O43 - CFD: 22/09/2011 - 21:35:36 - [29967037] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 2/11/2006 - 14:37:36 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 6/12/2009 - 13:56:08 - [27892223] ----D- C:\Program Files\MSECache
O43 - CFD: 5/09/2009 - 14:44:44 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 30/11/2010 - 17:47:22 - [20656009] ----D- C:\Program Files\NVIDIA Corporation
O43 - CFD: 12/10/2009 - 8:25:54 - [445943] R---D- C:\Program Files\Online Services
O43 - CFD: 19/09/2011 - 10:11:48 - [44852430] ----D- C:\Program Files\Python
O43 - CFD: 27/07/2009 - 18:46:42 - [85145428] ----D- C:\Program Files\Realtek
O43 - CFD: 2/11/2006 - 14:37:36 - [39998721] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 25/12/2009 - 10:56:22 - [37143990] ----D- C:\Program Files\SMINST
O43 - CFD: 10/09/2011 - 13:54:08 - [68561161] ----D- C:\Program Files\SUPERAntiSpyware
O43 - CFD: 27/07/2009 - 19:11:10 - [0] ----D- C:\Program Files\Temp
O43 - CFD: 27/06/2011 - 17:03:32 - [403393] ----D- C:\Program Files\Trend Micro
O43 - CFD: 2/11/2006 - 15:01:56 - [0] ----D- C:\Program Files\Uninstall Information
O43 - CFD: 12/10/2009 - 14:51:52 - [1016832] ----D- C:\Program Files\Windows Calendar
O43 - CFD: 12/10/2009 - 14:51:50 - [2737152] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 12/10/2009 - 14:51:48 - [4490624] ----D- C:\Program Files\Windows Defender
O43 - CFD: 21/09/2011 - 22:02:42 - [7084664] ----D- C:\Program Files\Windows Journal
O43 - CFD: 11/08/2011 - 19:25:12 - [62369527] ----D- C:\Program Files\Windows Live
O43 - CFD: 17/09/2011 - 3:05:36 - [9116344] ----D- C:\Program Files\Windows Mail
O43 - CFD: 15/10/2010 - 3:21:54 - [4498121] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 5/09/2009 - 14:31:36 - [7957544] ----D- C:\Program Files\Windows NT
O43 - CFD: 12/10/2009 - 14:51:50 - [13528738] ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 19/11/2009 - 20:03:06 - [134144] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 12/10/2009 - 14:51:52 - [8947370] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 5/11/2009 - 15:31:50 - [3921490] ----D- C:\Program Files\WinRAR
O43 - CFD: 22/09/2011 - 21:46:50 - [4061319] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 21/09/2011 - 11:01:48 - [3606170] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 6/12/2009 - 14:02:30 - [92976] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 6/11/2009 - 21:14:32 - [8106313] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 13/08/2011 - 12:01:12 - [1239723] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 27/07/2009 - 19:23:04 - [32098366] ---AD- C:\Program Files\Common Files\LightScribe
O43 - CFD: 30/11/2010 - 17:55:04 - [72663177] ----D- C:\Program Files\Common Files\LogiShrd
O43 - CFD: 27/07/2009 - 19:23:00 - [56657] ---AD- C:\Program Files\Common Files\LS Getting Started
O43 - CFD: 9/11/2010 - 17:16:34 - [5241923] ----D- C:\Program Files\Common Files\LWS
O43 - CFD: 30/01/2010 - 14:44:50 - [1570387] ----D- C:\Program Files\Common Files\MAGIX Shared
O43 - CFD: 11/08/2011 - 19:24:20 - [436917690] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 2/11/2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 2/11/2006 - 13:18:34 - [41101735] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 6/10/2009 - 15:45:24 - [3609311] ----D- C:\Program Files\Common Files\SupportSoft
O43 - CFD: 12/10/2009 - 14:51:50 - [42750094] ----D- C:\Program Files\Common Files\System
O43 - CFD: 6/09/2009 - 17:41:34 - [201556702] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 5/09/2009 - 15:34:42 - [82749239] ----D- C:\ProgramData\Avira
O43 - CFD: 5/09/2009 - 14:31:36 - [0] -SH-D- C:\ProgramData\Bureaublad
O43 - CFD: 27/06/2011 - 16:55:58 - [34196318] ----D- C:\ProgramData\Comodo
O43 - CFD: 14/10/2009 - 9:36:00 - [134605] ----D- C:\ProgramData\CyberLink
O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 5/09/2009 - 14:31:36 - [0] -SH-D- C:\ProgramData\Documenten
O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 2/05/2011 - 11:12:26 - [826966] ----D- C:\ProgramData\EPSON
O43 - CFD: 5/09/2009 - 14:31:36 - [0] -SH-D- C:\ProgramData\Favorieten
O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 5/09/2009 - 14:38:26 - [43940767] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 5/11/2009 - 15:32:50 - [5098] ----D- C:\ProgramData\LightScribe
O43 - CFD: 9/11/2010 - 17:19:56 - [266] ----D- C:\ProgramData\LogiShrd
O43 - CFD: 9/11/2010 - 17:16:38 - [21140950] ----D- C:\ProgramData\Logitech
O43 - CFD: 30/01/2010 - 19:19:20 - [0] ----D- C:\ProgramData\MAGIX
O43 - CFD: 21/09/2011 - 13:42:06 - [7263559] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 5/09/2009 - 14:31:36 - [0] -SH-D- C:\ProgramData\Menu Start
O43 - CFD: 10/11/2010 - 16:47:16 - [179312078] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 17/09/2011 - 3:05:48 - [57040] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 30/11/2010 - 17:47:38 - [277096] ----D- C:\ProgramData\NVIDIA
O43 - CFD: 6/10/2009 - 15:34:38 - [588] ----D- C:\ProgramData\Office Genuine Advantage
O43 - CFD: 5/09/2009 - 14:31:36 - [0] -SH-D- C:\ProgramData\Sjablonen
O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 10/09/2011 - 13:53:48 - [94234231] ----D- C:\ProgramData\SUPERAntiSpyware.com
O43 - CFD: 27/07/2009 - 19:22:04 - [254094] ----D- C:\ProgramData\Temp
O43 - CFD: 2/11/2006 - 15:02:06 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 6/11/2009 - 21:11:50 - [3184] ----D- C:\ProgramData\UDL
O43 - CFD: 5/11/2009 - 14:22:42 - [3263697581] ----D- C:\ProgramData\WildTangent
O43 - CFD: 6/12/2009 - 14:03:42 - [6904801] ----D- C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 21/09/2011 - 13:00:16 - [0] ----D- C:\Users\papa\AppData\Roaming\Adobe
O43 - CFD: 29/03/2011 - 10:54:54 - [0] ----D- C:\Users\papa\AppData\Roaming\Avira
O43 - CFD: 14/10/2009 - 9:37:08 - [134] ----D- C:\Users\papa\AppData\Roaming\CyberLink
O43 - CFD: 5/07/2011 - 18:42:30 - [153] ----D- C:\Users\papa\AppData\Roaming\EPSON
O43 - CFD: 5/09/2009 - 14:41:28 - [21564] ----D- C:\Users\papa\AppData\Roaming\Hewlett-Packard
O43 - CFD: 5/09/2009 - 14:36:06 - [23572] ----D- C:\Users\papa\AppData\Roaming\HP TCS
O43 - CFD: 5/09/2009 - 14:40:44 - [0] ----D- C:\Users\papa\AppData\Roaming\Identities
O43 - CFD: 21/09/2011 - 12:57:36 - [0] ----D- C:\Users\papa\AppData\Roaming\InstallShield
O43 - CFD: 21/09/2011 - 13:00:16 - [470] ----D- C:\Users\papa\AppData\Roaming\Macromedia
O43 - CFD: 21/09/2011 - 13:42:34 - [0] ----D- C:\Users\papa\AppData\Roaming\Malwarebytes
O43 - CFD: 2/11/2006 - 14:37:36 - [0] ----D- C:\Users\papa\AppData\Roaming\Media Center Programs
O43 - CFD: 22/09/2011 - 21:38:26 - [738028] -S--D- C:\Users\papa\AppData\Roaming\Microsoft
O43 - CFD: 5/09/2009 - 15:04:42 - [18362122] ----D- C:\Users\papa\AppData\Roaming\Mozilla
O43 - CFD: 7/10/2009 - 17:50:58 - [0] ----D- C:\Users\papa\AppData\Roaming\PeerNetworking
O43 - CFD: 31/07/2011 - 13:41:26 - [21007] ----D- C:\Users\papa\AppData\Roaming\QuickScan
O43 - CFD: 10/09/2011 - 13:54:08 - [40960] ----D- C:\Users\papa\AppData\Roaming\SUPERAntiSpyware.com
O43 - CFD: 21/09/2011 - 12:55:58 - [0] ----D- C:\Users\papa\AppData\Roaming\Template
O43 - CFD: 23/09/2009 - 12:21:40 - [717] ----D- C:\Users\papa\AppData\Roaming\WildTangent
O43 - CFD: 5/11/2009 - 15:31:52 - [12] ----D- C:\Users\papa\AppData\Roaming\WinRAR
O43 - CFD: 5/09/2009 - 14:32:10 - [0] -SH-D- C:\Users\papa\Appdata\Local\Application Data
O43 - CFD: 5/09/2009 - 14:41:24 - [6910280] ----D- C:\Users\papa\Appdata\Local\Hewlett-Packard
O43 - CFD: 5/09/2009 - 14:32:10 - [0] -SH-D- C:\Users\papa\Appdata\Local\Historique
O43 - CFD: 9/11/2010 - 17:19:30 - [1391349] ----D- C:\Users\papa\Appdata\Local\LogiShrd
O43 - CFD: 21/09/2011 - 13:14:40 - [312331605] ----D- C:\Users\papa\Appdata\Local\Microsoft
O43 - CFD: 26/03/2011 - 13:16:40 - [381447] ----D- C:\Users\papa\Appdata\Local\Microsoft Games
O43 - CFD: 6/12/2009 - 14:00:20 - [0] ----D- C:\Users\papa\Appdata\Local\Microsoft Help
O43 - CFD: 5/09/2009 - 15:04:36 - [52631364] ----D- C:\Users\papa\Appdata\Local\Mozilla
O43 - CFD: 6/12/2009 - 14:03:32 - [285696] ----D- C:\Users\papa\Appdata\Local\Seven Zip
O43 - CFD: 22/09/2011 - 21:45:02 - [141692] ----D- C:\Users\papa\Appdata\Local\Temp
O43 - CFD: 5/09/2009 - 14:32:10 - [0] -SH-D- C:\Users\papa\Appdata\Local\Temporary Internet Files
O43 - CFD: 30/11/2010 - 17:48:56 - [11708] ----D- C:\Users\papa\Appdata\Local\VirtualStore
O43 - CFD: 22/09/2011 - 21:09:22 - [45056] ----D- C:\Users\papa\Appdata\Local\Windows Live
O43 - CFD: 22/09/2011 - 21:09:16 - [0] ----D- C:\Users\papa\Appdata\Local\{D3B16EBD-97CB-40D9-B29D-23163FBD8331}
O43 - CFD: 22/09/2011 - 21:09:12 - [0] ----D- C:\Users\papa\Appdata\Local\{EEE60F40-4FD2-46FB-A857-498AA5B16A31}
O43 - CFD: 21/01/2008 - 4:42:48 - [15239] R---D- C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 5/09/2009 - 14:40:52 - [174] R---D- C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 21/01/2008 - 4:42:48 - [548] R---D- C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 27/06/2011 - 19:12:50 - [0] R---D- C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0F78D3DAE6DEDD99AE54C9491C62ADF2] - 1/09/2011 - 4:25:24 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\System32\drivers\avipbb.sys [138192]
O44 - LFC:[MD5.1E4114685DE1FFA9675E09C6A1FB3F4B] - 1/09/2011 - 4:25:24 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\System32\drivers\avgntflt.sys [66616]
O44 - LFC:[MD5.51B981B0CB6D5CE41269EF63BB78957B] - 19/09/2011 - 9:24:45 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.0957FE1C00A10BAA2429694A44D30137] - 21/09/2011 - 9:48:23 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [414368]
O44 - LFC:[MD5.B65A76B579B2D8BEE7746C526A2DEAA7] - 22/09/2011 - 7:44:33 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.8EBF6ECC05228F1FDFF32F3F9F74314C] - 21/09/2011 - 16:00:29 ---A- . (...) -- C:\TDSSKiller.2.5.23.0_21.09.2011_17.00.09_log.txt [61284]
O44 - LFC:[MD5.F522395666353470620B51D335DFDDD2] - 21/09/2011 - 12:01:34 ---A- . (...) -- C:\JavaRa.log [23195]
O44 - LFC:[MD5.69A6268D7F81E53D568AB4E7E991CAF3] - 31/08/2011 - 16:00:50 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbam.sys [22216]



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\system32\EZUPBH~1.DLL
O46 - SEH:ShellExecuteHooks - EasyBits Security Shield Hook - prevents launching insecure programs by kids - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"vidc.i420"="lvcodec2.dll" . (.Logitech Inc. - Video Codec.) -- C:\Windows\System32\lvcodec2.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll
O52 - TDSD: \Drivers32\"msacm.l3codecp"="l3codecp.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\l3codecp.acm
O52 - TDSD: \Drivers32\"vidc.dvsd"="pdvcodec.dll" . (.Matsubleepa Electric Industrial Co., Ltd. - DV Video for Windows Driver.) -- C:\Windows\System32\pdvcodec.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"c:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM"="CyberLink MP3 Encoder" . (...) -- (.not file.)



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (...) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\beid [Key] . (.Belgian Government - beidgui executable.) -- C:\Program Files\Belgium Identity Card\beid35gui.exe
O53 - SMSR:HKLM\...\startupreg\CLMLServer for HP TouchSmart [Key] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O53 - SMSR:HKLM\...\startupreg\DVDAgent [Key] . (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
O53 - SMSR:HKLM\...\startupreg\EPSON Stylus DX4400 Series [Key] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe
O53 - SMSR:HKLM\...\startupreg\EPSON Stylus DX4400 Series (Copie 1) [Key] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe
O53 - SMSR:HKLM\...\startupreg\EPSON Stylus DX4400 Series (Copie 2) [Key] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe
O53 - SMSR:HKLM\...\startupreg\HP Health Check Scheduler [Key] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O53 - SMSR:HKLM\...\startupreg\HP Remote Software [Key] . (.Pas de propriétaire - Core functionality module for HP Remote sof.) -- C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
O53 - SMSR:HKLM\...\startupreg\HP Software Update [Key] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O53 - SMSR:HKLM\...\startupreg\HPADVISOR [Key] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O53 - SMSR:HKLM\...\startupreg\hpsysdrv [Key] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O53 - SMSR:HKLM\...\startupreg\IAAnotif [Key] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O53 - SMSR:HKLM\...\startupreg\LightScribe Control Panel [Key] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O53 - SMSR:HKLM\...\startupreg\LWS [Key] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O53 - SMSR:HKLM\...\startupreg\SmartMenu [Key] . (.Hewlett-Packard - HP MediaSmart SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java™ Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O53 - SMSR:HKLM\...\startupreg\TSMAgent [Key] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
O53 - SMSR:HKLM\...\startupreg\UpdateLBPShortCut [Key] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O53 - SMSR:HKLM\...\startupreg\UpdateP2GoShortCut [Key] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O53 - SMSR:HKLM\...\startupreg\UpdatePDIRShortCut [Key] . (...) -- c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe7.0 (.not file.)
O53 - SMSR:HKLM\...\startupreg\Windows Defender [Key] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O53 - SMSR:HKLM\...\startupreg\WMPNSCFG [Key] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "HideFastUserSwitching"=0



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSharedDocuments"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.5F92E1E98EC2F4E6FE13D19AA3E24AD7] - 3/02/2010 - 3:01:42 ---A- . (.Advanced Card Systems Ltd - PCSC/CCID IFD Handler.) -- C:\Windows\system32\drivers\a38usb.sys [37632]
O58 - SDL:[MD5.7099700A3789AD64FBCE8EBE956DA65D] - 30/04/2004 - 13:35:00 ---A- . (.Advanced Card Systems Ltd - PCSC/CCID IFD Handler.) -- C:\Windows\system32\drivers\a38usbxp.sys [24832]
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 3:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.60505E0041F7751BDBB80F88BF45C2CE] - 21/01/2008 - 3:23:25 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [300600]
O58 - SDL:[MD5.8A42779B02AEC986EAB64ECFC98F8BD7] - 21/01/2008 - 3:23:26 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys [101432]
O58 - SDL:[MD5.241C9E37F8CE45EF51C3DE27515CA4E5] - 21/01/2008 - 3:23:27 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [149560]
O58 - SDL:[MD5.9EAEF5FC9B8E351AFA7E78A6FAE91F91] - 21/01/2008 - 3:23:00 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [17464]
O58 - SDL:[MD5.5D2888182FB46632511ACEE92FDAD522] - 21/01/2008 - 3:23:23 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [79416]
O58 - SDL:[MD5.5E2A321BD7C8B3624E41FDEC3E244945] - 21/01/2008 - 3:23:24 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [79928]
O58 - SDL:[MD5.1E4114685DE1FFA9675E09C6A1FB3F4B] - 5/09/2009 - 4:25:24 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [66616]
O58 - SDL:[MD5.0F78D3DAE6DEDD99AE54C9491C62ADF2] - 5/09/2009 - 4:25:24 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [138192]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 2/11/2006 - 9:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 2/11/2006 - 9:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 2/11/2006 - 9:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [71808]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 2/11/2006 - 9:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 2/11/2006 - 9:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 2/11/2006 - 9:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.DE82681C08EB3840913ED0338CBEE0BA] - 27/06/2011 - 7:04:53 ---A- . (.COMODO - COMODO Internet Security Eradication Driver.) -- C:\Windows\system32\drivers\cmderd.sys [19088]
O58 - SDL:[MD5.BBE32E04E88B0048EC16F1D6C8936C4B] - 27/06/2011 - 7:04:53 ---A- . (.COMODO - COMODO Internet Security Sandbox Driver.) -- C:\Windows\system32\drivers\cmdGuard.sys [238960]
O58 - SDL:[MD5.497590EA7A94B98EA7A4516EBF0FB8D2] - 27/06/2011 - 7:04:53 ---A- . (.COMODO - COMODO Internet Security Helper Driver.) -- C:\Windows\system32\drivers\cmdhlp.sys [36568]
O58 - SDL:[MD5.0CA25E686A4928484E9FDABD168AB629] - 21/01/2008 - 3:23:00 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [19000]
O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 2/11/2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [71272]
O58 - SDL:[MD5.5425F74AC0C1DBD96A1E04F17D63F94C] - 21/01/2008 - 3:23:24 ---A- . (.Intel Corporation - Pilote désérialisé NDIS 6 de la carte Intel® PRO/1000.) -- C:\Windows\system32\drivers\E1G60I32.sys [118784]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 3:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [342584]
O58 - SDL:[MD5.16EE7B23A009E00D835CDB79574A91A6] - 21/01/2008 - 3:23:26 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys [40504]
O58 - SDL:[MD5.BAABB0301949774A66B955C65319635A] - 28/07/2009 - 13:34:52 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStor.sys [328728]
O58 - SDL:[MD5.54155EA1B0DF185878E0FC9EC3AC3A14] - 21/01/2008 - 3:23:23 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys [235064]
O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 2/11/2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41576]
O58 - SDL:[MD5.1C65E930ABA113F2CE59D32C7D8BC03F] - 27/06/2011 - 7:04:54 ---A- . (.COMODO - COMODO Internet Security Firewall Driver.) -- C:\Windows\system32\drivers\inspect.sys [82400]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 2/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 2/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys [35944]
O58 - SDL:[MD5.C7E15E82879BF3235B559563D4185365] - 21/01/2008 - 3:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [96312]
O58 - SDL:[MD5.EE01EBAE8C9BF0FA072E0FF68718920A] - 21/01/2008 - 3:23:25 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89656]
O58 - SDL:[MD5.912A04696E9CA30146A62AFA1463DD5C] - 21/01/2008 - 3:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96312]
O58 - SDL:[MD5.CBF0BF6AF73A704211BBB52EFACAA8A0] - 9/11/2010 - 9:12:26 ---A- . (.Logitech Inc. - Logitech AudioProcessing Filter Driver.) -- C:\Windows\system32\drivers\lvpopflt.sys [114784]
O58 - SDL:[MD5.8BE71D7EDB8C7494913722059F760DD0] - 9/11/2010 - 18:43:30 ---A- . (...) -- C:\Windows\system32\drivers\LVPr2Mon.sys [25824]
O58 - SDL:[MD5.A1857FBB9B4930EEB2FD92386C45C529] - 10/11/2010 - 2:48:12 ---A- . (.Logitech Inc. - Logitech Kernel Audio Improvement Filter Driver.) -- C:\Windows\system32\drivers\lvrs.sys [283744]
O58 - SDL:[MD5.3703406AF0726BADD24C5E552493E5B1] - 10/11/2010 - 2:49:50 ---A- . (.Logitech Inc. - Logitech USB Video Class Driver.) -- C:\Windows\system32\drivers\lvuvc.sys [4323040]
O58 - SDL:[MD5.69A6268D7F81E53D568AB4E7E991CAF3] - 21/09/2011 - 16:00:50 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [22216]
O58 - SDL:[MD5.0001CE609D66632FA17B84705F658879] - 21/01/2008 - 3:23:27 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys [31288]
O58 - SDL:[MD5.C252F32CD9A49DBFC25ECF26EBD51A99] - 21/01/2008 - 3:23:27 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [386616]
O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 2/11/2006 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys [33384]
O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 2/11/2006 - 10:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [45160]
O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 2/11/2006 - 8:36:50 ---A- . (.N-trig Innovative Technologies - Pilote intégré de digitalisateur de tablette N-trig.) -- C:\Windows\system32\drivers\ntrigdigi.sys [20608]
O58 - SDL:[MD5.D2F4C4B22969236382CA853B8DAA2D4E] - 26/06/2009 - 21:55:12 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [66080]
O58 - SDL:[MD5.53569A28455A2F9906D34B2C37F80D12] - 21/05/2010 - 18:27:10 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 197.93.) -- C:\Windows\system32\drivers\nvlddmkm.sys [11659976]
O58 - SDL:[MD5.2EDF9E7751554B42CBB60116DE727101] - 21/01/2008 - 3:23:21 ---A- . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [102968]
O58 - SDL:[MD5.ABED0C09758D1D97DB0042DBB2688177] - 21/01/2008 - 3:23:21 ---A- . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [45112]
O58 - SDL:[MD5.0A6DB55AFB7820C99AA1F3A1D270F4F6] - 21/01/2008 - 3:23:24 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1122360]
O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 2/11/2006 - 10:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106088]
O58 - SDL:[MD5.84ED2154239F9D013BBD3220755ADA8B] - 28/07/2009 - 21:38:14 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys [2324512]
O58 - SDL:[MD5.53892CBD9735A80712EE9439268344B4] - 28/07/2009 - 15:49:26 ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS6 32-bit Driver.) -- C:\Windows\system32\drivers\Rtlh86.sys [142848]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 2/11/2006 - 7:37:21 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.A99C6C8B0BAA970D8AA59DDC50B57F94] - 21/01/2008 - 3:23:26 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [74808]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 5/09/2009 - 15:28:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\system32\drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 2/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys [35944]
O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 2/11/2006 - 10:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys [31848]
O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 2/11/2006 - 10:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys [34920]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 3:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 2/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 3:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.AADF5587A4063F52C2C3FED7887426FC] - 21/01/2008 - 3:23:00 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [20024]
O58 - SDL:[MD5.587253E09325E6BF226B299774B728A9] - 21/01/2008 - 3:23:23 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [130616]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2/11/2006 - 8:09:42 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2/11/2006 - 8:09:45 ---A- . (...) -- C:\Windows\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2/11/2006 - 8:09:41 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2/11/2006 - 8:09:29 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2/11/2006 - 8:09:35 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2/11/2006 - 8:09:38 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2/11/2006 - 8:09:40 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2/11/2006 - 8:09:31 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 2/11/2006 - 8:09:20 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 2/11/2006 - 8:09:23 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 2/11/2006 - 8:09:24 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 2/11/2006 - 8:09:26 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 2/11/2006 - 8:09:22 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: OTL - (.OldTimer.)



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 13/02/2009 - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio(avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO
O64 - Services: CurCS - 1/09/2011 - C:\Windows\System32\DRIVERS\avgntflt.sys - avgntflt(avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT
O64 - Services: CurCS - 1/09/2011 - C:\Windows\System32\DRIVERS\avipbb.sys - avipbb(avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB
O64 - Services: CurCS - 6/07/2011 - C:\Windows\System32\DRIVERS\cmdguard.sys - COMODO Internet Security Sandbox Driver(cmdGuard) .(.COMODO - COMODO Internet Security Sandbox Driver.) - LEGACY_CMDGUARD
O64 - Services: CurCS - 6/07/2011 - C:\Windows\System32\DRIVERS\cmdhlp.sys - COMODO Internet Security Helper Driver(cmdHlp) .(.COMODO - COMODO Internet Security Helper Driver.) - LEGACY_CMDHLP
O64 - Services: CurCS - 15/10/2009 - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe - GameConsoleService(GameConsoleService) .(.WildTangent, Inc. - GameConsoleService.) - LEGACY_GAMECONSOLESERVICE
O64 - Services: CurCS - 6/07/2011 - C:\Windows\System32\DRIVERS\inspect.sys - COMODO Internet Security Firewall Driver(inspect) .(.COMODO - COMODO Internet Security Firewall Driver.) - LEGACY_INSPECT
O64 - Services: CurCS - 7/05/2010 - C:\Windows\System32\Drivers\LVPr2Mon.sys - Logitech LVPr2Mon Driver (LVPr2Mon) .(...) - LEGACY_LVPR2MON
O64 - Services: CurCS - 7/05/2010 - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe - Process Monitor(LVPrcSrv) .(.Logitech Inc. - LVPrcSrv Module..) - LEGACY_LVPRCSRV
O64 - Services: CurCS - 31/08/2011 - C:\Windows\system32\drivers\mbam.sys - MBAMProtector(MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMPROTECTOR
O64 - Services: CurCS - 22/07/2011 - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys - SASDIFSV(SASDIFSV) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - LEGACY_SASDIFSV
O64 - Services: CurCS - 12/07/2011 - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys - SASKUTIL(SASKUTIL) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASKUTIL.SYS.) - LEGACY_SASKUTIL
O64 - Services: CurCS - 17/06/2010 - C:\Windows\System32\DRIVERS\ssmdrv.sys - ssmdrv(ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV
O64 - Services: CurCS - 28/03/2011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe - Windows Live ID Sign-in Assistant(wlidsvc) .(.Microsoft Corp. - Microsoft® Windows Live ID Service.) - LEGACY_WLIDSVC



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {31309A66-5061-47FA-ACB5-4A0FCF91E791} - (Kelkoo) - http://be.kelkoopartners.net
O69 - SBI: SearchScopes [HKCU] {B4A50203-18C2-4091-A94A-48C5896E35FC} [DefaultScope] - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {F1EB027D-72A8-49D3-9E9A-679FA13773F8} - (Yahoo!) - http://fr.search.yahoo.com



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.05D64D3F1883C03D09EFE15D68299FBA] [SPRF] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 11.0 r1.) -- C:\Users\papa\Desktop\flashplayer11_rc1_install_win_ax32_090611.exe [3797664]
[MD5.E8269245566BE948F6A219135B434160] [SPRF] (.Trend Micro Inc. - HijackThis.) -- C:\Users\papa\Desktop\HiJackThis.exe [401720]
[MD5.9C5D9456BB797D1C1519A6AA12A70B8B] [SPRF] (.OldTimer Tools - Pas de description.) -- C:\Users\papa\Desktop\OTL.exe [582656]
[MD5.1C83B40A20758AEA09A5A7DD4AAAEBAA] [SPRF] (.SUPERAntiSpyware.com - SUPERAntiSpyware Free Edition Setup.) -- C:\Users\papa\Desktop\SUPERAntiSpyware.exe [12549808]



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus de l’autorité de sécurité locale.) -- C:\Windows\system32\lsass.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "NetPres-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "NetPres-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Connect to a Network Projector.) -- C:\Windows\system32\netproj.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe
O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe
O87 - FAEL: "WinCollab-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-In-UDP" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Windows Meeting Space.) -- C:\Program Files\Windows Collaboration\WinCollab.exe
O87 - FAEL: "WinCollab-DFSR-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Réplication DFS.) -- C:\Windows\system32\dfsr.exe
O87 - FAEL: "WinCollab-DFSR-In-TCP" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Réplication DFS.) -- C:\Windows\system32\dfsr.exe
O87 - FAEL: "{8FACE844-E025-4FB9-A40B-C3B0121BC540}" | In - Private - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe
O87 - FAEL: "TCP Query User{295FC279-A981-46EB-89C0-F8A9D31037CC}C:\program files\windows live\messenger\msnmsgr.exe" | In - Private - P6 - TRUE | .(.Microsoft Corporation.) -- C:\program files\windows live\messenger\msnmsgr.exe
O87 - FAEL: "UDP Query User{E2FBFB48-BD6E-4618-ABDD-98E76F73A055}C:\program files\windows live\messenger\msnmsgr.exe" | In - Private - P17 - TRUE | .(.Microsoft Corporation.) -- C:\program files\windows live\messenger\msnmsgr.exe



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 12/08/2011 116608 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/09/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 5/09/2009 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 5/09/2009 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 6/07/2011 1793712 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SS - | Demand 5/11/2009 238328 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
SR - | Auto 27/07/2009 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 5/09/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 27/07/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Disabled 9/11/2010 162648 | (LVPrcSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
SS - | Disabled 21/09/2011 366152 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 30/11/2010 129640 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by papa at 22/09/2011 21:51:25

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin



End of the scan (1022 lines in 04mn 58s)(0)



#5 anderlecht

anderlecht
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 22 September 2011 - 03:19 PM

new version new log

Rapport de ZHPDiag v1.28.1350 par Nicolas Coolman, Update du 20/09/2011
Run by papa at 22/09/2011 22:11:53
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 7.0 v7.0 (Defaut)

---\\ Windows Product Information
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3070 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 735 GB (80%) free of 918 GB

---\\ Logged in mode
~ Computer Name: PC-DE-PAPA
~ User Name: papa
~ All Users Names: papa, anne, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\papa\AppData\Roaming\
~ %Desktop% : C:\Users\papa\Desktop\
~ %Favorites% : C:\Users\papa\Favorites\
~ %LocalAppData% : C:\Users\papa\AppData\Local\
~ %StartMenu% : C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 735 Go of 918 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.24/09/2009 - 7:27:36.) -- C:\Windows\Explorer.exe [2926592]
[MD5.4B555106290BD117334E9A08761C035A] - (....) (.2/11/2006 - 10:45:37.) -- C:\Windows\system32\rundll32.exe [44544]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 3:23:42.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.2C7332C222D1FE1FC57D622699A8C001] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.10/08/2011 - 3:48:26.) -- C:\Windows\system32\wininet.dll [1126912]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.24/09/2009 - 7:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]
[MD5.2D9C903DC76A66813D350A562DE40ED9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 3:23:00.) -- C:\Windows\system32\drivers\atapi.sys [21560]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/09/2009 - 7:32:49.) -- C:\Windows\system32\drivers\ntfs.sys [1083880]
[MD5.95F5FF73B076576C41740F1A842B9B57] - (....) (.28/07/2009 - 2:56:48.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 0/383
~ Mes musiques (My Musics) : 0/2
~ Mes Videos (My Video) : 0/2
~ Mes Favoris (My Favorites) : 0/20
~ Mes Documents (My Documents) : 0/4
~ Mon Bureau (My Desktop) : 0/218
~ Menu demarrer (Programs) : 0/21
~ Scan Hidden Files in 00mn 00s



---\\ Processus lancés
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [281768] [PID.2752]
[MD5.895E17BFF96D3114FD19CEC65A0E749E] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2554696] [PID.2760]
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.2920]
[MD5.01CA6E9F4E6E8B2DBE0D365CCAA312C1] - (.Avira GmbH - On-Demand Scanner.) -- C:\Program Files\Avira\AntiVir Desktop\avscan.exe [484008] [PID.3392]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.2944]
[MD5.DA659301855BD4C7BBBE48DA21429422] - (.Pas de propriétaire - Core functionality module for HP Remote sof.) -- C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE [143360] [PID.1896]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\eHome\EHTray.exe [125952] [PID.4148]
[MD5.87FC73E841F41CBE4B464949D5B0C39A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632] [PID.5556]
[MD5.3AEF6731E9EC8E0FAD97177AE3E47E36] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856] [PID.6120]
[MD5.B26A2F3CD6459548DB6891D138080876] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2121216] [PID.4812]
[MD5.19844598118A8CC5D0352F380C697ECB] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 197.9.) -- C:\Windows\system32\nvvsvc.exe [129640] [PID.]
[MD5.43F37E8F60F3677E84C6AFC70C784AFD] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1793712] [PID.]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.]
[MD5.A5BCBAF0477C4869B67E0195AEA4A9CD] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360] [PID.]
[MD5.C0393EB99A6C72C6BEF9BFC4A72B33A6] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608] [PID.]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.]
[MD5.3CCE4AFA4AACDB28E01A148394212186] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480] [PID.]
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728] [PID.]
[MD5.CDE000884FD7BAF0C1FDFE029B0891DE] - (.Avira GmbH - AntiVir shadow copy service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [76968] [PID.]
[MD5.F79525634B192F5A18DE503568F94EF3] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.]
[MD5.AA9EF0B395097F24D289F64445B2FD2E] - (.Hewlett-Packard - HP Health Check Service.) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208] [PID.]
[MD5.AD1870C8E5D6DD340C829E6074BF3C3F] - (.Microsoft Corporation - Service de planification Windows Media Cent.) -- C:\Windows\ehome\ehsched.exe [131072] [PID.]
[MD5.9BE3744D295A7701EB425332014F0797] - (.Microsoft Corporation - Service de réception Windows Media Center.) -- C:\Windows\ehome\ehRecvr.exe [292352] [PID.]
[MD5.DB3D19F850C6EB32BDCB9BC0836ACDDB] - (.Microsoft Corporation - Service de cliché instantané de volumes Mic.) -- C:\Windows\system32\vssvc.exe [1055232] [PID.]
~ Scan Processes Running in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\7vvw86zk.default\prefs.js
C:\Users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\7vvw86zk.default\user.js (.not file.)
M3 - MFPP: Plugins - [papa] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [papa] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [papa] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [papa] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [papa] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [papa] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [papa] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
M0 - MFSP: prefs.js [papa - 7vvw86zk.default] http://www.dhnet.be
M2 - MFEP: prefs.js [papa - 7vvw86zk.default\firefox@ghostery.com] [] Ghostery v2.6.0.1 (.Evidon, Inc..)
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll
P2 - FPN:Firefox Plugin Navigator . (.Oracle Corporation - NPRuntime Script Plug-in Library for Java™ Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.1.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Oracle Corporation - Next Generation Java Plug-in 10.0.0 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60531.0.) -- c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.1.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKUS\S-1-5-21-3790488275-2234851889-1404318780-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\system32\ieframe.dll
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
~ Scan BHO in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3790488275-2234851889-1404318780-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-3790488275-2234851889-1404318780-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk . (.CyberLink.) -- C:\Program Files\Cyberlink\CyberLink DVD Suite Deluxe\PowerStarter.exe
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\papa\Desktop\Courrier électronique - Raccourci.lnk - Clé orpheline
O4 - Global Startup: C:\Users\papa\Desktop\HijackThis.lnk . (.Trend Micro Inc..) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\papa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Scan Global Startup in 00mn 00s



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~3\Office12\EXCEL.exe
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Scan Winsock in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{15A553E9-AF7D-4D01-A45D-36DE57300050}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{15A553E9-AF7D-4D01-A45D-36DE57300050}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{15A553E9-AF7D-4D01-A45D-36DE57300050}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{15A553E9-AF7D-4D01-A45D-36DE57300050}: DhcpNameServer = 192.168.1.1
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll
O18 - Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
~ Scan Protocole Additionnel in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: !SASWinLogon . (.SUPERAntiSpyware.com - SUPERAntiSpyware WinLogon Processor.) -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
~ Scan Winlogon in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll
~ Scan SSODL in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll
~ Scan STS/SSO in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: SAS Core Service (!SASCORE) . (.SUPERAntiSpyware.com - Core Service.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) . (.COMODO - COMODO Internet Security.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: HP Health Check Service (HP Health Check Service) . (.Hewlett-Packard - HP Health Check Service.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 197.9.) - C:\Windows\system32\nvvsvc.exe
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.0C8A70BC3BAAF7BF69DCA495C1E1AB79] [APT] [HP Health Check] (.Hewlett-Packard.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[MD5.A933F72E5CB6A67270B931468EB0490A] [APT] [HPCeeScheduleForpapa] (.Hewlett-Packard.) -- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
[MD5.C1028CBDF27FCF0AA6D39DF121D0B134] [APT] [RecoveryCD] (...) -- C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe
~ Scan Scheduled Task in 00mn 03s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avgio) . (.Avira GmbH - Avira AntiVir Support for Minifilter.) - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\system32\DRIVERS\avipbb.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: (cmdGuard) . (.COMODO - COMODO Internet Security Sandbox Driver.) - C:\Windows\system32\DRIVERS\cmdguard.sys
O41 - Driver: (cmdHlp) . (.COMODO - COMODO Internet Security Helper Driver.) - C:\Windows\system32\DRIVERS\cmdhlp.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\system32\DRIVERS\i8042prt.sys
O41 - Driver: (inspect) . (.COMODO - COMODO Internet Security Firewall Driver.) - C:\Windows\system32\DRIVERS\inspect.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\system32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre clavier HID.) - C:\Windows\system32\DRIVERS\kbdhid.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\system32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\system32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: (SASDIFSV) . (.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys
O41 - Driver: (SASKUTIL) . (.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASKUTIL.SYS.) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\system32\DRIVERS\smb.sys
O41 - Driver: (ssmdrv) . (.Avira GmbH - AVIRA SnapShot Driver.) - C:\Windows\system32\DRIVERS\ssmdrv.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\system32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
~ Scan Drivers in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Activation Assistant for the 2007 Microsoft Office suites - (.Microsoft Corporation.) [HKLM] -- Activation Assistant for the 2007 Microsoft Office suites
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Camera RAW Plug-In for EPSON Creativity Suite - (.Pas de propriétaire.) [HKLM] -- {8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}
O42 - Logiciel: CyberLink DVD Suite Deluxe - (.CyberLink Corp..) [HKLM] -- InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: CyberLink DVD Suite Deluxe - (.CyberLink Corp..) [HKLM] -- {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: EPSON Copy Utility 3 - (.Pas de propriétaire.) [HKLM] -- {67EDD823-135A-4D59-87BD-950616D6E857}
O42 - Logiciel: EPSON File Manager - (.Pas de propriétaire.) [HKLM] -- {2EB81825-E9EE-44F4-8F51-1240C3898DC6}
O42 - Logiciel: EPSON Logiciel imprimante - (.SEIKO EPSON Corporation.) [HKLM] -- EPSON Printer and Utilities
O42 - Logiciel: EPSON Scan - (.Pas de propriétaire.) [HKLM] -- EPSON Scanner
O42 - Logiciel: EPSON Scan Assistant - (.Pas de propriétaire.) [HKLM] -- {2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}
O42 - Logiciel: HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {0295F89F-F698-4101-9A7D-49F407EC2D82}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {B84739A3-F943-47E4-95D8-96381EF5AC48}
O42 - Logiciel: HP Games - (.WildTangent.) [HKLM] -- WildTangent hp Master Uninstall
O42 - Logiciel: HP MediaSmart DVD - (.Hewlett-Packard.) [HKLM] -- InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}
O42 - Logiciel: HP MediaSmart DVD - (.Hewlett-Packard.) [HKLM] -- {DCCAD079-F92C-44DA-B258-624FC6517A5A}
O42 - Logiciel: HP MediaSmart Music/Photo/Video - (.Hewlett-Packard.) [HKLM] -- InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}
O42 - Logiciel: HP MediaSmart Music/Photo/Video - (.Hewlett-Packard.) [HKLM] -- {B2EE25B9-5B00-4ACF-94F0-92433C28C39E}
O42 - Logiciel: HP Total Care Setup - (.Hewlett-Packard.) [HKLM] -- {784BEA84-FA66-4B19-BB80-7B545F248AC6}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Intel® Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: LabelPrint - (.CyberLink Corp..) [HKLM] -- InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: LabelPrint - (.CyberLink Corp..) [HKLM] -- {C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Logitech Vid HD - (.Logitech Inc...) [HKLM] -- Logitech Vid
O42 - Logiciel: Logitech Webcam Software - (.Logitech Inc..) [HKLM] -- {D40EB009-0499-459c-A8AF-C9C110766215}
O42 - Logiciel: MAGIX Video deluxe SE 6.0.5.0 (F) - (.MAGIX AG.) [HKLM] -- MAGIX Video deluxe SE F
O42 - Logiciel: Magic Desktop - (.EasyBits Software AS.) [HKLM] -- EasyBits Magic Desktop
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.2.1300 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Mozilla Firefox 7.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 7.0 (x86 fr)
O42 - Logiciel: NVIDIA Display Control Panel - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Display Control Panel
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: Package de pilotes Windows - ACS (ACSSCR) SmartCardReader (06/15/2009 1.1.6.1) - (.ACS.) [HKLM] -- 5B693A45377E76C1C6F833AC636C5D61522090CB
O42 - Logiciel: Power2Go - (.CyberLink Corp..) [HKLM] -- InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: Power2Go - (.CyberLink Corp..) [HKLM] -- {40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: PowerDirector - (.CyberLink Corp..) [HKLM] -- InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: PowerDirector - (.CyberLink Corp..) [HKLM] -- {CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: SUPERAntiSpyware - (.SUPERAntiSpyware.com.) [HKLM] -- {CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CD769337-C8AC-46DB-A7DC-643E50089263}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{536FB502-775F-4494-BACE-C02CC90B7A5B}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2553074) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{5729F1AE-5895-468F-9165-BAD161C9E982}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2553089) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{01D4CA59-7070-4420-9BCC-0EFA7C5D76BE}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2553090) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{643C12A2-AF9A-4712-B8BE-3B7650AFE00A}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2584063) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BF3F1CBD-B05C-4644-AE43-6EE0FCC227A4}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2553073) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{65EA4836-B5A3-4C1D-8883-0C35E471003A}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2535818) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523
O42 - Logiciel: Update for Microsoft Office 2007 (KB2508958) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
O42 - Logiciel: Update for Microsoft Office 2007 System (KB2539530) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
O42 - Logiciel: Update for Microsoft Office OneNote 2007 (KB980729) - (.Microsoft.) [HKLM] -- {91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}
O42 - Logiciel: Version d'évaluation de Microsoft Office Home and Student 2007 - (.Microsoft Corporation.) [HKLM] -- HOMESTUDENTR
O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avira]
[HKCU\Software\BEID]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\ComodoGroup]
[HKCU\Software\CyberLink]
[HKCU\Software\EPSON]
[HKCU\Software\ESET]
[HKCU\Software\F-Secure]
[HKCU\Software\Freeware]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\JavaSoft]
[HKCU\Software\Leadertech]
[HKCU\Software\LightScribe]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\LogiShrd]
[HKCU\Software\Logitech]
[HKCU\Software\MAGIX AG]
[HKCU\Software\Macromedia]
[HKCU\Software\Magix]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MimarSinan]
[HKCU\Software\Mozilla]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\Norton]
[HKCU\Software\ODBC]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\SUPERAntiSpyware.com]
[HKCU\Software\Skype]
[HKCU\Software\Softthinks]
[HKCU\Software\SupportSoft]
[HKCU\Software\Theorica]
[HKCU\Software\Trolltech]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKLM\Software\Acudata]
[HKLM\Software\Adobe]
[HKLM\Software\Avira]
[HKLM\Software\BEID]
[HKLM\Software\CDDB]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\ComodoGroup]
[HKLM\Software\CyberLink]
[HKLM\Software\EPSON]
[HKLM\Software\EasyBits]
[HKLM\Software\Eset]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IDAVLab]
[HKLM\Software\InstallShield]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\Khronos]
[HKLM\Software\LightScribe]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\Magix]
[HKLM\Software\Malwarebytes' Anti-Malware (Trial)]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MimarSinan]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\Panda Software]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\SUPERAntiSpyware.com]
[HKLM\Software\Sonic]
[HKLM\Software\SymNRT]
[HKLM\Software\Symantec]
[HKLM\Software\TrendMicro]
[HKLM\Software\Volatile]
[HKLM\Software\WOW6432Node]
[HKLM\Software\WildTangent]
[HKLM\Software\Wilson WindowWare]
[HKLM\Software\WinRAR]
[HKLM\Software\X-AVCSD]
[HKLM\Software\eFilm Medical]
[HKLM\Software\logishrd]
[HKLM\Software\mozilla.org]
~ Scan Softwares in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 3/02/2010 - 21:04:18 - [376383] ----D- C:\Program Files\ACR38U PCSC Driver 1.1.6.1
O43 - CFD: 6/12/2009 - 14:03:42 - [12686438] ----D- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
O43 - CFD: 21/09/2011 - 11:00:58 - [116852806] ----D- C:\Program Files\Adobe
O43 - CFD: 5/09/2009 - 15:34:42 - [208328895] ----D- C:\Program Files\Avira
O43 - CFD: 3/02/2010 - 21:05:14 - [12872915] ----D- C:\Program Files\Belgium Identity Card
O43 - CFD: 13/09/2011 - 21:02:46 - [4118120] ----D- C:\Program Files\CCleaner
O43 - CFD: 21/09/2011 - 11:00:58 - [850613926] ----D- C:\Program Files\Common Files
O43 - CFD: 27/06/2011 - 7:43:48 - [102494912] ----D- C:\Program Files\COMODO
O43 - CFD: 27/07/2009 - 19:19:26 - [910828798] ----D- C:\Program Files\Cyberlink
O43 - CFD: 3/02/2010 - 21:04:20 - [361440] ----D- C:\Program Files\DIFX
O43 - CFD: 7/09/2009 - 5:32:40 - [90816158] ----D- C:\Program Files\EasyBits For Kids
O43 - CFD: 2/05/2011 - 11:27:36 - [52934285] ----D- C:\Program Files\epson
O43 - CFD: 20/09/2011 - 13:38:58 - [124628152] ----D- C:\Program Files\ESET
O43 - CFD: 20/08/2010 - 15:36:30 - [642130844] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 27/07/2009 - 19:23:20 - [4057249] ----D- C:\Program Files\HP
O43 - CFD: 27/07/2009 - 19:35:28 - [374054055] ----D- C:\Program Files\HP Games
O43 - CFD: 2/05/2011 - 11:39:40 - [90850395] ----D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 5/09/2009 - 14:35:38 - [61739168] ----D- C:\Program Files\Intel
O43 - CFD: 10/08/2011 - 14:52:22 - [5388902] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 13/08/2011 - 11:59:36 - [327524406] ----D- C:\Program Files\Java
O43 - CFD: 11/11/2010 - 7:22:24 - [131425896] ----D- C:\Program Files\Logitech
O43 - CFD: 30/01/2010 - 14:43:32 - [319952302] ----D- C:\Program Files\MAGIX
O43 - CFD: 21/09/2011 - 13:42:06 - [7003649] ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 12/11/2010 - 9:40:46 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 2/11/2006 - 14:37:36 - [93446071] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 2/07/2011 - 10:37:46 - [378251367] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 16/06/2011 - 8:38:28 - [38411899] ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 17/12/2010 - 6:38:34 - [145421942] ----D- C:\Program Files\Microsoft Works
O43 - CFD: 26/06/2010 - 8:59:48 - [8167779] ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 13/08/2010 - 5:28:34 - [99342446] ----D- C:\Program Files\Movie Maker
O43 - CFD: 22/09/2011 - 22:02:40 - [37512973] ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 2/11/2006 - 14:37:36 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 6/12/2009 - 13:56:08 - [27892223] ----D- C:\Program Files\MSECache
O43 - CFD: 5/09/2009 - 14:44:44 - [0] ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 30/11/2010 - 17:47:22 - [20656009] ----D- C:\Program Files\NVIDIA Corporation
O43 - CFD: 12/10/2009 - 8:25:54 - [445943] R---D- C:\Program Files\Online Services
O43 - CFD: 19/09/2011 - 10:11:48 - [44852430] ----D- C:\Program Files\Python
O43 - CFD: 27/07/2009 - 18:46:42 - [85145428] ----D- C:\Program Files\Realtek
O43 - CFD: 2/11/2006 - 14:37:36 - [39998721] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 25/12/2009 - 10:56:22 - [37143990] ----D- C:\Program Files\SMINST
O43 - CFD: 10/09/2011 - 13:54:08 - [68561161] ----D- C:\Program Files\SUPERAntiSpyware
O43 - CFD: 27/07/2009 - 19:11:10 - [0] ----D- C:\Program Files\Temp
O43 - CFD: 27/06/2011 - 17:03:32 - [403393] ----D- C:\Program Files\Trend Micro
O43 - CFD: 2/11/2006 - 15:01:56 - [0] ----D- C:\Program Files\Uninstall Information
O43 - CFD: 12/10/2009 - 14:51:52 - [1016832] ----D- C:\Program Files\Windows Calendar
O43 - CFD: 12/10/2009 - 14:51:50 - [2737152] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 12/10/2009 - 14:51:48 - [4490624] ----D- C:\Program Files\Windows Defender
O43 - CFD: 21/09/2011 - 22:02:42 - [7084664] ----D- C:\Program Files\Windows Journal
O43 - CFD: 11/08/2011 - 19:25:12 - [62369527] ----D- C:\Program Files\Windows Live
O43 - CFD: 17/09/2011 - 3:05:36 - [9116344] ----D- C:\Program Files\Windows Mail
O43 - CFD: 15/10/2010 - 3:21:54 - [4498121] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 5/09/2009 - 14:31:36 - [7957544] ----D- C:\Program Files\Windows NT
O43 - CFD: 12/10/2009 - 14:51:50 - [13528738] ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 19/11/2009 - 20:03:06 - [134144] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 12/10/2009 - 14:51:52 - [8947370] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 5/11/2009 - 15:31:50 - [3921490] ----D- C:\Program Files\WinRAR
O43 - CFD: 22/09/2011 - 22:12:08 - [8142343] ----D- C:\Program Files\ZHPDiag
O43 - CFD: 21/09/2011 - 11:01:48 - [3606170] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 6/12/2009 - 14:02:30 - [92976] ----D- C:\Program Files\Common Files\DESIGNER
O43 - CFD: 6/11/2009 - 21:14:32 - [8106313] ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 13/08/2011 - 12:01:12 - [1239723] ----D- C:\Program Files\Common Files\Java
O43 - CFD: 27/07/2009 - 19:23:04 - [32098366] ---AD- C:\Program Files\Common Files\LightScribe
O43 - CFD: 30/11/2010 - 17:55:04 - [72663177] ----D- C:\Program Files\Common Files\LogiShrd
O43 - CFD: 27/07/2009 - 19:23:00 - [56657] ---AD- C:\Program Files\Common Files\LS Getting Started
O43 - CFD: 9/11/2010 - 17:16:34 - [5241923] ----D- C:\Program Files\Common Files\LWS
O43 - CFD: 30/01/2010 - 14:44:50 - [1570387] ----D- C:\Program Files\Common Files\MAGIX Shared
O43 - CFD: 11/08/2011 - 19:24:20 - [436917690] ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 2/11/2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 2/11/2006 - 13:18:34 - [41101735] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 6/10/2009 - 15:45:24 - [3609311] ----D- C:\Program Files\Common Files\SupportSoft
O43 - CFD: 12/10/2009 - 14:51:50 - [42750094] ----D- C:\Program Files\Common Files\System
O43 - CFD: 6/09/2009 - 17:41:34 - [201556702] ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 5/09/2009 - 15:34:42 - [82749239] ----D- C:\ProgramData\Avira
O43 - CFD: 5/09/2009 - 14:31:36 - [0] -SH-D- C:\ProgramData\Bureaublad
O43 - CFD: 27/06/2011 - 16:55:58 - [34204510] ----D- C:\ProgramData\Comodo
O43 - CFD: 14/10/2009 - 9:36:00 - [134605] ----D- C:\ProgramData\CyberLink
O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 5/09/2009 - 14:31:36 - [0] -SH-D- C:\ProgramData\Documenten
O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 2/05/2011 - 11:12:26 - [826966] ----D- C:\ProgramData\EPSON
O43 - CFD: 5/09/2009 - 14:31:36 - [0] -SH-D- C:\ProgramData\Favorieten
O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 5/09/2009 - 14:38:26 - [43940767] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 5/11/2009 - 15:32:50 - [5098] ----D- C:\ProgramData\LightScribe
O43 - CFD: 9/11/2010 - 17:19:56 - [266] ----D- C:\ProgramData\LogiShrd
O43 - CFD: 9/11/2010 - 17:16:38 - [21140950] ----D- C:\ProgramData\Logitech
O43 - CFD: 30/01/2010 - 19:19:20 - [0] ----D- C:\ProgramData\MAGIX
O43 - CFD: 21/09/2011 - 13:42:06 - [7263559] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 5/09/2009 - 14:31:36 - [0] -SH-D- C:\ProgramData\Menu Start
O43 - CFD: 10/11/2010 - 16:47:16 - [183050668] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 17/09/2011 - 3:05:48 - [57040] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 30/11/2010 - 17:47:38 - [277096] ----D- C:\ProgramData\NVIDIA
O43 - CFD: 6/10/2009 - 15:34:38 - [588] ----D- C:\ProgramData\Office Genuine Advantage
O43 - CFD: 5/09/2009 - 14:31:36 - [0] -SH-D- C:\ProgramData\Sjablonen
O43 - CFD: 2/11/2006 - 15:02:04 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 10/09/2011 - 13:53:48 - [94234231] ----D- C:\ProgramData\SUPERAntiSpyware.com
O43 - CFD: 27/07/2009 - 19:22:04 - [254094] ----D- C:\ProgramData\Temp
O43 - CFD: 2/11/2006 - 15:02:06 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 6/11/2009 - 21:11:50 - [3184] ----D- C:\ProgramData\UDL
O43 - CFD: 5/11/2009 - 14:22:42 - [3263697581] ----D- C:\ProgramData\WildTangent
O43 - CFD: 6/12/2009 - 14:03:42 - [6904801] ----D- C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 21/09/2011 - 13:00:16 - [0] ----D- C:\Users\papa\AppData\Roaming\Adobe
O43 - CFD: 29/03/2011 - 10:54:54 - [0] ----D- C:\Users\papa\AppData\Roaming\Avira
O43 - CFD: 14/10/2009 - 9:37:08 - [134] ----D- C:\Users\papa\AppData\Roaming\CyberLink
O43 - CFD: 5/07/2011 - 18:42:30 - [153] ----D- C:\Users\papa\AppData\Roaming\EPSON
O43 - CFD: 5/09/2009 - 14:41:28 - [21564] ----D- C:\Users\papa\AppData\Roaming\Hewlett-Packard
O43 - CFD: 5/09/2009 - 14:36:06 - [23572] ----D- C:\Users\papa\AppData\Roaming\HP TCS
O43 - CFD: 5/09/2009 - 14:40:44 - [0] ----D- C:\Users\papa\AppData\Roaming\Identities
O43 - CFD: 21/09/2011 - 12:57:36 - [0] ----D- C:\Users\papa\AppData\Roaming\InstallShield
O43 - CFD: 21/09/2011 - 13:00:16 - [740] ----D- C:\Users\papa\AppData\Roaming\Macromedia
O43 - CFD: 21/09/2011 - 13:42:34 - [0] ----D- C:\Users\papa\AppData\Roaming\Malwarebytes
O43 - CFD: 2/11/2006 - 14:37:36 - [0] ----D- C:\Users\papa\AppData\Roaming\Media Center Programs
O43 - CFD: 22/09/2011 - 21:38:26 - [738062] -S--D- C:\Users\papa\AppData\Roaming\Microsoft
O43 - CFD: 5/09/2009 - 15:04:42 - [19483883] ----D- C:\Users\papa\AppData\Roaming\Mozilla
O43 - CFD: 7/10/2009 - 17:50:58 - [0] ----D- C:\Users\papa\AppData\Roaming\PeerNetworking
O43 - CFD: 31/07/2011 - 13:41:26 - [21007] ----D- C:\Users\papa\AppData\Roaming\QuickScan
O43 - CFD: 10/09/2011 - 13:54:08 - [40960] ----D- C:\Users\papa\AppData\Roaming\SUPERAntiSpyware.com
O43 - CFD: 21/09/2011 - 12:55:58 - [0] ----D- C:\Users\papa\AppData\Roaming\Template
O43 - CFD: 23/09/2009 - 12:21:40 - [717] ----D- C:\Users\papa\AppData\Roaming\WildTangent
O43 - CFD: 5/11/2009 - 15:31:52 - [12] ----D- C:\Users\papa\AppData\Roaming\WinRAR
O43 - CFD: 5/09/2009 - 14:32:10 - [0] -SH-D- C:\Users\papa\AppData\Local\Application Data
O43 - CFD: 5/09/2009 - 14:41:24 - [6910280] ----D- C:\Users\papa\AppData\Local\Hewlett-Packard
O43 - CFD: 5/09/2009 - 14:32:10 - [0] -SH-D- C:\Users\papa\AppData\Local\Historique
O43 - CFD: 9/11/2010 - 17:19:30 - [1391349] ----D- C:\Users\papa\AppData\Local\LogiShrd
O43 - CFD: 21/09/2011 - 13:14:40 - [316963613] ----D- C:\Users\papa\AppData\Local\Microsoft
O43 - CFD: 26/03/2011 - 13:16:40 - [381447] ----D- C:\Users\papa\AppData\Local\Microsoft Games
O43 - CFD: 6/12/2009 - 14:00:20 - [0] ----D- C:\Users\papa\AppData\Local\Microsoft Help
O43 - CFD: 5/09/2009 - 15:04:36 - [57775750] ----D- C:\Users\papa\AppData\Local\Mozilla
O43 - CFD: 6/12/2009 - 14:03:32 - [285696] ----D- C:\Users\papa\AppData\Local\Seven Zip
O43 - CFD: 22/09/2011 - 22:11:12 - [173524] ----D- C:\Users\papa\AppData\Local\Temp
O43 - CFD: 5/09/2009 - 14:32:10 - [0] -SH-D- C:\Users\papa\AppData\Local\Temporary Internet Files
O43 - CFD: 30/11/2010 - 17:48:56 - [11708] ----D- C:\Users\papa\AppData\Local\VirtualStore
O43 - CFD: 22/09/2011 - 21:09:22 - [45056] ----D- C:\Users\papa\AppData\Local\Windows Live
O43 - CFD: 22/09/2011 - 21:09:16 - [0] ----D- C:\Users\papa\AppData\Local\{D3B16EBD-97CB-40D9-B29D-23163FBD8331}
O43 - CFD: 22/09/2011 - 21:09:12 - [0] ----D- C:\Users\papa\AppData\Local\{EEE60F40-4FD2-46FB-A857-498AA5B16A31}
~ Scan Program Folder in 03mn 35s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0F78D3DAE6DEDD99AE54C9491C62ADF2] - 1/09/2011 - 4:25:24 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [138192]
O44 - LFC:[MD5.1E4114685DE1FFA9675E09C6A1FB3F4B] - 1/09/2011 - 4:25:24 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [66616]
O44 - LFC:[MD5.51B981B0CB6D5CE41269EF63BB78957B] - 19/09/2011 - 9:24:45 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.0957FE1C00A10BAA2429694A44D30137] - 21/09/2011 - 9:48:23 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\Windows\system32\FlashPlayerCPLApp.cpl [414368]
O44 - LFC:[MD5.B65A76B579B2D8BEE7746C526A2DEAA7] - 22/09/2011 - 7:44:33 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/09/2011 - 20:51:58 ---A- . (...) -- C:\Windows\setupact.log [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/09/2011 - 20:51:58 ---A- . (...) -- C:\Windows\setuperr.log [0]
O44 - LFC:[MD5.8EBF6ECC05228F1FDFF32F3F9F74314C] - 21/09/2011 - 16:00:29 ---A- . (...) -- C:\TDSSKiller.2.5.23.0_21.09.2011_17.00.09_log.txt [61284]
O44 - LFC:[MD5.F522395666353470620B51D335DFDDD2] - 21/09/2011 - 12:01:34 ---A- . (...) -- C:\JavaRa.log [23195]
O44 - LFC:[MD5.69A6268D7F81E53D568AB4E7E991CAF3] - 31/08/2011 - 16:00:50 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [22216]
~ Scan Files in 00mn 04s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\system32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"vidc.i420"="lvcodec2.dll" . (.Logitech Inc. - Video Codec.) -- C:\Windows\system32\lvcodec2.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\system32\iccvid.dll
O52 - TDSD: \Drivers32\"msacm.l3codecp"="l3codecp.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\system32\l3codecp.acm
O52 - TDSD: \Drivers32\"vidc.dvsd"="pdvcodec.dll" . (.Matsubleepa Electric Industrial Co., Ltd. - DV Video for Windows Driver.) -- C:\Windows\system32\pdvcodec.dll
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"c:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM"="CyberLink MP3 Encoder" . (...) -- (.not file.)
~ Scan Keys in 00mn 02s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Adobe ARM [Key] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O53 - SMSR:HKLM\...\startupreg\Adobe Reader Speed Launcher [Key] . (...) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\beid [Key] . (.Belgian Government - beidgui executable.) -- C:\Program Files\Belgium Identity Card\beid35gui.exe
O53 - SMSR:HKLM\...\startupreg\CLMLServer for HP TouchSmart [Key] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O53 - SMSR:HKLM\...\startupreg\DVDAgent [Key] . (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
O53 - SMSR:HKLM\...\startupreg\EPSON Stylus DX4400 Series [Key] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe
O53 - SMSR:HKLM\...\startupreg\EPSON Stylus DX4400 Series (Copie 1) [Key] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe
O53 - SMSR:HKLM\...\startupreg\EPSON Stylus DX4400 Series (Copie 2) [Key] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe
O53 - SMSR:HKLM\...\startupreg\HP Health Check Scheduler [Key] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O53 - SMSR:HKLM\...\startupreg\HP Remote Software [Key] . (.Pas de propriétaire - Core functionality module for HP Remote sof.) -- C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
O53 - SMSR:HKLM\...\startupreg\HP Software Update [Key] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O53 - SMSR:HKLM\...\startupreg\HPADVISOR [Key] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O53 - SMSR:HKLM\...\startupreg\hpsysdrv [Key] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe
O53 - SMSR:HKLM\...\startupreg\IAAnotif [Key] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O53 - SMSR:HKLM\...\startupreg\LightScribe Control Panel [Key] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O53 - SMSR:HKLM\...\startupreg\LWS [Key] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O53 - SMSR:HKLM\...\startupreg\SmartMenu [Key] . (.Hewlett-Packard - HP MediaSmart SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O53 - SMSR:HKLM\...\startupreg\SunJavaUpdateSched [Key] . (.Sun Microsystems, Inc. - Java™ Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O53 - SMSR:HKLM\...\startupreg\TSMAgent [Key] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
O53 - SMSR:HKLM\...\startupreg\UpdateLBPShortCut [Key] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O53 - SMSR:HKLM\...\startupreg\UpdateP2GoShortCut [Key] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O53 - SMSR:HKLM\...\startupreg\UpdatePDIRShortCut [Key] . (...) -- c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe7.0 (.not file.)
O53 - SMSR:HKLM\...\startupreg\Windows Defender [Key] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O53 - SMSR:HKLM\...\startupreg\WMPNSCFG [Key] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe
~ Scan SMSR Keys in 00mn 01s



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "HideFastUserSwitching"=0
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSharedDocuments"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0
~ Scan Keys in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.5F92E1E98EC2F4E6FE13D19AA3E24AD7] - 3/02/2010 - 3:01:42 ---A- . (.Advanced Card Systems Ltd - PCSC/CCID IFD Handler.) -- C:\Windows\system32\drivers\a38usb.sys [37632]
O58 - SDL:[MD5.7099700A3789AD64FBCE8EBE956DA65D] - 30/04/2004 - 13:35:00 ---A- . (.Advanced Card Systems Ltd - PCSC/CCID IFD Handler.) -- C:\Windows\system32\drivers\a38usbxp.sys [24832]
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 3:23:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.60505E0041F7751BDBB80F88BF45C2CE] - 21/01/2008 - 3:23:25 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [300600]
O58 - SDL:[MD5.8A42779B02AEC986EAB64ECFC98F8BD7] - 21/01/2008 - 3:23:26 ---A- . (.Adaptec, Inc. - Adaptec LH Ultra160 Driver (x86).) -- C:\Windows\system32\drivers\adpu160m.sys [101432]
O58 - SDL:[MD5.241C9E37F8CE45EF51C3DE27515CA4E5] - 21/01/2008 - 3:23:27 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) -- C:\Windows\system32\drivers\adpu320.sys [149560]
O58 - SDL:[MD5.9EAEF5FC9B8E351AFA7E78A6FAE91F91] - 21/01/2008 - 3:23:00 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [17464]
O58 - SDL:[MD5.5D2888182FB46632511ACEE92FDAD522] - 21/01/2008 - 3:23:23 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [79416]
O58 - SDL:[MD5.5E2A321BD7C8B3624E41FDEC3E244945] - 21/01/2008 - 3:23:24 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [79928]
O58 - SDL:[MD5.1E4114685DE1FFA9675E09C6A1FB3F4B] - 5/09/2009 - 4:25:24 ---A- . (.Avira GmbH - Avira Minifilter Driver.) -- C:\Windows\system32\drivers\avgntflt.sys [66616]
O58 - SDL:[MD5.0F78D3DAE6DEDD99AE54C9491C62ADF2] - 5/09/2009 - 4:25:24 ---A- . (.Avira GmbH - Avira Driver for Security Enhancement.) -- C:\Windows\system32\drivers\avipbb.sys [138192]
O58 - SDL:[MD5.9F9ACC7F7CCDE8A15C282D3F88B43309] - 2/11/2006 - 9:24:45 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [13568]
O58 - SDL:[MD5.56801AD62213A41F6497F96DEE83755A] - 2/11/2006 - 9:24:46 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [5248]
O58 - SDL:[MD5.B304E75CFF293029EDDF094246747113] - 2/11/2006 - 9:25:24 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [71808]
O58 - SDL:[MD5.203F0B1E73ADADBBB7B7B1FABD901F6B] - 2/11/2006 - 9:24:44 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [62336]
O58 - SDL:[MD5.BD456606156BA17E60A04E18016AE54B] - 2/11/2006 - 9:24:44 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [12160]
O58 - SDL:[MD5.AF72ED54503F717A43268B3CC5FAEC2E] - 2/11/2006 - 9:24:47 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [11904]
O58 - SDL:[MD5.DE82681C08EB3840913ED0338CBEE0BA] - 27/06/2011 - 7:04:53 ---A- . (.COMODO - COMODO Internet Security Eradication Driver.) -- C:\Windows\system32\drivers\cmderd.sys [19088]
O58 - SDL:[MD5.BBE32E04E88B0048EC16F1D6C8936C4B] - 27/06/2011 - 7:04:53 ---A- . (.COMODO - COMODO Internet Security Sandbox Driver.) -- C:\Windows\system32\drivers\cmdGuard.sys [238960]
O58 - SDL:[MD5.497590EA7A94B98EA7A4516EBF0FB8D2] - 27/06/2011 - 7:04:53 ---A- . (.COMODO - COMODO Internet Security Helper Driver.) -- C:\Windows\system32\drivers\cmdhlp.sys [36568]
O58 - SDL:[MD5.0CA25E686A4928484E9FDABD168AB629] - 21/01/2008 - 3:23:00 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [19000]
O58 - SDL:[MD5.AE1FDF7BF7BB6C6A70F67699D880592A] - 2/11/2006 - 10:50:11 ---A- . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) -- C:\Windows\system32\drivers\djsvs.sys [71272]
O58 - SDL:[MD5.5425F74AC0C1DBD96A1E04F17D63F94C] - 21/01/2008 - 3:23:24 ---A- . (.Intel Corporation - Pilote désérialisé NDIS 6 de la carte Intel® PRO/1000.) -- C:\Windows\system32\drivers\E1G60I32.sys [118784]
O58 - SDL:[MD5.23B62471681A124889978F6295B3F4C6] - 21/01/2008 - 3:23:22 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [342584]
O58 - SDL:[MD5.16EE7B23A009E00D835CDB79574A91A6] - 21/01/2008 - 3:23:26 ---A- . (.Hewlett-Packard Company - Smart Array Storport Driver.) -- C:\Windows\system32\drivers\HpCISSs.sys [40504]
O58 - SDL:[MD5.BAABB0301949774A66B955C65319635A] - 28/07/2009 - 13:34:52 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\Windows\system32\drivers\iaStor.sys [328728]
O58 - SDL:[MD5.54155EA1B0DF185878E0FC9EC3AC3A14] - 21/01/2008 - 3:23:23 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver (base).) -- C:\Windows\system32\drivers\iaStorV.sys [235064]
O58 - SDL:[MD5.2D077BF86E843F901D8DB709C95B49A5] - 2/11/2006 - 10:50:17 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [41576]
O58 - SDL:[MD5.1C65E930ABA113F2CE59D32C7D8BC03F] - 27/06/2011 - 7:04:54 ---A- . (.COMODO - COMODO Internet Security Firewall Driver.) -- C:\Windows\system32\drivers\inspect.sys [82400]
O58 - SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] - 2/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\system32\drivers\iteatapi.sys [35944]
O58 - SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] - 2/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\system32\drivers\iteraid.sys [35944]
O58 - SDL:[MD5.C7E15E82879BF3235B559563D4185365] - 21/01/2008 - 3:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [96312]
O58 - SDL:[MD5.EE01EBAE8C9BF0FA072E0FF68718920A] - 21/01/2008 - 3:23:25 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [89656]
O58 - SDL:[MD5.912A04696E9CA30146A62AFA1463DD5C] - 21/01/2008 - 3:23:23 ---A- . (.LSI Logic - LSI Logic Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [96312]
O58 - SDL:[MD5.CBF0BF6AF73A704211BBB52EFACAA8A0] - 9/11/2010 - 9:12:26 ---A- . (.Logitech Inc. - Logitech AudioProcessing Filter Driver.) -- C:\Windows\system32\drivers\lvpopflt.sys [114784]
O58 - SDL:[MD5.8BE71D7EDB8C7494913722059F760DD0] - 9/11/2010 - 18:43:30 ---A- . (...) -- C:\Windows\system32\drivers\LVPr2Mon.sys [25824]
O58 - SDL:[MD5.A1857FBB9B4930EEB2FD92386C45C529] - 10/11/2010 - 2:48:12 ---A- . (.Logitech Inc. - Logitech Kernel Audio Improvement Filter Driver.) -- C:\Windows\system32\drivers\lvrs.sys [283744]
O58 - SDL:[MD5.3703406AF0726BADD24C5E552493E5B1] - 10/11/2010 - 2:49:50 ---A- . (.Logitech Inc. - Logitech USB Video Class Driver.) -- C:\Windows\system32\drivers\lvuvc.sys [4323040]
O58 - SDL:[MD5.69A6268D7F81E53D568AB4E7E991CAF3] - 21/09/2011 - 16:00:50 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [22216]
O58 - SDL:[MD5.0001CE609D66632FA17B84705F658879] - 21/01/2008 - 3:23:27 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x.) -- C:\Windows\system32\drivers\megasas.sys [31288]
O58 - SDL:[MD5.C252F32CD9A49DBFC25ECF26EBD51A99] - 21/01/2008 - 3:23:27 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [386616]
O58 - SDL:[MD5.4FBBB70D30FD20EC51F80061703B001E] - 2/11/2006 - 10:49:59 ---A- . (.LSI Logic Corporation - MegaRAID RAID Controller Driver for Windows Vista/Longhorn for.) -- C:\Windows\system32\drivers\Mraid35x.sys [33384]
O58 - SDL:[MD5.2E7FB731D4790A1BC6270ACCEFACB36E] - 2/11/2006 - 10:50:19 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [45160]
O58 - SDL:[MD5.E875C093AEC0C978A90F30C9E0DFBB72] - 2/11/2006 - 8:36:50 ---A- . (.N-trig Innovative Technologies - Pilote intégré de digitalisateur de tablette N-trig.) -- C:\Windows\system32\drivers\ntrigdigi.sys [20608]
O58 - SDL:[MD5.D2F4C4B22969236382CA853B8DAA2D4E] - 26/06/2009 - 21:55:12 ---A- . (.NVIDIA Corporation - NVIDIA HDMI Audio Driver.) -- C:\Windows\system32\drivers\nvhda32v.sys [66080]
O58 - SDL:[MD5.53569A28455A2F9906D34B2C37F80D12] - 21/05/2010 - 18:27:10 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 197.93.) -- C:\Windows\system32\drivers\nvlddmkm.sys [11659976]
O58 - SDL:[MD5.2EDF9E7751554B42CBB60116DE727101] - 21/01/2008 - 3:23:21 ---A- . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [102968]
O58 - SDL:[MD5.ABED0C09758D1D97DB0042DBB2688177] - 21/01/2008 - 3:23:21 ---A- . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [45112]
O58 - SDL:[MD5.0A6DB55AFB7820C99AA1F3A1D270F4F6] - 21/01/2008 - 3:23:24 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1122360]
O58 - SDL:[MD5.81A7E5C076E59995D54BC1ED3A16E60B] - 2/11/2006 - 10:50:35 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [106088]
O58 - SDL:[MD5.84ED2154239F9D013BBD3220755ADA8B] - 28/07/2009 - 21:38:14 ---A- . (.Realtek Semiconductor Corp. - Realtek® High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\RTKVHDA.sys [2324512]
O58 - SDL:[MD5.53892CBD9735A80712EE9439268344B4] - 28/07/2009 - 15:49:26 ---A- . (.Realtek Corporation - Realtek 8101E/8168/8169 NDIS6 32-bit Driver.) -- C:\Windows\system32\drivers\Rtlh86.sys [142848]
O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 2/11/2006 - 7:37:21 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [20480]
O58 - SDL:[MD5.A99C6C8B0BAA970D8AA59DDC50B57F94] - 21/01/2008 - 3:23:26 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [74808]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 5/09/2009 - 15:28:02 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\Windows\system32\drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.192AA3AC01DF071B541094F251DEED10] - 2/11/2006 - 10:50:05 ---A- . (.LSI Logic - LSI Logic 8XX SCSI Miniport Driver.) -- C:\Windows\system32\drivers\symc8xx.sys [35944]
O58 - SDL:[MD5.8C8EB8C76736EBAF3B13B633B2E64125] - 2/11/2006 - 10:49:56 ---A- . (.LSI Logic - LSI Logic Hi-Perf SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_hi.sys [31848]
O58 - SDL:[MD5.8072AF52B5FD103BBBA387A1E49F62CB] - 2/11/2006 - 10:50:03 ---A- . (.LSI Logic - LSI Logic Ultra160 SCSI Miniport Driver.) -- C:\Windows\system32\drivers\sym_u3.sys [34920]
O58 - SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] - 21/01/2008 - 3:23:20 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\system32\drivers\uliahci.sys [238648]
O58 - SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] - 2/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\system32\drivers\ulsata.sys [98408]
O58 - SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] - 21/01/2008 - 3:23:23 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\system32\drivers\ulsata2.sys [115816]
O58 - SDL:[MD5.AADF5587A4063F52C2C3FED7887426FC] - 21/01/2008 - 3:23:00 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [20024]
O58 - SDL:[MD5.587253E09325E6BF226B299774B728A9] - 21/01/2008 - 3:23:23 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [130616]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2/11/2006 - 8:09:42 ---A- . (...) -- C:\Windows\system32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2/11/2006 - 8:09:45 ---A- . (...) -- C:\Windows\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2/11/2006 - 8:09:41 ---A- . (...) -- C:\Windows\system32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\system32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\system32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2/11/2006 - 8:09:29 ---A- . (...) -- C:\Windows\system32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2/11/2006 - 8:09:35 ---A- . (...) -- C:\Windows\system32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2/11/2006 - 8:09:38 ---A- . (...) -- C:\Windows\system32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2/11/2006 - 8:09:40 ---A- . (...) -- C:\Windows\system32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2/11/2006 - 8:09:31 ---A- . (...) -- C:\Windows\system32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 2/11/2006 - 8:09:20 ---A- . (...) -- C:\Windows\system32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 2/11/2006 - 8:09:23 ---A- . (...) -- C:\Windows\system32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 2/11/2006 - 8:09:24 ---A- . (...) -- C:\Windows\system32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 2/11/2006 - 8:09:26 ---A- . (...) -- C:\Windows\system32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 2/11/2006 - 8:09:22 ---A- . (...) -- C:\Windows\system32\NTIO804.SYS [34672]
~ Scan Drivers in 00mn 32s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: HijackThis 2.0.2 - (.TrendMicro.) [HKLM] -- HijackThis
O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: OTL - (.OldTimer.)
~ Scan ADS in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 13/02/2009 - C:\Program Files\Avira\AntiVir Desktop\avgio.sys - avgio(avgio) .(.Avira GmbH - Avira AntiVir Support for Minifilter.) - LEGACY_AVGIO
O64 - Services: CurCS - 1/09/2011 - C:\Windows\system32\DRIVERS\avgntflt.sys - avgntflt(avgntflt) .(.Avira GmbH - Avira Minifilter Driver.) - LEGACY_AVGNTFLT
O64 - Services: CurCS - 1/09/2011 - C:\Windows\system32\DRIVERS\avipbb.sys - avipbb(avipbb) .(.Avira GmbH - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB
O64 - Services: CurCS - 6/07/2011 - C:\Windows\system32\DRIVERS\cmdguard.sys - COMODO Internet Security Sandbox Driver(cmdGuard) .(.COMODO - COMODO Internet Security Sandbox Driver.) - LEGACY_CMDGUARD
O64 - Services: CurCS - 6/07/2011 - C:\Windows\system32\DRIVERS\cmdhlp.sys - COMODO Internet Security Helper Driver(cmdHlp) .(.COMODO - COMODO Internet Security Helper Driver.) - LEGACY_CMDHLP
O64 - Services: CurCS - 15/10/2009 - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe - GameConsoleService(GameConsoleService) .(.WildTangent, Inc. - GameConsoleService.) - LEGACY_GAMECONSOLESERVICE
O64 - Services: CurCS - 6/07/2011 - C:\Windows\system32\DRIVERS\inspect.sys - COMODO Internet Security Firewall Driver(inspect) .(.COMODO - COMODO Internet Security Firewall Driver.) - LEGACY_INSPECT
O64 - Services: CurCS - 7/05/2010 - C:\Windows\system32\Drivers\LVPr2Mon.sys - Logitech LVPr2Mon Driver (LVPr2Mon) .(...) - LEGACY_LVPR2MON
O64 - Services: CurCS - 7/05/2010 - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe - Process Monitor(LVPrcSrv) .(.Logitech Inc. - LVPrcSrv Module..) - LEGACY_LVPRCSRV
O64 - Services: CurCS - 31/08/2011 - C:\Windows\system32\drivers\mbam.sys - MBAMProtector(MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - LEGACY_MBAMPROTECTOR
O64 - Services: CurCS - ??/??/???? - C:\Users\papa\AppData\Local\Temp\mbr.sys (.not file.) - mbr (mbr) .(...) - LEGACY_MBR
O64 - Services: CurCS - 22/07/2011 - C:\Program Files\SUPERAntiSpyware\SASDIFSV.sys - SASDIFSV(SASDIFSV) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASDIFSV.SYS.) - LEGACY_SASDIFSV
O64 - Services: CurCS - 12/07/2011 - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys - SASKUTIL(SASKUTIL) .(.SUPERAdBlocker.com and SUPERAntiSpyware.com - SASKUTIL.SYS.) - LEGACY_SASKUTIL
O64 - Services: CurCS - 17/06/2010 - C:\Windows\system32\DRIVERS\ssmdrv.sys - ssmdrv(ssmdrv) .(.Avira GmbH - AVIRA SnapShot Driver.) - LEGACY_SSMDRV
O64 - Services: CurCS - 28/03/2011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe - Windows Live ID Sign-in Assistant(wlidsvc) .(.Microsoft Corp. - Microsoft® Windows Live ID Service.) - LEGACY_WLIDSVC
~ Scan Services in 00mn 05s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (. - .) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {31309A66-5061-47FA-ACB5-4A0FCF91E791} - (Kelkoo) - http://be.kelkoopartners.net
O69 - SBI: SearchScopes [HKCU] {B4A50203-18C2-4091-A94A-48C5896E35FC} [DefaultScope] - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {F1EB027D-72A8-49D3-9E9A-679FA13773F8} - (Yahoo!) - http://fr.search.yahoo.com
~ Scan Keys in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.05D64D3F1883C03D09EFE15D68299FBA] [SPRF][21/09/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 11.0 r1.) -- C:\Users\papa\Desktop\flashplayer11_rc1_install_win_ax32_090611.exe [3797664]
[MD5.E8269245566BE948F6A219135B434160] [SPRF][10/09/2011] (.Trend Micro Inc. - HijackThis.) -- C:\Users\papa\Desktop\HiJackThis.exe [401720]
[MD5.9C5D9456BB797D1C1519A6AA12A70B8B] [SPRF][21/09/2011] (.OldTimer Tools - Pas de description.) -- C:\Users\papa\Desktop\OTL.exe [582656]
[MD5.1C83B40A20758AEA09A5A7DD4AAAEBAA] [SPRF][10/09/2011] (.SUPERAntiSpyware.com - SUPERAntiSpyware Free Edition Setup.) -- C:\Users\papa\Desktop\SUPERAntiSpyware.exe [12549808]
~ Scan Files in 00mn 05s



---\\ Recherche détournement de DNS routeur (O89)
DNS request timed out.
timeout was 2 seconds.
Serveur : UnKnown
Address: 156.154.70.25
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
~ Scan DNS in 00mn 10s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 12/08/2011 116608 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 21/09/2011 64952 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 5/09/2009 136360 | (AntiVirSchedulerService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 5/09/2009 269480 | (AntiVirService) . (.Avira GmbH.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 6/07/2011 1793712 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SS - | Demand 5/11/2009 238328 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
SR - | Auto 27/07/2009 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 5/09/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 27/07/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SS - | Disabled 9/11/2010 162648 | (LVPrcSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
SS - | Disabled 21/09/2011 366152 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 30/11/2010 129640 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 21/01/2008 21504 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe
~ Scan Services in 00mn 17s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by papa at 22/09/2011 22:17:14

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ Scan MBR in 00mn 21s



End of the scan (1030 lines in 05mn 20s)(0)



#6 anderlecht

anderlecht
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 24 September 2011 - 04:14 AM

Avira AntiVir Personal
Date de création du fichier de rapport : jeudi 22 septembre 2011 09:26

La recherche porte sur 3404676 souches de virus.

Le programme fonctionne en version intégrale illimitée.
Les services en ligne sont disponibles.

Détenteur de la licence : Avira AntiVir Personal - Free Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows Vista
Version de Windows : (Service Pack 2) [6.0.6002]
Mode Boot : Démarré normalement
Identifiant : papa
Nom de l'ordinateur : PC-DE-PAPA

Informations de version :
BUILD.DAT : 10.2.0.150 35935 Bytes 26/07/2011 11:07:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 1/09/2011 03:25:24
AVSCAN.DLL : 10.0.5.0 56680 Bytes 1/09/2011 03:25:24
LUKE.DLL : 10.3.0.5 45416 Bytes 1/09/2011 03:25:24
LUKERES.DLL : 10.0.0.0 13672 Bytes 17/08/2010 12:39:11
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 1/09/2011 03:25:24
AVREG.DLL : 10.3.0.9 88833 Bytes 1/09/2011 03:25:24
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 17:30:53
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 08:32:36
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9/02/2011 08:57:50
VBASE003.VDF : 7.11.5.225 1980416 Bytes 7/04/2011 07:26:10
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 07:01:40
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/07/2011 19:39:12
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16/08/2011 07:24:21
VBASE007.VDF : 7.11.13.61 2048 Bytes 16/08/2011 07:24:21
VBASE008.VDF : 7.11.13.62 2048 Bytes 16/08/2011 07:24:22
VBASE009.VDF : 7.11.13.63 2048 Bytes 16/08/2011 07:24:22
VBASE010.VDF : 7.11.13.64 2048 Bytes 16/08/2011 07:24:22
VBASE011.VDF : 7.11.13.65 2048 Bytes 16/08/2011 07:24:22
VBASE012.VDF : 7.11.13.66 2048 Bytes 16/08/2011 07:24:22
VBASE013.VDF : 7.11.13.95 166400 Bytes 17/08/2011 06:03:21
VBASE014.VDF : 7.11.13.125 209920 Bytes 18/08/2011 05:46:46
VBASE015.VDF : 7.11.13.157 184832 Bytes 22/08/2011 13:34:06
VBASE016.VDF : 7.11.13.201 128000 Bytes 24/08/2011 13:34:06
VBASE017.VDF : 7.11.13.234 160768 Bytes 25/08/2011 13:33:48
VBASE018.VDF : 7.11.14.16 141312 Bytes 30/08/2011 03:25:23
VBASE019.VDF : 7.11.14.48 133120 Bytes 31/08/2011 03:25:23
VBASE020.VDF : 7.11.14.78 156160 Bytes 2/09/2011 04:21:07
VBASE021.VDF : 7.11.14.109 126976 Bytes 6/09/2011 06:19:43
VBASE022.VDF : 7.11.14.137 131584 Bytes 8/09/2011 06:38:29
VBASE023.VDF : 7.11.14.166 196096 Bytes 12/09/2011 15:00:21
VBASE024.VDF : 7.11.14.193 184832 Bytes 14/09/2011 14:59:55
VBASE025.VDF : 7.11.14.215 125952 Bytes 16/09/2011 01:00:27
VBASE026.VDF : 7.11.14.239 231936 Bytes 20/09/2011 07:03:38
VBASE027.VDF : 7.11.14.240 2048 Bytes 20/09/2011 07:03:38
VBASE028.VDF : 7.11.14.241 2048 Bytes 20/09/2011 07:03:38
VBASE029.VDF : 7.11.14.242 2048 Bytes 20/09/2011 07:03:38
VBASE030.VDF : 7.11.14.243 2048 Bytes 20/09/2011 07:03:38
VBASE031.VDF : 7.11.15.3 126464 Bytes 21/09/2011 07:03:38
Version du moteur : 8.2.6.64
AEVDF.DLL : 8.1.2.1 106868 Bytes 30/07/2010 07:05:24
AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 26/08/2011 13:35:29
AESCN.DLL : 8.1.7.2 127349 Bytes 26/11/2010 04:28:39
AESBX.DLL : 8.2.1.34 323957 Bytes 3/06/2011 05:15:12
AERDL.DLL : 8.1.9.15 639348 Bytes 11/09/2011 06:38:37
AEPACK.DLL : 8.2.10.10 684407 Bytes 2/09/2011 05:43:05
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 17/09/2011 01:00:32
AEHEUR.DLL : 8.1.2.169 3703160 Bytes 17/09/2011 01:00:32
AEHELP.DLL : 8.1.17.7 254327 Bytes 29/07/2011 05:46:44
AEGEN.DLL : 8.1.5.9 401780 Bytes 26/08/2011 13:34:12
AEEMU.DLL : 8.1.3.0 393589 Bytes 26/11/2010 04:28:36
AECORE.DLL : 8.1.23.0 196983 Bytes 26/08/2011 13:33:57
AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/2010 08:34:45
AVWINLL.DLL : 10.0.0.0 19304 Bytes 17/08/2010 12:38:56
AVPREF.DLL : 10.0.3.2 44904 Bytes 1/09/2011 03:25:24
AVREP.DLL : 10.0.0.10 174120 Bytes 18/05/2011 03:23:05
AVARKT.DLL : 10.0.26.1 255336 Bytes 1/09/2011 03:25:23
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 1/09/2011 03:25:24
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:28:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 17/08/2010 12:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:28:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 1/09/2011 03:25:23
RCTEXT.DLL : 10.0.64.0 100712 Bytes 1/09/2011 03:25:23

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Sélection manuelle
Fichier de configuration......................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Documentation.................................: par défaut
Action principale.............................: réparer
Action secondaire.............................: supprimer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, D:, E:, F:, G:, H:, I:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: marche
Fichier mode de recherche.....................: Sélection de fichiers intelligente
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: arrêt
Archive Smart Extensions......................: marche
Types d'archives divergents...................: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO,
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: avancé
Catégories de dangers divergentes.............: +APPL,+JOKE,+PCK,+PFS,+SPR,

Début de la recherche : jeudi 22 septembre 2011 09:26

La recherche d'objets cachés commence.

La recherche sur les processus démarrés commence :
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'vssvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MSASCui.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WLIDSvcM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WLIDSVC.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'plugin-container.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'nvvsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hphc_service.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnscfg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cfp.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Explorer.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'Dwm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'IAANTMon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avshadow.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'armsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SASCORE.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'cmdagent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'nvvsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés

Début du contrôle des fichiers système :
Signé -> 'C:\Windows\system32\svchost.exe'
Signé -> 'C:\Windows\system32\winlogon.exe'
Signé -> 'C:\Windows\explorer.exe'
Signé -> 'C:\Windows\system32\smss.exe'
Signé -> 'C:\Windows\system32\wininet.DLL'
Signé -> 'C:\Windows\system32\wsock32.DLL'
Signé -> 'C:\Windows\system32\ws2_32.DLL'
Signé -> 'C:\Windows\system32\services.exe'
Signé -> 'C:\Windows\system32\lsass.exe'
Signé -> 'C:\Windows\system32\csrss.exe'
Signé -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signé -> 'C:\Windows\system32\spoolsv.exe'
Signé -> 'C:\Windows\system32\alg.exe'
Signé -> 'C:\Windows\system32\wuauclt.exe'
Signé -> 'C:\Windows\system32\advapi32.DLL'
Signé -> 'C:\Windows\system32\user32.DLL'
Signé -> 'C:\Windows\system32\gdi32.DLL'
Signé -> 'C:\Windows\system32\kernel32.DLL'
Signé -> 'C:\Windows\system32\ntdll.DLL'
Signé -> 'C:\Windows\system32\ntoskrnl.exe'
Signé -> 'C:\Windows\system32\ctfmon.exe'
Les fichiers système ont été contrôlés ('21' fichiers)

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD2
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD3
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD4
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'F:\'
[INFO] Aucun support de données inséré dans le lecteur 'F:\' !
Secteur d'amorçage 'G:\'
[INFO] Aucun support de données inséré dans le lecteur 'G:\' !
Secteur d'amorçage 'H:\'
[INFO] Aucun support de données inséré dans le lecteur 'H:\' !
Secteur d'amorçage 'I:\'
[INFO] Aucun support de données inséré dans le lecteur 'I:\' !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '631' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <HP>
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
Recherche débutant dans 'D:\' <FACTORY_IMAGE>
Recherche débutant dans 'E:\'
Impossible d'ouvrir le chemin à scanner E:\ !
Erreur système [21]: Le périphérique n'est pas prêt.
Recherche débutant dans 'F:\'
Impossible d'ouvrir le chemin à scanner F:\ !
Erreur système [21]: Le périphérique n'est pas prêt.
Recherche débutant dans 'G:\'
Impossible d'ouvrir le chemin à scanner G:\ !
Erreur système [21]: Le périphérique n'est pas prêt.
Recherche débutant dans 'H:\'
Impossible d'ouvrir le chemin à scanner H:\ !
Erreur système [21]: Le périphérique n'est pas prêt.
Recherche débutant dans 'I:\'
Impossible d'ouvrir le chemin à scanner I:\ !
Erreur système [21]: Le périphérique n'est pas prêt.


Fin de la recherche : vendredi 23 septembre 2011 15:12
Temps nécessaire: 29:46:25 Heure(s)

La recherche a été effectuée intégralement

711685 Les répertoires ont été contrôlés
20740618 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
0 Impossible de scanner des fichiers
20740618 Fichiers non infectés
120385 Les archives ont été contrôlées
40 Avertissements
0 Consignes
128564 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

#7 anderlecht

anderlecht
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 24 September 2011 - 07:37 AM

Avira AntiVir Personal
Date de création du fichier de rapport : samedi 24 septembre 2011 11:31

La recherche porte sur 3412251 souches de virus.

Le programme fonctionne en version intégrale illimitée.
Les services en ligne sont disponibles.

Détenteur de la licence : Avira AntiVir Personal - Free Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows Vista
Version de Windows : (Service Pack 2) [6.0.6002]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur : PC-DE-PAPA

Informations de version :
BUILD.DAT : 10.2.0.150 35935 Bytes 26/07/2011 11:07:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 1/09/2011 03:25:24
AVSCAN.DLL : 10.0.5.0 56680 Bytes 1/09/2011 03:25:24
LUKE.DLL : 10.3.0.5 45416 Bytes 1/09/2011 03:25:24
LUKERES.DLL : 10.0.0.0 13672 Bytes 17/08/2010 12:39:11
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 1/09/2011 03:25:24
AVREG.DLL : 10.3.0.9 88833 Bytes 1/09/2011 03:25:24
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 17:30:53
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 08:32:36
VBASE002.VDF : 7.11.3.0 1950720 Bytes 9/02/2011 08:57:50
VBASE003.VDF : 7.11.5.225 1980416 Bytes 7/04/2011 07:26:10
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 07:01:40
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/07/2011 19:39:12
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16/08/2011 07:24:21
VBASE007.VDF : 7.11.13.61 2048 Bytes 16/08/2011 07:24:21
VBASE008.VDF : 7.11.13.62 2048 Bytes 16/08/2011 07:24:22
VBASE009.VDF : 7.11.13.63 2048 Bytes 16/08/2011 07:24:22
VBASE010.VDF : 7.11.13.64 2048 Bytes 16/08/2011 07:24:22
VBASE011.VDF : 7.11.13.65 2048 Bytes 16/08/2011 07:24:22
VBASE012.VDF : 7.11.13.66 2048 Bytes 16/08/2011 07:24:22
VBASE013.VDF : 7.11.13.95 166400 Bytes 17/08/2011 06:03:21
VBASE014.VDF : 7.11.13.125 209920 Bytes 18/08/2011 05:46:46
VBASE015.VDF : 7.11.13.157 184832 Bytes 22/08/2011 13:34:06
VBASE016.VDF : 7.11.13.201 128000 Bytes 24/08/2011 13:34:06
VBASE017.VDF : 7.11.13.234 160768 Bytes 25/08/2011 13:33:48
VBASE018.VDF : 7.11.14.16 141312 Bytes 30/08/2011 03:25:23
VBASE019.VDF : 7.11.14.48 133120 Bytes 31/08/2011 03:25:23
VBASE020.VDF : 7.11.14.78 156160 Bytes 2/09/2011 04:21:07
VBASE021.VDF : 7.11.14.109 126976 Bytes 6/09/2011 06:19:43
VBASE022.VDF : 7.11.14.137 131584 Bytes 8/09/2011 06:38:29
VBASE023.VDF : 7.11.14.166 196096 Bytes 12/09/2011 15:00:21
VBASE024.VDF : 7.11.14.193 184832 Bytes 14/09/2011 14:59:55
VBASE025.VDF : 7.11.14.215 125952 Bytes 16/09/2011 01:00:27
VBASE026.VDF : 7.11.14.239 231936 Bytes 20/09/2011 07:03:38
VBASE027.VDF : 7.11.15.22 203776 Bytes 23/09/2011 02:40:41
VBASE028.VDF : 7.11.15.23 2048 Bytes 23/09/2011 02:40:42
VBASE029.VDF : 7.11.15.24 2048 Bytes 23/09/2011 02:40:42
VBASE030.VDF : 7.11.15.25 2048 Bytes 23/09/2011 02:40:42
VBASE031.VDF : 7.11.15.29 35840 Bytes 23/09/2011 02:40:42
Version du moteur : 8.2.6.68
AEVDF.DLL : 8.1.2.1 106868 Bytes 30/07/2010 07:05:24
AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 26/08/2011 13:35:29
AESCN.DLL : 8.1.7.2 127349 Bytes 26/11/2010 04:28:39
AESBX.DLL : 8.2.1.34 323957 Bytes 3/06/2011 05:15:12
AERDL.DLL : 8.1.9.15 639348 Bytes 11/09/2011 06:38:37
AEPACK.DLL : 8.2.10.11 684408 Bytes 22/09/2011 16:26:29
AEOFFICE.DLL : 8.1.2.15 201083 Bytes 17/09/2011 01:00:32
AEHEUR.DLL : 8.1.2.172 3711352 Bytes 22/09/2011 16:26:28
AEHELP.DLL : 8.1.17.7 254327 Bytes 29/07/2011 05:46:44
AEGEN.DLL : 8.1.5.9 401780 Bytes 26/08/2011 13:34:12
AEEMU.DLL : 8.1.3.0 393589 Bytes 26/11/2010 04:28:36
AECORE.DLL : 8.1.23.0 196983 Bytes 26/08/2011 13:33:57
AEBB.DLL : 8.1.1.0 53618 Bytes 24/04/2010 08:34:45
AVWINLL.DLL : 10.0.0.0 19304 Bytes 17/08/2010 12:38:56
AVPREF.DLL : 10.0.3.2 44904 Bytes 1/09/2011 03:25:24
AVREP.DLL : 10.0.0.10 174120 Bytes 18/05/2011 03:23:05
AVARKT.DLL : 10.0.26.1 255336 Bytes 1/09/2011 03:25:23
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 1/09/2011 03:25:24
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:28:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 17/08/2010 12:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:28:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 1/09/2011 03:25:23
RCTEXT.DLL : 10.0.64.0 100712 Bytes 1/09/2011 03:25:23

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Contrôle intégral du système
Fichier de configuration......................: C:\program files\avira\antivir desktop\sysscan.avp
Documentation.................................: par défaut
Action principale.............................: réparer
Action secondaire.............................: supprimer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: C:, D:,
Recherche dans les programmes actifs..........: marche
Programmes en cours étendus...................: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: marche
Contrôle d'intégrité de fichiers système......: marche
Fichier mode de recherche.....................: Tous les fichiers
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: avancé
Catégories de dangers divergentes.............: +APPL,+JOKE,+PCK,+PFS,+SPR,

Début de la recherche : samedi 24 septembre 2011 11:31

La recherche d'objets cachés commence.

La recherche sur les processus démarrés commence :
Processus de recherche 'svchost.exe' - '33' module(s) sont contrôlés
Processus de recherche 'vssvc.exe' - '51' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '78' module(s) sont contrôlés
Processus de recherche 'avscan.exe' - '30' module(s) sont contrôlés

Processus de recherche 'avcenter.exe' - '71' module(s) sont contrôlés
Processus de recherche 'wmpnscfg.exe' - '32' module(s) sont contrôlés
Processus de recherche 'ehmsas.exe' - '30' module(s) sont contrôlés
Processus de recherche 'ehtray.exe' - '29' module(s) sont contrôlés
Processus de recherche 'cfp.exe' - '57' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '56' module(s) sont contrôlés
Processus de recherche 'Explorer.EXE' - '146' module(s) sont contrôlés
Processus de recherche 'Dwm.exe' - '34' module(s) sont contrôlés
Processus de recherche 'nvvsvc.exe' - '47' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '30' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '14' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '52' module(s) sont contrôlés
Processus de recherche 'ehRecvr.exe' - '67' module(s) sont contrôlés
Processus de recherche 'ehsched.exe' - '21' module(s) sont contrôlés
Processus de recherche 'WLIDSvcM.exe' - '19' module(s) sont contrôlés
Processus de recherche 'WLIDSVC.EXE' - '72' module(s) sont contrôlés
Processus de recherche 'hphc_service.exe' - '31' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '24' module(s) sont contrôlés
Processus de recherche 'SearchIndexer.exe' - '68' module(s) sont contrôlés
Processus de recherche 'IAANTMon.exe' - '38' module(s) sont contrôlés
Processus de recherche 'avshadow.exe' - '36' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '18' module(s) sont contrôlés
Processus de recherche 'LSSrvc.exe' - '26' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '65' module(s) sont contrôlés
Processus de recherche 'armsvc.exe' - '28' module(s) sont contrôlés
Processus de recherche 'SASCORE.EXE' - '20' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '64' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '58' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '90' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '83' module(s) sont contrôlés
Processus de recherche 'SLsvc.exe' - '29' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '40' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '131' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '97' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '68' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '52' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '86' module(s) sont contrôlés
Processus de recherche 'cmdagent.exe' - '90' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '35' module(s) sont contrôlés
Processus de recherche 'nvvsvc.exe' - '36' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '42' module(s) sont contrôlés
Processus de recherche 'lsm.exe' - '25' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '64' module(s) sont contrôlés
Processus de recherche 'services.exe' - '36' module(s) sont contrôlés
Processus de recherche 'wininit.exe' - '29' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '14' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '2' module(s) sont contrôlés

Début du contrôle des fichiers système :
Signé -> 'C:\Windows\system32\svchost.exe'
Signé -> 'C:\Windows\system32\winlogon.exe'
Signé -> 'C:\Windows\explorer.exe'
Signé -> 'C:\Windows\system32\smss.exe'
Signé -> 'C:\Windows\system32\wininet.DLL'
Signé -> 'C:\Windows\system32\wsock32.DLL'
Signé -> 'C:\Windows\system32\ws2_32.DLL'
Signé -> 'C:\Windows\system32\services.exe'
Signé -> 'C:\Windows\system32\lsass.exe'
Signé -> 'C:\Windows\system32\csrss.exe'
Signé -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signé -> 'C:\Windows\system32\spoolsv.exe'
Signé -> 'C:\Windows\system32\alg.exe'
Signé -> 'C:\Windows\system32\wuauclt.exe'
Signé -> 'C:\Windows\system32\advapi32.DLL'
Signé -> 'C:\Windows\system32\user32.DLL'
Signé -> 'C:\Windows\system32\gdi32.DLL'
Signé -> 'C:\Windows\system32\kernel32.DLL'
Signé -> 'C:\Windows\system32\ntdll.DLL'
Signé -> 'C:\Windows\system32\ntoskrnl.exe'
Signé -> 'C:\Windows\system32\ctfmon.exe'
Les fichiers système ont été contrôlés ('21' fichiers)

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD2
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD3
[INFO] Aucun virus trouvé !
Secteur d'amorçage maître HD4
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !
Secteur d'amorçage 'D:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
Le registre a été contrôlé ( '633' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <HP>
C:\Windows\SoftwareDistribution\Download\69bea2bed5a5ee2ff732854dbfa0e304ee96e020
[0] Type d'archive: Portable Executable Resource
--> resource54
[1] Type d'archive: CAB (Microsoft)
--> WriterProdLang.7z
[2] Type d'archive: 7-Zip
--> WriterProdLang.cab
[3] Type d'archive: CAB (Microsoft)
--> writerprodlang.msi
[AVERTISSEMENT] Impossible de lire le fichier !
--> resource86
[1] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Type d'archive: 7-Zip
--> LanguageSelector64.cab
[3] Type d'archive: CAB (Microsoft)
--> LanguageSelector64.msi
[AVERTISSEMENT] Impossible de lire le fichier !
Recherche débutant dans 'D:\' <FACTORY_IMAGE>


Fin de la recherche : samedi 24 septembre 2011 13:19
Temps nécessaire: 1:47:47 Heure(s)

La recherche a été effectuée intégralement

36262 Les répertoires ont été contrôlés
1150979 Des fichiers ont été contrôlés
0 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
0 Impossible de scanner des fichiers
1150979 Fichiers non infectés
6868 Les archives ont été contrôlées
2 Avertissements
0 Consignes
646484 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

#8 anderlecht

anderlecht
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 24 September 2011 - 07:48 AM

Hum it's propably sure now; Gmer crash

Signature du problème :
Nom d’événement de problème: APPCRASH
Nom de l’application: 5z0sncsx.exe
Version de l’application: 1.0.15.15641
Horodatage de l'application: 4e21f2b1
Nom du module par défaut: 5z0sncsx.exe
Version du module par défaut: 1.0.15.15641
Horodateur du module par défaut: 4e21f2b1
Code de l’exception: c0000005
Décalage de l’exception: 0000c676
Version du système: 6.0.6002.2.2.0.768.3
Identificateur de paramètres régionaux: 2060
Information supplémentaire n° 1: 10e0
Information supplémentaire n° 2: a7185c99410a8e8639ea4d00b45fe458
Information supplémentaire n° 3: cfce
Information supplémentaire n° 4: d2e6f6aa7c4e2217cc913a4e79ea3aee

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:47 PM

Posted 24 September 2011 - 10:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know what problem persists.

#10 anderlecht

anderlecht
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 24 September 2011 - 10:53 AM

Hello nasdaq;

i runned cureit

when i was comming back computer was rebooted whit à bluescreen log

but i have attached my cureit log;


securitycheck here:

Results of screen317's Security Check version 0.99.18
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java™ 7
Java™ SE Development Kit 7
Flash Player Out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox (x86 fr..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````



i will run combofix now

#11 anderlecht

anderlecht
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 24 September 2011 - 04:59 PM

hello nasdaq;

first computer crashed;

second time bsod;

3 good combofix updated and runned good;

that's a log

ComboFix 11-09-24.02 - papa 24/09/2011 19:56:01.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.3070.2044 [GMT 2:00]
Lancé depuis: c:\users\papa\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-08-24 au 2011-09-24 ))))))))))))))))))))))))))))))))))))
.
.
2011-09-24 18:11 . 2011-09-24 18:11 -------- d-----w- c:\users\papa\AppData\Local\temp
2011-09-24 18:11 . 2011-09-24 18:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-24 18:11 . 2011-09-24 18:11 -------- d-----w- c:\users\anne\AppData\Local\temp
2011-09-24 14:52 . 2011-09-24 14:52 -------- d-----w- c:\users\papa\DoctorWeb
2011-09-24 02:52 . 2011-09-24 17:43 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A8948B9-F1A2-4D15-8A0B-65A481F319B4}\offreg.dll
2011-09-24 02:52 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0A8948B9-F1A2-4D15-8A0B-65A481F319B4}\mpengine.dll
2011-09-22 20:11 . 2011-09-22 20:17 -------- d-----w- C:\ZHP
2011-09-22 20:02 . 2011-09-16 19:08 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-09-21 11:42 . 2011-09-21 11:42 -------- d-----w- c:\users\papa\AppData\Roaming\Malwarebytes
2011-09-21 11:42 . 2011-09-21 11:42 -------- d-----w- c:\programdata\Malwarebytes
2011-09-21 11:42 . 2011-09-21 11:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-21 11:42 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-21 09:00 . 2011-09-21 09:01 -------- d-----w- c:\program files\Common Files\Adobe
2011-09-21 08:35 . 2011-09-16 22:54 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-09-20 11:38 . 2011-09-20 11:38 -------- d-----w- c:\program files\ESET
2011-09-19 18:31 . 2011-09-19 18:31 -------- d-----w- c:\windows\CheckSur
2011-09-16 02:01 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-09-13 19:29 . 2011-09-13 19:29 -------- d-----w- c:\users\anne\DoctorWeb
2011-09-13 19:02 . 2011-09-13 19:02 -------- d-----w- c:\program files\CCleaner
2011-09-10 11:54 . 2011-09-10 11:54 -------- d-----w- c:\users\papa\AppData\Roaming\SUPERAntiSpyware.com
2011-09-10 11:53 . 2011-09-10 11:54 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-10 11:53 . 2011-09-10 11:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-08 19:34 . 2011-09-08 19:34 -------- d-----w- c:\users\anne\AppData\Local\MigWiz
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-21 08:48 . 2011-05-25 05:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 03:25 . 2009-09-05 13:34 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-01 03:25 . 2009-09-05 13:34 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-13 09:59 . 2011-08-13 09:59 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-12 13:38 . 2011-08-12 13:38 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-22 02:54 . 2011-08-10 10:37 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-10 10:37 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-10 10:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-11 13:25 . 2011-08-24 13:47 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31 . 2011-08-10 03:14 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-06 06:04 . 2011-05-07 14:17 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-07-06 06:04 . 2011-05-02 18:36 285256 ----a-w- c:\windows\system32\guard32.dll
2011-07-06 06:04 . 2011-05-02 18:36 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-07-06 06:04 . 2011-05-02 18:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-07-06 06:04 . 2011-05-02 18:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-06-27 05:36 . 2011-06-27 05:36 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-27 05:36 . 2011-06-27 05:36 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-27 05:36 . 2011-06-27 05:36 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-27 05:36 . 2011-06-27 05:36 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-27 05:36 . 2011-06-27 05:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-27 05:36 . 2011-06-27 05:36 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-27 05:36 . 2011-06-27 05:36 367104 ----a-w- c:\windows\system32\html.iec
2011-06-27 05:36 . 2011-06-27 05:36 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-27 05:36 . 2011-06-27 05:36 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-27 05:36 . 2011-06-27 05:36 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-27 05:36 . 2011-06-27 05:36 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-27 05:36 . 2011-06-27 05:36 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-27 05:36 . 2011-06-27 05:36 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-27 05:36 . 2011-06-27 05:36 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-27 05:36 . 2011-06-27 05:36 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-27 05:36 . 2011-06-27 05:36 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-27 05:36 . 2011-06-27 05:36 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-27 05:36 . 2011-06-27 05:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-09-16 22:54 . 2011-09-21 08:35 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-07-06 2554696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^papa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Enregistrement du produit.lnk]
path=c:\users\papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Enregistrement du produit.lnk
backup=c:\windows\pss\Logitech . Enregistrement du produit.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2009-06-04 16:51 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer for HP TouchSmart]
2009-04-09 21:22 185640 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDAgent]
2009-09-09 13:26 1148200 ------w- c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 04:01 180736 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series (Copie 1)]
2007-03-01 04:01 180736 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series (Copie 2)]
2007-03-01 04:01 180736 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-12-04 06:14 75016 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Remote Software]
2009-02-06 11:10 143360 ----a-w- c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 13:34 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2010-06-29 22:14 1689144 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2008-11-20 08:47 62768 ----a-w- c:\program files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-12-04 11:00 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-03-17 11:17 2387968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 17:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2011-05-13 14:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartMenu]
2009-03-05 16:28 915512 ----a-w- c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 11:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TSMAgent]
2009-04-09 21:26 1328424 ------w- c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-12-03 20:15 218408 ------w- c:\program files\Cyberlink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-12-03 20:15 218408 ------w- c:\program files\Cyberlink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-12-03 20:15 218408 ------w- c:\program files\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2009-02-02 12:05 210216 ------w- c:\program files\Cyberlink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-06-15 37632]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-07-06 238960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-07-06 36568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-01 136360]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
.
------- Examen supplémentaire -------
.
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{15A553E9-AF7D-4D01-A45D-36DE57300050}: NameServer = 156.154.70.25,156.154.71.25
FF - ProfilePath - c:\users\papa\AppData\Roaming\Mozilla\Firefox\Profiles\7vvw86zk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dhnet.be/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(3468)
c:\windows\system32\guard32.dll
c:\windows\system32\pnidui.dll
.
Heure de fin: 2011-09-24 20:17:48
ComboFix-quarantined-files.txt 2011-09-24 18:17
.
Avant-CF: 785.119.793.152 octets libres
Après-CF: 785.145.614.336 octets libres
.
- - End Of File - - BA4EB9C4F568608F5CC2AE80C8C62B23



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:47 PM

Posted 24 September 2011 - 06:32 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


list....

===


Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Flash Player 10.3.183.10 ... Flash Player for Android update to Adobe Flash Player for Android 10.3.186.7

Direct download current version - executable Flash Player installer... to your Desktop, then double-click to install.

Download for Internet Explorer

Download for Firefox and other browsers
<<<>>>

Pleas let me know what problem persists.

#13 anderlecht

anderlecht
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 25 September 2011 - 08:06 AM

Hello yesterday the computer crashed bsod after i posted rapport; restarted my av; bsod directly;

sating: restoring config dump file; and rebooted

for combofix; i didn't got console restore ..

For java: i have java 7
For flash i have V11 RC1

Do you want i run combofix again in safe mode ?

ps: i have adobe acrobat 10.1.1.33
réinstalled reader

What i do for java and flash ?

Edited by anderlecht, 25 September 2011 - 08:26 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:47 PM

Posted 25 September 2011 - 09:18 AM

For java: i have java 7
For flash i have V11 RC1



The Java I understand comes from the JKD developtment tools.
http://blogs.oracle.com/javase/entry/java_7_has_released


Flash is also a development tool.
http://www.adobe.com/devnet/flashplayer.html

Do you do any development with these tools?

They may give you some security but on both links above the versions I suggested you check are listed and ready to install.
===

You should remove this old version of HijackThis 2.0.2 using the Add/Remove Programs list.
Most forum not request a DDS log.
---

it's impossible to establish a connection whith my bank account;
Is this still an issue?
Is it the only site you cannot reach?

Are the BSOD occuring often?
Any error message that you can share?

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.

The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

#15 anderlecht

anderlecht
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 26 September 2011 - 05:46 AM

DDS .txt
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by papa at 12:37:44 on 2011-09-26
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.3070.1698 [GMT 2:00]
.
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{15A553E9-AF7D-4D01-A45D-36DE57300050} : NameServer = 156.154.70.25,156.154.71.25
TCP: Interfaces\{15A553E9-AF7D-4D01-A45D-36DE57300050} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - c:\windows\system32\EZUPBH~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\papa\appdata\roaming\mozilla\firefox\profiles\7vvw86zk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dhnet.be/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-5 11608]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 238960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 36568]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-9-5 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-5 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-5 66616]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R2 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-6-26 66080]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [2009-6-15 37632]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-21 22216]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-21 366152]
.
=============== Created Last 30 ================
.
2011-09-25 13:19:30 -------- d-----w- c:\windows\Downloaded Program Files
2011-09-25 07:04:18 -------- d-----w- c:\users\papa\appdata\local\{A5D8560B-BC7F-4BC5-B382-7BE430731B9E}
2011-09-25 07:02:41 -------- d-----w- c:\users\papa\appdata\local\{1594B758-E6DD-4720-A8F7-121A36DAEC06}
2011-09-25 07:01:03 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0a8948b9-f1a2-4d15-8a0b-65a481f319b4}\offreg.dll
2011-09-24 18:17:50 -------- d-----w- c:\users\papa\appdata\local\temp
2011-09-24 18:14:11 -------- d-sh--w- C:\$RECYCLE.BIN
2011-09-24 17:52:24 -------- d-----w- C:\ComboFix
2011-09-24 15:56:39 98816 ----a-w- c:\windows\sed.exe
2011-09-24 15:56:39 518144 ----a-w- c:\windows\SWREG.exe
2011-09-24 15:56:39 256000 ----a-w- c:\windows\PEV.exe
2011-09-24 15:56:39 208896 ----a-w- c:\windows\MBR.exe
2011-09-24 14:52:32 -------- d-----w- c:\users\papa\DoctorWeb
2011-09-24 09:10:08 -------- d-----w- c:\users\papa\appdata\local\{80093201-DE64-44B4-812A-6F1D05FD7AB0}
2011-09-24 09:10:00 -------- d-----w- c:\users\papa\appdata\local\{003A3A9C-ACB8-4BF0-A691-E387094B6B7B}
2011-09-24 02:52:26 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0a8948b9-f1a2-4d15-8a0b-65a481f319b4}\mpengine.dll
2011-09-22 20:11:29 -------- d-----w- C:\ZHP
2011-09-22 20:02:39 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-09-22 19:09:14 -------- d-----w- c:\users\papa\appdata\local\{D3B16EBD-97CB-40D9-B29D-23163FBD8331}
2011-09-22 19:08:57 -------- d-----w- c:\users\papa\appdata\local\{EEE60F40-4FD2-46FB-A857-498AA5B16A31}
2011-09-21 11:42:33 -------- d-----w- c:\users\papa\appdata\roaming\Malwarebytes
2011-09-21 11:42:04 -------- d-----w- c:\programdata\Malwarebytes
2011-09-21 11:42:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-21 11:42:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-21 08:35:02 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-09-20 11:38:57 -------- d-----w- c:\program files\ESET
2011-09-19 18:31:07 -------- d-----w- c:\windows\CheckSur
2011-09-16 02:01:30 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-09-13 19:02:41 -------- d-----w- c:\program files\CCleaner
2011-09-10 11:54:07 -------- d-----w- c:\users\papa\appdata\roaming\SUPERAntiSpyware.com
2011-09-10 11:53:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-10 11:53:46 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-05 17:04:56 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-09-22 20:17:12 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-09-21 08:48:23 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-01 03:25:24 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-13 09:59:36 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-11 13:25:35 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-06 06:04:54 285256 ----a-w- c:\windows\system32\guard32.dll
2011-07-06 06:04:53 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-07-06 06:04:53 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-07-06 06:04:53 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
.
============= FINISH: 12:38:56,28 ===============




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users