Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sirefef.b and sirefef.b


  • This topic is locked This topic is locked
3 replies to this topic

#1 momar

momar

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 12 February 2012 - 07:58 PM

Hello everyone,

Microsoft Security Essentials detected 2 trojans, one called sirefef.b and the other one called sirefef.p. It says that it removed them but i still have weird adds on my facebook timeline (despite my addblock plugin on chrome) and above all my windows firewall is completely disabled : actually it's impossible for me to reactivate it without an error 0x80070424 coming out on my screen.

I scanned my laptop with MSE and AVG but they can't find anything.

My OS is Windows 7 64bits.

Somebody can help me?

Thank you so much!

P.S : Here is the ZHPDiag :



---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 8.0.1 v8.0.1
GCIE: Google Chrome v16.0.912.77 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows® 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: AMD64 Family 18 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3562.9 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 321 GB (71%) free of 446 GB

---\\ Logged in mode
~ Computer Name: OMAR-HP
~ User Name: Omar
~ All Users Names: Omar, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Omar\AppData\Roaming\
~ %Desktop% : C:\Users\Omar\Desktop\
~ %Favorites% : C:\Users\Omar\Favorites\
~ %LocalAppData% : C:\Users\Omar\AppData\Local\
~ %StartMenu% : C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 321 Go of 446 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 4 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Scan Security Center in 00mn AMs



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.7/21/2011 - 9:35:34 AM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.DD81D91FF3B0763C392422865C9AC12E] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) (.7/13/2009 - 8:39:31 PM.) -- C:\Windows\system32\rundll32.exe [45568]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.7/13/2009 - 8:39:52 PM.) -- C:\Windows\system32\Wininit.exe [129024]
[MD5.69151E566295E5A977FE71FFAFD3B3F8] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.11/3/2011 - 8:44:47 PM.) -- C:\Windows\system32\wininet.dll [1390080]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/20/2010 - 10:24:29 PM.) -- C:\Windows\system32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.11/20/2010 - 10:24:16 PM.) -- C:\Windows\system32\sppcomapi.dll [232448]
[MD5.0D57D091E06BB1E58E72E5D08479FDDF] - (.Microsoft Corporation - DLL client de l’API uilisateur de Windows multi-utilisateurs.) (.7/21/2011 - 9:23:48 AM.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480]
[MD5.D5B031C308A409A0A576BFF4CF083D30] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.7/21/2011 - 9:32:25 AM.) -- C:\Windows\system32\drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/13/2009 - 8:52:21 PM.) -- C:\Windows\system32\drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/13/2009 - 6:19:47 PM.) -- C:\Windows\system32\drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 10:23:47 PM.) -- C:\Windows\system32\drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 10:24:32 PM.) -- C:\Windows\system32\drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 10:23:47 PM.) -- C:\Windows\system32\drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.7/13/2009 - 6:19:57 PM.) -- C:\Windows\system32\drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/13/2009 - 7:10:03 PM.) -- C:\Windows\system32\drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.7/21/2011 - 9:38:51 AM.) -- C:\Windows\system32\drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 10:23:51 PM.) -- C:\Windows\system32\drivers\netBT.sys [261632]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.7/21/2011 - 9:40:17 AM.) -- C:\Windows\system32\drivers\ntfs.sys [1659776]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.7/13/2009 - 7:00:41 PM.) -- C:\Windows\system32\drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/20/2010 - 10:24:33 PM.) -- C:\Windows\system32\drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/13/2009 - 7:09:09 PM.) -- C:\Windows\system32\drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 10:24:32 PM.) -- C:\Windows\system32\drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2/25/2011 - 1:25:38 AM.) -- C:\Windows\system32\drivers\volsnap.sys [296320]
~ Scan Generic Processes in 01mn AMs



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 0/179
~ Mes musiques (My Musics) : 0/1504
~ Mes Videos (My Video) : 0/4
~ Mes Favoris (My Favorites) : Non accessible (Not found)
~ Mes Documents (My Documents) : 3/1568
~ Mon Bureau (My Desktop) : 6/2579
~ Menu demarrer (Programs) : 0/30
~ Scan Hidden Files in 03mn AMs



---\\ Processus lancés
[MD5.79197AB8FC20E781BA141E291866A909] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [17351304] [PID.3044]
[MD5.A569CE3DD8647BA7B5464694182943EC] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [226176] [PID.2968]
[MD5.6E3245DF783E58375B3465F03274743E] - (.Sun Microsystems, Inc. - Java™ Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696] [PID.3276]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3432]
[MD5.F4D0446BA874917354801F210E66F545] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736] [PID.3444]
[MD5.941935CF2A3CA2719E9814281FDF628F] - (.Sony Corporation - Reader Application Helper.) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [892928] [PID.3548]
[MD5.697D3B09D8883F72265DA274E0972042] - (.Google Inc. - Google Chrome.) -- C:\Users\Omar\AppData\Local\Google\Chrome\Application\chrome.exe [1047024] [PID.3816]
[MD5.4309B75F125067EF805F3125B01FCC30] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [2210816] [PID.2228]
[MD5.62B7936F9036DD6ED36E6A7EFA805DC0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63928] [PID.]
[MD5.3DEBBECF665DCDDE3A95D9B902010817] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.]
[MD5.28E15C3D39DCD27A79251BA0BF216A11] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680] [PID.]
[MD5.09FBD4C4DB2FD84B9AB1C5BFDCC95559] - (.Hewlett-Packard Company - hpqwmiex Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [818232] [PID.]
~ Scan Processes Running in 00mn AMs



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Omar\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)
~ Scan Google Browser in 00mn AMs



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M2 - MFEP: prefs.js [Omar - hy65zdae.default\crossriderapp2258@crossrider.com] [] I Want This v (.215 Apps.)
M2 - MFEP: prefs.js [Omar - hy65zdae.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.8 (.Michel Gutierrez.)
P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com # win64 # 5.2.1.0.) -- C:\Program Files\ma-config.com\x64\nphardwaredetection.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\Omar\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\Omar\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn AMs



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
~ Scan IE Browser in 00mn AMs



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn AMs



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn AMs



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn AMs
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AMD SteadyVideo BHO [64Bits] - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} . (.Advanced Micro Devices - This plugin allows the user to turn AMD Ste.) -- C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files\Microsoft Office\Office14\GROOVEEX.dll
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office\Office14\URLREDIR.dll
O2 - BHO: CrossriderApp0002258 [64Bits] - {11111111-1111-1111-1111-110011221158} . (.215 Apps - I Want This BHO.) -- C:\Program Files (x86)\I Want This\I Want This.dll
O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AMD SteadyVideo BHO [64Bits] - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} Clé orpheline
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.dll
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java™ Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
~ Scan BHO in 00mn AMs



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio TPE.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKLM\..\Run: [SetDefault] . (.Hewlett-Packard Development Company, L.P. - SetDefault.) -- C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Omar\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [HPQuickWebProxy] . (.Hewlett-Packard Company - HP QuickWeb Utilities.) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java™ Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Reader Application Helper] . (.Sony Corporation - Reader Application Helper.) -- C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5.5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2916140948-699602041-1216653947-1002\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Omar\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-2916140948-699602041-1216653947-1002\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-2916140948-699602041-1216653947-1002\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2916140948-699602041-1216653947-1002\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Pense-bête.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-2916140948-699602041-1216653947-1002\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-2916140948-699602041-1216653947-1002\..\Run: [AdobeBridge] Clé orpheline
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn AMs



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Omar\Desktop\ASSASSIN'S CREED II.lnk . (.Ubisoft.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
O4 - Global Startup: C:\Users\Omar\Desktop\FIFA 12.lnk . (.Electronic Arts.) -- C:\Program Files (x86)\FIFA 12\Game\fifa.exe
O4 - Global Startup: C:\Users\Omar\Desktop\PES 2012.lnk . (.Konami Digital Entertainment Co., Ltd..) -- C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\pes2012.exe
O4 - Global Startup: C:\Users\Omar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk . (.BitTorrent, Inc..) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
O4 - Global Startup: C:\Users\Omar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Omar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
~ Scan Global Startup in 00mn AMs



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn AMs



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xport to Microsoft Excel - (.not file.) - C:\Program Files\MICROS~1\Office14\EXCEL.exe
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Se&nd to OneNote - (.not file.) - C:\Program Files\MICROS~1\Office14\ONBttnIE.dll
~ Scan IE Menu Contextuel in 00mn AMs



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ Scan IE Extra Buttons in 00mn AMs



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\System32\nlaapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\System32\wshbth.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll
~ Scan Winsock in 00mn AMs



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3295E7CB-E5BA-4ACB-AD5A-9243285E8184}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3295E7CB-E5BA-4ACB-AD5A-9243285E8184}: DhcpDomain = no-domain-set-bellcanada
O17 - HKLM\System\CS1\Services\Tcpip\..\{3295E7CB-E5BA-4ACB-AD5A-9243285E8184}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3295E7CB-E5BA-4ACB-AD5A-9243285E8184}: DhcpDomain = no-domain-set-bellcanada
O17 - HKLM\System\CS2\Services\Tcpip\..\{3295E7CB-E5BA-4ACB-AD5A-9243285E8184}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3295E7CB-E5BA-4ACB-AD5A-9243285E8184}: DhcpDomain = no-domain-set-bellcanada
~ Scan Domain in 00mn AMs



---\\ Protocole additionnel (O18)
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Handler: saphtmlp [64Bits] - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} . (.SAP, Walldorf - SAP HTML Pluggable Protocol.) -- C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.dll
O18 - Handler: sapr3 [64Bits] - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} . (.SAP, Walldorf - SAP HTML Pluggable Protocol.) -- C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.dll
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
O18 - Filter: video/mp4 [64Bits] - {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices - MIME Video Detector for IE.) -- C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv [64Bits] - {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices - MIME Video Detector for IE.) -- C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
~ Scan Protocole Additionnel in 00mn AMs



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn AMs



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe
O23 - Service: AMD FUEL Service (AMD FUEL Service) . (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: HP Auto (HPAuto) . (.Hewlett-Packard - HP Usage Improvement Tracking.) - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HPWMISVC (HPWMISVC) . (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R (IconMan_R) . (.Realsil Microelectronics Inc. - Realtek Card Reader Icon Tool..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: C:\Windows\system32\stlang64.dll (STacSV) . (.IDT, Inc. - IDT PC Audio TPE.) - C:\Program Files\IDT\WDM\stacsv64.exe
~ Scan Services in 00mn AMs



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn AMs



---\\ BootExecute (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ Scan Keys in 00mn AMs



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2916140948-699602041-1216653947-1002Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2916140948-699602041-1216653947-1002UA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\HPCeeScheduleForOmar.job
[MD5.393F021E2A9FA19AC94BA4482E32FC6C] [APT] [AdobeAAMUpdater-1.0-Omar-HP-Omar] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-2916140948-699602041-1216653947-1002Core] (.Google Inc..) -- C:\Users\Omar\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskUserS-1-5-21-2916140948-699602041-1216653947-1002UA] (.Google Inc..) -- C:\Users\Omar\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.AF51D4FE088A3EFA5303B36FFFD0581B] [APT] [HPCeeScheduleForOmar] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] [APT] [MirageAgent] (.CyberLink.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
[MD5.FEECD87BAB3ADAEB638959745DD00A2B] [APT] [Registration] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
[MD5.5A65ECA016C3FE775FF9726EB42A6753] [APT] [SetupManager] (.Microsoft.) -- C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe
[MD5.00000000000000000000000000000000] [APT] [{B831D011-F5D8-4986-9A05-C53475711B0C}] (...) -- H:\PESEdit_2012_Patch_2_4\Installer.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{C7C543AB-9223-4250-AF3F-3F49BAF34D29}] (...) -- C:\Users\Omar\Downloads\xpadder_gamepad_profiler\Xpadder.exe (.not file.)
[MD5.B4BFB9F068A27062AE8C133354D3E31F] [APT] [HP Support Assistant Quick Start] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
[MD5.F5E1109CFBDE7E3219213177B7B6A9D7] [APT] [PC Health Analysis] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
[MD5.F5E1109CFBDE7E3219213177B7B6A9D7] [APT] [PC Tuneup] (.Hewlett-Packard Company.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
[MD5.3EA98EF084CB360121A6D7BA2B47E655] [APT] [Update Check] (.Hewlett-Packard.) -- C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe
~ Scan Scheduled Task in 02mn AMs



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d’IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player.) -- C:\Windows\system32\wmp.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn AMs



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\drivers\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys
O41 - Driver: (dtsoftbus01) . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) - C:\Windows\system32\DRIVERS\dtsoftbus01.sys
O41 - Driver: (MpFilter) . (.Microsoft Corporation - Microsoft antimalware file system filter dr.) - C:\Windows\system32\DRIVERS\MpFilter.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn AMs



---\\ Logiciels installés (O42)
O42 - Logiciel: AMD APP SDK Runtime - (.Advanced Micro Devices Inc..) [HKLM] -- {503F672D-6C84-448A-8F8F-4BC35AC83441}
O42 - Logiciel: AMD AVIVO64 Codecs - (.Advanced Micro Devices, Inc..) [HKLM] -- {AB813B91-07DB-F136-C09A-3743AA7CA23F}
O42 - Logiciel: AMD Catalyst Install Manager - (.Advanced Micro Devices, Inc..) [HKLM] -- {BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}
O42 - Logiciel: AMD Drag and Drop Transcoding - (.Advanced Micro Devices, Inc..) [HKLM] -- {40DAFB36-23DB-1A20-F4BD-E53AFD515746}
O42 - Logiciel: AMD Media Foundation Decoders - (.Advanced Micro Devices, Inc..) [HKLM] -- {84C3FCBF-8A79-E383-9CC6-B6661CAF8675}
O42 - Logiciel: AMD Steady Video Plug-In - (.AMD.) [HKLM] -- {5E015E15-F7AD-3379-523F-AD63C0CB9E71}
O42 - Logiciel: AMD Steady Video Plug-In - (.AMD.) [HKLM] -- {6ECDAC2F-12C1-E49B-448E-6002368967E0}
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM] -- {FE23D063-934D-4829-A0D8-00634CE79B4A}
O42 - Logiciel: Adobe After Effects CS5.5 - (.Adobe Systems Incorporated.) [HKLM] -- {CB04D8E1-7B9C-4F35-B2E2-E87CBE520805}
O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated..) [HKLM] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated..) [HKLM] -- {3521BDBD-D453-5D9F-AA55-44B75D214629}
O42 - Logiciel: Adobe Download Assistant - (.Adobe Systems Incorporated.) [HKLM] -- com.adobe.downloadassistant.AdobeDownloadAssistant
O42 - Logiciel: Adobe Download Assistant - (.Adobe Systems Incorporated.) [HKLM] -- {969E11AA-8F3A-F162-1A5A-0965E216B6CE}
O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Photoshop CS - (.Adobe Systems, Inc..) [HKLM] -- {EFB21DE7-8C19-4A88-BB28-A766E16493BC}
O42 - Logiciel: Adobe Premiere Pro CS5.5 - (.Adobe Systems Incorporated.) [HKLM] -- {0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}
O42 - Logiciel: Adobe Reader X (10.1.2) MUI - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-FFFF-7B44-AA0000000001}
O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Adobe Story - (.Adobe Systems Incorporated.) [HKLM] -- com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
O42 - Logiciel: Adobe Story - (.Adobe Systems Incorporated.) [HKLM] -- {C28DD992-5B7B-D195-6841-4EC57DF512BD}
O42 - Logiciel: Agatha Christie - Peril at End House - (.WildTangent.) [HKLM] -- WTA-d62fad79-0902-4d16-b6ff-db41e270790a
O42 - Logiciel: Age of Empires III - (.Microsoft Game Studios.) [HKLM] -- InstallShield_{485775E8-AEB8-46BD-922B-242879E03DD5}
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {A83279FD-CA4B-4206-9535-90974DE76654}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {75104836-CAC7-444E-A39E-3F54151942F5}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
O42 - Logiciel: Assassin's Creed II - (.Ubisoft.) [HKLM] -- {8570BEE8-0CA3-4977-9AB1-80ED93F0513C}
O42 - Logiciel: Bejeweled 3 - (.WildTangent.) [HKLM] -- WTA-efc0fc9c-c73d-47d6-a5f8-f6d4dee36b5d
O42 - Logiciel: BitTorrent - (.BitTorrent Inc..) [HKLM] -- BitTorrent
O42 - Logiciel: Blackhawk Striker 2 - (.WildTangent.) [HKLM] -- WTA-d31c62d6-cb14-45b6-b599-c33c998d6a4d
O42 - Logiciel: Blasterball 3 - (.WildTangent.) [HKLM] -- WTA-2d565b96-bd70-417d-a624-edf645c30281
O42 - Logiciel: Blio - (.K-NFB Reading Technology, Inc..) [HKLM] -- {9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
O42 - Logiciel: Bounce Symphony - (.WildTangent.) [HKLM] -- WTA-7dc560d2-0f23-47f5-b095-ebe1359af5c6
O42 - Logiciel: Broadcom 802.11 Wireless LAN Adapter - (.Broadcom Corporation.) [HKLM] -- Broadcom 802.11 Wireless LAN Adapter
O42 - Logiciel: Broadcom Bluetooth Software - (.Broadcom Corporation.) [HKLM] -- {6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}
O42 - Logiciel: Broadcom InConcert Maestro - (.Broadcom Corporation.) [HKLM] -- {57DD35E9-D9BB-4089-BB05-EF933C586CB3}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Cake Mania - (.WildTangent.) [HKLM] -- WTA-ed727130-9f5e-4930-b3f9-18713482b41d
O42 - Logiciel: Catalyst Control Center - Branding - (.Advanced Micro Devices, Inc..) [HKLM] -- {2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}
O42 - Logiciel: Chronicles of Albian - (.WildTangent.) [HKLM] -- WTA-7e4a4649-4f43-45dc-8360-8061524f779b
O42 - Logiciel: Chuzzle Deluxe - (.WildTangent.) [HKLM] -- WTA-457edf1e-beba-4a11-8a5c-e492377d7cb8
O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}
O42 - Logiciel: Cradle of Rome 2 - (.WildTangent.) [HKLM] -- WTA-f6ac32e8-e210-4f4f-8924-d951aca41f1c
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: DAEMON Tools Lite - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Lite
O42 - Logiciel: DHTML Editing Component - (.Microsoft Corporation.) [HKLM] -- {2EA870FA-585F-4187-903D-CB9FFD21E2E0}
O42 - Logiciel: Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFBA0F11-6CF9-4611-BFD4-648FA4EBE8C1}
O42 - Logiciel: ECL Viewer - (.SAP AG.) [HKLM] -- SAP_ECL
O42 - Logiciel: ESU for Microsoft Windows 7 SP1 - (.Hewlett-Packard.) [HKLM] -- {9945F35E-85EF-4759-A95C-2E10AA34EA58}
O42 - Logiciel: ESU for Microsoft Windows 7 SP1 - (.Hewlett-Packard.) [HKLM] -- {E96CAA2A-0244-4A2A-8403-0C3C9534778B}
O42 - Logiciel: FATE - (.WildTangent.) [HKLM] -- WTA-99cfe04b-c312-4b30-8183-a3662918904d
O42 - Logiciel: FIFA 12 © EA version 1 - (.Pas de propriétaire.) [HKLM] -- FIFA 12 © EA_is1
O42 - Logiciel: Farm Frenzy - (.WildTangent.) [HKLM] -- WTA-3ff52cfc-3679-4fd7-aa29-c1f2e007dd6f
O42 - Logiciel: Final Drive: Nitro - (.WildTangent.) [HKLM] -- WTA-96db0c4e-4396-4b29-85bf-947dd4970df2
O42 - Logiciel: GBoost - (.GZero.) [HKLM] -- {235B7B98-EAC3-4953-AE2C-EABCE1CD65C9}_is1
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: Governor of Poker 2 Premium Edition - (.WildTangent.) [HKLM] -- WTA-73dd9ece-23db-40e8-9485-a15b4bd92e44
O42 - Logiciel: Guitar Pro 6 - (.Arobas Music.) [HKLM] -- {14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1
O42 - Logiciel: HP Auto - (.Hewlett-Packard Company.) [HKLM] -- {CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}
O42 - Logiciel: HP Client Services - (.Hewlett-Packard.) [HKLM] -- {2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {07FA4960-B038-49EB-891B-9F95930AA544}
O42 - Logiciel: HP Documentation - (.Hewlett-Packard.) [HKLM] -- {E56E5D38-5972-420A-9BAF-0F84471E0142}
O42 - Logiciel: HP Games - (.WildTangent.) [HKLM] -- WildTangent hp Master Uninstall
O42 - Logiciel: HP Launch Box - (.Hewlett-Packard Company.) [HKLM] -- {9CAB2212-0732-4827-8EC4-61D8EF0AA65B}
O42 - Logiciel: HP On Screen Display - (.Hewlett-Packard Company.) [HKLM] -- {D7670221-BF9B-4DFF-B26B-5BE55A87329F}
O42 - Logiciel: HP Power Manager - (.Hewlett-Packard Company.) [HKLM] -- {872B1C80-38EC-4A31-A25C-980820593900}
O42 - Logiciel: HP Quick Launch - (.Hewlett-Packard Company.) [HKLM] -- {ABEF00D0-FCAE-4E47-8D4E-D4AE5FD72B15}
O42 - Logiciel: HP QuickWeb - (.Hewlett-Packard Company.) [HKLM] -- {999164B6-5B78-4DD3-BACE-7292640AD0DD}
O42 - Logiciel: HP Setup - (.Hewlett-Packard Company.) [HKLM] -- {5036764A-435D-40C9-869C-31085A3D741D}
O42 - Logiciel: HP Setup Manager - (.Hewlett-Packard Company.) [HKLM] -- {AE856388-AFAD-4753-81DF-D96B19D0A17C}
O42 - Logiciel: HP Software Framework - (.Hewlett-Packard Company.) [HKLM] -- {6C302296-6129-4125-9FD6-2188ECD8814E}
O42 - Logiciel: HP Support Assistant - (.Hewlett-Packard Company.) [HKLM] -- {CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}
O42 - Logiciel: Hewlett-Packard ACLM.NET v1.1.1.0 - (.Hewlett-Packard.) [HKLM] -- {6F340107-F9AA-47C6-B54C-C3A19F11553F}
O42 - Logiciel: HydraVision - (.Advanced Micro Devices, Inc..) [HKLM] -- {C4B85AD5-3FF2-472A-D1D7-6A498773426B}
O42 - Logiciel: I Want This - (.215 Apps.) [HKLM] -- I Want This
O42 - Logiciel: IDT Audio - (.IDT.) [HKLM] -- {E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
O42 - Logiciel: Java™ 6 Update 29 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216029FF}
O42 - Logiciel: Jewel Quest: The Sleepless Star - Collector's Edition - (.WildTangent.) [HKLM] -- WTA-f21e352f-c3ab-4665-9cba-fe24031d6aa8
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MSXML4.0 redistributable - (.SAP.) [HKLM] -- {44D66AD9-AE19-4AFD-BE7E-A1B44C856697}
O42 - Logiciel: Ma-Config.com (64 bits) - (.Cybelsoft.) [HKLM] -- {77FF1F55-E7D8-4EC2-A0DB-9DFB0F9B7354}
O42 - Logiciel: Mah Jong Medley - (.WildTangent.) [HKLM] -- WTA-2c58ab39-f1f5-423f-a6a4-d4982bf10cea
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}
O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended
O42 - Logiciel: Microsoft .NET Framework 4 Extended - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}
O42 - Logiciel: Microsoft .NET Framework 4 Extended FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {A39AE3AE-9808-39D2-AB7B-FF5F0335095E}
O42 - Logiciel: Microsoft Antimalware - (.Microsoft Corporation.) [HKLM] -- {05BFB060-4F22-4710-B0A2-2801A1B606C5}
O42 - Logiciel: Microsoft Antimalware Service FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}
O42 - Logiciel: Microsoft Office 2010 - (.Microsoft Corporation.) [HKLM] -- {95140000-0070-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Access MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-0015-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Access Setup Metadata MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-0117-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-0016-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Groove MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-00BA-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office InfoPath MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-0044-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Office 64-bit Components 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-002A-0000-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office OneNote MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-00A1-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-001A-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-0018-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professional Plus 2010 - (.Microsoft Corporation.) [HKLM] -- Office14.PROPLUS
O42 - Logiciel: Microsoft Office Professional Plus 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-002C-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Publisher MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-0019-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared 64-bit MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-002A-0409-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-0116-0409-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-006E-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared Setup Metadata MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-0115-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (English) 2010 - (.Microsoft Corporation.) [HKLM] -- {90140000-001B-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM] -- {42738DB0-FC3E-4672-A99B-9372F5696E30}
O42 - Logiciel: Microsoft Security Client FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {DC911ADF-7B60-40F2-A112-FB1EB6402D07}
O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM] -- Microsoft Security Client
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 - (.Microsoft Corporation.) [HKLM] -- {8220EEFE-38CD-377E-8595-13398D740ACE}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 - (.Microsoft Corporation.) [HKLM] -- {DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
O42 - Logiciel: Microsoft redistributable runtime DLLs VS2005 SP1(x86) - (.SAP.) [HKLM] -- {CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}
O42 - Logiciel: Microsoft redistributable runtime DLLs VS2008 SP1(x86) - (.SAP AG.) [HKLM] -- {A47A9101-6EB5-4314-BDA1-297880FBB908}
O42 - Logiciel: Microsoft_VC80_ATL_x86 - (.Adobe.) [HKLM] -- {0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
O42 - Logiciel: Microsoft_VC80_CRT_x86 - (.Adobe.) [HKLM] -- {92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
O42 - Logiciel: Microsoft_VC80_CRT_x86_x64 - (.Adobe.) [HKLM] -- {4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
O42 - Logiciel: Microsoft_VC80_MFCLOC_x86 - (.Adobe.) [HKLM] -- {D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
O42 - Logiciel: Microsoft_VC80_MFCLOC_x86_x64 - (.Adobe.) [HKLM] -- {1E9FC118-651D-4934-97BE-E53CAE5C7D45}
O42 - Logiciel: Microsoft_VC80_MFC_x86 - (.Adobe.) [HKLM] -- {D1A19B02-817E-4296-A45B-07853FD74D57}
O42 - Logiciel: Microsoft_VC80_MFC_x86_x64 - (.Adobe.) [HKLM] -- {C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
O42 - Logiciel: Microsoft_VC90_ATL_x86 - (.Adobe.) [HKLM] -- {033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
O42 - Logiciel: Microsoft_VC90_ATL_x86_x64 - (.Adobe.) [HKLM] -- {8557397C-A42D-486F-97B3-A2CBC2372593}
O42 - Logiciel: Microsoft_VC90_CRT_x86 - (.Adobe.) [HKLM] -- {08D2E121-7F6A-43EB-97FD-629B44903403}
O42 - Logiciel: Microsoft_VC90_CRT_x86_x64 - (.Adobe.) [HKLM] -- {92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
O42 - Logiciel: Microsoft_VC90_MFCLOC_x86 - (.Adobe.) [HKLM] -- {B6D38690-755E-4F40-A35A-23F8BC2B86AC}
O42 - Logiciel: Microsoft_VC90_MFC_x86 - (.Adobe.) [HKLM] -- {635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
O42 - Logiciel: Microsoft_VC90_MFC_x86_x64 - (.Adobe.) [HKLM] -- {A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Extended FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Extended FRA Language Pack
O42 - Logiciel: Mozilla Firefox 8.0.1 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 8.0.1 (x86 fr)
O42 - Logiciel: Mystery of Mortlake Mansion - (.WildTangent.) [HKLM] -- WTA-32a849d7-ad87-4686-a8e6-07d8755b31b0
O42 - Logiciel: Namco All-Stars: PAC-MAN - (.WildTangent.) [HKLM] -- WTA-f9fe9461-fb90-4bb7-b766-812cb01c6e40
O42 - Logiciel: Penguins! - (.WildTangent.) [HKLM] -- WTA-1bf88c84-7ab5-4600-886a-f367e5007e56
O42 - Logiciel: Plants vs. Zombies - Game of the Year - (.WildTangent.) [HKLM] -- WTA-6b3c6fc8-7f68-4b38-af73-94301984f1d0
O42 - Logiciel: PlayReady PC Runtime x86 - (.Microsoft Corporation.) [HKLM] -- {CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}
O42 - Logiciel: Poker Superstars III - (.WildTangent.) [HKLM] -- WTA-64f77033-0e6d-44f8-8058-e8a7b8b7be3b
O42 - Logiciel: Polar Bowler - (.WildTangent.) [HKLM] -- WTA-cda4ebf3-fe8f-47ff-a351-b8c9bfb0c1a3
O42 - Logiciel: Polar Golfer - (.WildTangent.) [HKLM] -- WTA-13706b82-6310-4011-8760-02b3c0ba67f2
O42 - Logiciel: Pro Evolution Soccer 2012 - (.KONAMI.) [HKLM] -- {E737A098-F161-4B6F-AF22-86AAE34F6FBD}
O42 - Logiciel: PxMergeModule - (.Your Company Name.) [HKLM] -- {024521CF-C07E-4F8E-8481-0D75695E03AF}
O42 - Logiciel: Reader for PC - (.Sony Corporation.) [HKLM] -- {4D3DA153-548D-4D7F-B62B-653D845169D3}
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek PCIE Card Reader - (.Realtek Semiconductor Corp..) [HKLM] -- {C1594429-8296-4652-BF54-9DBE4932A44C}
O42 - Logiciel: Recovery Manager - (.Hewlett-Packard.) [HKLM] -- {DBCD5E64-7379-4648-9444-8A6558DCB614}
O42 - Logiciel: SAP Business Explorer - (.SAP AG.) [HKLM] -- SAPBI
O42 - Logiciel: SAP GUI for Windows 7.20 - (.SAP.) [HKLM] -- SAPGUI710
O42 - Logiciel: SAP JNet - (.SAP AG.) [HKLM] -- SAP_JNet
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2572078
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2656351
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Extended (KB2416472) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2416472
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Extended (KB2487367) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2487367
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Extended (KB2656351) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2656351
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2518870
O42 - Logiciel: Skype™ 5.5 - (.Skype Technologies S.A..) [HKLM] -- {AA59DDE4-B672-4621-A016-4C248204957A}
O42 - Logiciel: Slingo Supreme - (.WildTangent.) [HKLM] -- WTA-2f0b55fb-3384-4719-b837-a6962d3bbc8f
O42 - Logiciel: Synaptics TouchPad Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: System Requirements Lab CYRI - (.Husdawg, LLC.) [HKLM] -- {943A8D28-80D6-41DC-AE94-81FEB42041BF}
O42 - Logiciel: Tom Clancy's Splinter Cell: Double Agent - (.Cenega Poland Sp. z o. o..) [HKLM] -- SCDA_is1
O42 - Logiciel: Ubisoft Game Launcher - (.UBISOFT.) [HKLM] -- {888F1505-C2B3-4FDE-835D-36353EBD4754}
O42 - Logiciel: Update Installer for WildTangent Games App - (.WildTangent.) [HKLM] -- {2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2473228) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523
O42 - Logiciel: Update for Microsoft .NET Framework 4 Extended (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871
O42 - Logiciel: Update for Microsoft .NET Framework 4 Extended (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523
O42 - Logiciel: Update for Microsoft Office 2010 (KB2494150) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}
O42 - Logiciel: Update for Microsoft Office 2010 (KB2553092) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}
O42 - Logiciel: VLC media player 1.1.11 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: Vacation Quest - The Hawaiian Islands - (.WildTangent.) [HKLM] -- WTA-b7753e4a-5a24-40db-8099-35b56395596d
O42 - Logiciel: Virtual Villagers 5 - New Believers - (.WildTangent.) [HKLM] -- WTA-52d34ee2-5020-4cc9-91a4-ec7380634166
O42 - Logiciel: WildTangent Games App (HP Games) - (.WildTangent.) [HKLM] -- {70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp
O42 - Logiciel: WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {C66824E4-CBB3-4851-BB3F-E8CFD6350923}
O42 - Logiciel: Windows Live Mesh - (.Microsoft Corporation.) [HKLM] -- {A0C91188-C88F-4E86-93E6-CD7C9A266649}
O42 - Logiciel: Windows Live Mesh ActiveX Control for Remote Connections - (.Microsoft Corporation.) [HKLM] -- {2902F983-B4C1-44BA-B85D-5C6D52E2C441}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {80956555-A512-4190-9CAD-B000C36D6B6B}
O42 - Logiciel: Windows Live Movie Maker - (.Microsoft Corporation.) [HKLM] -- {19BA08F7-C728-469C-8A35-BFBD3633BE08}
O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM] -- {D436F577-1695-4D2F-8B44-AC76C99E0002}
O42 - Logiciel: Windows Live Photo Gallery - (.Microsoft Corporation.) [HKLM] -- {34F4D9A4-42C2-4348-BEF4-E553C84549E7}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {656DEEDE-F6AC-47CA-A568-A1B4E34B5760}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {AAF454FC-82CA-4F29-AB31-6A109485E76E}
O42 - Logiciel: Windows Live Writer Resources - (.Microsoft Corporation.) [HKLM] -- {DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
O42 - Logiciel: Zuma Deluxe - (.WildTangent.) [HKLM] -- WTA-09483500-17f8-4822-aeb6-fd8c27fd3f00
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {6CFB1B20-ECAE-488F-9FFB-6AD420882E71}

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AMD]
[HKCU\Software\ASIO]
[HKCU\Software\ATI]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Crossrider]
[HKCU\Software\AppDataLow\Software\I Want This]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\Apple Inc.]
[HKCU\Software\Arobas Music]
[HKCU\Software\BitTorrent]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Cr_Installer]
[HKCU\Software\CyberLink]
[HKCU\Software\DT Soft]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\JavaSoft]
[HKCU\Software\Licenses]
[HKCU\Software\Macromedia]
[HKCU\Software\Minnetonka Audio Software]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Orange]
[HKCU\Software\PACE Anti-Piracy]
[HKCU\Software\Pancake]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\SAP]
[HKCU\Software\Skype]
[HKCU\Software\Sony Corporation]
[HKCU\Software\Symantec]
[HKCU\Software\Synaptics]
[HKCU\Software\Sysinternals]
[HKCU\Software\System Requirements Lab]
[HKCU\Software\Trolltech]
[HKCU\Software\Ubisoft]
[HKCU\Software\Widcomm]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\Xenocode]
[HKCU\Software\cybelsoft]
[HKCU\Software\kde.org]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\Adobe]
[HKLM\Software\AppDataLow]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\Broadcom]
[HKLM\Software\CBSTEST]
[HKLM\Software\CXT]
[HKLM\Software\Canon]
[HKLM\Software\Caphyon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\Cyberlink]
[HKLM\Software\DT Soft]
[HKLM\Software\ESRI]
[HKLM\Software\GEAR Software]
[HKLM\Software\GZero]
[HKLM\Software\Google]
[HKLM\Software\HPQ]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IDT]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Insyde]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\KONAMI]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\MimarSinan]
[HKLM\Software\Minnetonka Audio Software]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\PocketSoft]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek Semiconductor Corp.]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SAP]
[HKLM\Software\Simba]
[HKLM\Software\Skype]
[HKLM\Software\Sonic]
[HKLM\Software\Sony Corporation]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\Systweak]
[HKLM\Software\Ubisoft]
[HKLM\Software\VideoLAN]
[HKLM\Software\WhlProvider]
[HKLM\Software\Widcomm]
[HKLM\Software\WildTangent]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\Software\cybelsoft]
[HKLM\Software\mozilla.org]
~ Scan Softwares in 00mn AMs



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2/12/2012 - 9:11:10 PM - [1459.833] ----D- C:\Program Files\Adobe
O43 - CFD: 2/12/2012 - 9:11:28 PM - [0.235] ----D- C:\Program Files\AMD
O43 - CFD: 2/12/2012 - 9:11:30 PM - [26.379] ----D- C:\Program Files\ATI
O43 - CFD: 2/12/2012 - 6:51:26 PM - [5.104] ----D- C:\Program Files\ATI Technologies
O43 - CFD: 2/12/2012 - 9:25:56 PM - [0.586] ----D- C:\Program Files\Bonjour
O43 - CFD: 2/12/2012 - 9:11:34 PM - [14.207] ----D- C:\Program Files\Broadcom
O43 - CFD: 2/12/2012 - 9:11:34 PM - [8.481] ----D- C:\Program Files\CCleaner
O43 - CFD: 2/12/2012 - 9:11:34 PM - [189.169] ----D- C:\Program Files\Common Files
O43 - CFD: 2/12/2012 - 9:11:36 PM - [86.076] ----D- C:\Program Files\DVD Maker
O43 - CFD: 2/12/2012 - 10:37:34 AM - [28.406] ----D- C:\Program Files\Enigma Software Group
O43 - CFD: 2/12/2012 - 9:11:36 PM - [3.069] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 2/12/2012 - 9:11:36 PM - [66.233] ----D- C:\Program Files\IDT
O43 - CFD: 2/12/2012 - 9:34:18 PM - [5.917] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 2/12/2012 - 9:11:36 PM - [1.999] ----D- C:\Program Files\iPod
O43 - CFD: 2/12/2012 - 9:11:36 PM - [2.386] ----D- C:\Program Files\iTunes
O43 - CFD: 2/12/2012 - 9:11:36 PM - [9.587] ----D- C:\Program Files\ma-config.com
O43 - CFD: 2/12/2012 - 9:11:36 PM - [142.324] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 2/12/2012 - 9:11:36 PM - [21.672] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 2/12/2012 - 9:26:04 PM - [22.502] ----D- C:\Program Files\Microsoft Security Client
O43 - CFD: 2/12/2012 - 9:11:38 PM - [0.025] ----D- C:\Program Files\MSBuild
O43 - CFD: 2/12/2012 - 9:26:04 PM - [0.573] R---D- C:\Program Files\Online Services
O43 - CFD: 2/12/2012 - 9:11:38 PM - [35.109] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 2/12/2012 - 9:11:38 PM - [72.903] ----D- C:\Program Files\Synaptics
O43 - CFD: 7/14/2009 - 12:09:28 AM - [0] ----D- C:\Program Files\Uninstall Information
O43 - CFD: 2/12/2012 - 9:11:40 PM - [241.654] ----D- C:\Program Files\WIDCOMM
O43 - CFD: 2/12/2012 - 9:11:42 PM - [3.853] ----D- C:\Program Files\Windows Defender
O43 - CFD: 2/12/2012 - 9:11:42 PM - [0.153] ----D- C:\Program Files\Windows Live
O43 - CFD: 2/12/2012 - 9:34:18 PM - [6.359] ----D- C:\Program Files\Windows Mail
O43 - CFD: 2/12/2012 - 9:11:42 PM - [7.331] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 2/12/2012 - 9:11:42 PM - [12.043] ----D- C:\Program Files\Windows NT
O43 - CFD: 2/12/2012 - 9:34:18 PM - [5.261] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 11/20/2010 - 10:31:36 PM - [0.233] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 2/12/2012 - 9:34:18 PM - [7.514] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 2/12/2012 - 9:11:34 PM - [121.748] ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 2/12/2012 - 9:11:34 PM - [6.277] ----D- C:\Program Files\Common Files\Apple
O43 - CFD: 2/12/2012 - 9:11:34 PM - [5.337] ----D- C:\Program Files\Common Files\ATI Technologies
O43 - CFD: 2/12/2012 - 9:11:34 PM - [43.595] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 7/13/2009 - 10:20:10 PM - [0.003] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 2/12/2012 - 9:11:34 PM - [0.581] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 2/12/2012 - 9:11:34 PM - [11.629] ----D- C:\Program Files\Common Files\System
O43 - CFD: 2/12/2012 - 9:11:44 PM - [522.057] ----D- C:\ProgramData\Adobe
O43 - CFD: 2/3/2012 - 11:44:44 PM - [0.006] ----D- C:\ProgramData\Adobe Systems
O43 - CFD: 1/22/2012 - 9:10:18 PM - [0] ----D- C:\ProgramData\Age of Empires 3
O43 - CFD: 2/12/2012 - 6:50:38 PM - [0] ----D- C:\ProgramData\AMD
O43 - CFD: 2/12/2012 - 9:11:44 PM - [34.723] ----D- C:\ProgramData\Apple
O43 - CFD: 2/12/2012 - 9:11:44 PM - [42.297] ----D- C:\ProgramData\Apple Computer
O43 - CFD: 7/14/2009 - 12:08:58 AM - [0] ----D- C:\ProgramData\Application Data
O43 - CFD: 2/12/2012 - 6:52:26 PM - [0.000] ----D- C:\ProgramData\ATI
O43 - CFD: 2/12/2012 - 4:35:12 PM - [0.063] ----D- C:\ProgramData\AVG2012
O43 - CFD: 12/3/2011 - 1:10:24 AM - [0.000] ----D- C:\ProgramData\Blio
O43 - CFD: 2/12/2012 - 9:11:44 PM - [0.166] ----D- C:\ProgramData\CanonBJ
O43 - CFD: 2/12/2012 - 10:53:02 AM - [0.000] ----D- C:\ProgramData\Common Files
O43 - CFD: 2/12/2012 - 9:11:44 PM - [0.009] ----D- C:\ProgramData\CyberLink
O43 - CFD: 12/2/2011 - 11:49:16 PM - [0.001] ----D- C:\ProgramData\DAEMON Tools Lite
O43 - CFD: 12/2/2011 - 11:45:44 PM - [0] ----D- C:\ProgramData\DAEMON Tools Pro
O43 - CFD: 7/14/2009 - 12:08:58 AM - [0] ----D- C:\ProgramData\Desktop
O43 - CFD: 7/14/2009 - 12:08:58 AM - [0] ----D- C:\ProgramData\Documents
O43 - CFD: 12/9/2011 - 6:40:32 PM - [0] ----D- C:\ProgramData\EA Core
O43 - CFD: 2/12/2012 - 9:11:44 PM - [0.001] ----D- C:\ProgramData\Electronic Arts
O43 - CFD: 7/14/2009 - 12:08:58 AM - [0] ----D- C:\ProgramData\Favorites
O43 - CFD: 12/20/2011 - 10:44:42 AM - [0.000] ----D- C:\ProgramData\Guitar Pro 6
O43 - CFD: 2/12/2012 - 9:11:44 PM - [2.141] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 12/25/2011 - 9:29:12 AM - [0] ----D- C:\ProgramData\kinoma
O43 - CFD: 12/10/2011 - 4:13:22 AM - [29.381] ----D- C:\ProgramData\KONAMI
O43 - CFD: 12/3/2011 - 7:33:58 PM - [1.214] ----D- C:\ProgramData\ma-config.com
O43 - CFD: 2/12/2012 - 10:54:20 AM - [0] ----D- C:\ProgramData\McAfee
O43 - CFD: 2/12/2012 - 4:36:14 PM - [18.781] ----D- C:\ProgramData\MFAData
O43 - CFD: 2/12/2012 - 9:11:46 PM - [-1455.600] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 2/12/2012 - 9:26:14 PM - [0.058] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 2/12/2012 - 9:11:52 PM - [0.019] ----D- C:\ProgramData\Norton
O43 - CFD: 12/3/2011 - 4:54:28 PM - [65.670] ----D- C:\ProgramData\NortonInstaller
O43 - CFD: 12/30/2011 - 3:00:56 PM - [0] ----D- C:\ProgramData\Orange
O43 - CFD: 2/4/2012 - 1:36:48 AM - [0.002] ----D- C:\ProgramData\PACE Anti-Piracy
O43 - CFD: 2/9/2012 - 5:50:22 PM - [0.003] ----D- C:\ProgramData\regid.1986-12.com.adobe
O43 - CFD: 2/12/2012 - 9:11:52 PM - [35.558] ----D- C:\ProgramData\Skype
O43 - CFD: 2/12/2012 - 9:11:52 PM - [144.385] ----D- C:\ProgramData\Sony Corporation
O43 - CFD: 7/14/2009 - 12:08:58 AM - [0] ----D- C:\ProgramData\Start Menu
O43 - CFD: 12/3/2011 - 7:25:56 PM - [0.000] ----D- C:\ProgramData\Sun
O43 - CFD: 2/12/2012 - 9:11:52 PM - [0.166] ----D- C:\ProgramData\Synaptics
O43 - CFD: 2/12/2012 - 9:11:52 PM - [0.086] ----D- C:\ProgramData\Temp
O43 - CFD: 7/14/2009 - 12:08:58 AM - [0] ----D- C:\ProgramData\Templates
O43 - CFD: 12/21/2011 - 2:11:54 AM - [0.005] ----D- C:\ProgramData\Ubisoft
O43 - CFD: 2/12/2012 - 9:11:52 PM - [1681.667] ----D- C:\ProgramData\WildTangent
O43 - CFD: 2/12/2012 - 9:11:52 PM - [0.853] ----D- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
O43 - CFD: 7/21/2011 - 10:18:48 AM - [45.266] ----D- C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
O43 - CFD: 2/12/2012 - 9:12:00 PM - [1698.729] ----D- C:\Users\Omar\AppData\Roaming\Adobe
O43 - CFD: 2/10/2012 - 12:32:24 AM - [0.800] ----D- C:\Users\Omar\AppData\Roaming\Apple Computer
O43 - CFD: 12/2/2011 - 5:44:38 PM - [0] ----D- C:\Users\Omar\AppData\Roaming\ATI
O43 - CFD: 2/12/2012 - 7:38:28 PM - [0.436] ----D- C:\Users\Omar\AppData\Roaming\BitTorrent
O43 - CFD: 12/3/2011 - 1:10:42 AM - [0.094] ----D- C:\Users\Omar\AppData\Roaming\Blio
O43 - CFD: 2/4/2012 - 12:27:06 AM - [0.023] ----D- C:\Users\Omar\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
O43 - CFD: 12/2/2011 - 6:12:22 PM - [0] ----D- C:\Users\Omar\AppData\Roaming\CyberLink
O43 - CFD: 2/4/2012 - 7:25:12 PM - [0.000] ----D- C:\Users\Omar\AppData\Roaming\DAEMON Tools Lite
O43 - CFD: 12/2/2011 - 11:45:44 PM - [0] ----D- C:\Users\Omar\AppData\Roaming\DAEMON Tools Pro
O43 - CFD: 12/20/2011 - 10:45:00 AM - [0.029] ----D- C:\Users\Omar\AppData\Roaming\Guitar Pro 6
O43 - CFD: 2/12/2012 - 9:12:00 PM - [2.667] ----D- C:\Users\Omar\AppData\Roaming\GZero
O43 - CFD: 12/10/2011 - 3:56:34 PM - [0.053] ----D- C:\Users\Omar\AppData\Roaming\Hewlett-Packard
O43 - CFD: 12/2/2011 - 6:11:22 PM - [0.023] ----D- C:\Users\Omar\AppData\Roaming\hpqlog
O43 - CFD: 12/2/2011 - 5:43:00 PM - [0] ----D- C:\Users\Omar\AppData\Roaming\Identities
O43 - CFD: 2/12/2012 - 9:12:00 PM - [0.055] ----D- C:\Users\Omar\AppData\Roaming\Macromedia
O43 - CFD: 9/22/2011 - 6:42:48 PM - [0] ----D- C:\Users\Omar\AppData\Roaming\Media Center Programs
O43 - CFD: 2/12/2012 - 9:12:04 PM - [9.084] -S--D- C:\Users\Omar\AppData\Roaming\Microsoft
O43 - CFD: 2/12/2012 - 9:12:04 PM - [15.616] ----D- C:\Users\Omar\AppData\Roaming\Mozilla
O43 - CFD: 2/4/2012 - 1:36:48 AM - [0.002] ----D- C:\Users\Omar\AppData\Roaming\PACE Anti-Piracy
O43 - CFD: 2/12/2012 - 9:12:04 PM - [0.330] ----D- C:\Users\Omar\AppData\Roaming\SAP
O43 - CFD: 2/12/2012 - 7:55:58 PM - [3.218] ----D- C:\Users\Omar\AppData\Roaming\Skype
O43 - CFD: 12/25/2011 - 9:14:58 AM - [0] ----D- C:\Users\Omar\AppData\Roaming\Sony Corporation
O43 - CFD: 2/4/2012 - 1:41:36 AM - [0] ----D- C:\Users\Omar\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
O43 - CFD: 12/2/2011 - 5:43:36 PM - [0] ----D- C:\Users\Omar\AppData\Roaming\Synaptics
O43 - CFD: 12/20/2011 - 12:05:18 AM - [0.649] ----D- C:\Users\Omar\AppData\Roaming\SystemRequirementsLab
O43 - CFD: 2/12/2012 - 9:12:04 PM - [0.002] ----D- C:\Users\Omar\AppData\Roaming\Ubisoft
O43 - CFD: 2/12/2012 - 9:26:44 PM - [0.074] ----D- C:\Users\Omar\AppData\Roaming\vlc
O43 - CFD: 12/2/2011 - 11:54:44 PM - [0.000] ----D- C:\Users\Omar\AppData\Roaming\WinRAR
O43 - CFD: 2/9/2012 - 6:20:54 PM - [15.517] ----D- C:\Users\Omar\AppData\Local\Adobe
O43 - CFD: 12/2/2011 - 5:44:54 PM - [0.000] ----D- C:\Users\Omar\AppData\Local\AMD
O43 - CFD: 12/5/2011 - 4:28:28 PM - [0] ----D- C:\Users\Omar\AppData\Local\Apple
O43 - CFD: 2/11/2012 - 3:03:50 PM - [11.960] ----D- C:\Users\Omar\AppData\Local\Apple Computer
O43 - CFD: 12/2/2011 - 5:38:28 PM - [0] ----D- C:\Users\Omar\AppData\Local\Application Data
O43 - CFD: 12/2/2011 - 5:44:38 PM - [0.066] ----D- C:\Users\Omar\AppData\Local\ATI
O43 - CFD: 12/3/2011 - 12:02:50 AM - [0] ----D- C:\Users\Omar\AppData\Local\BitTorrent
O43 - CFD: 12/2/2011 - 5:43:56 PM - [0] ----D- C:\Users\Omar\AppData\Local\Broadcom
O43 - CFD: 2/12/2012 - 7:36:06 PM - [0] ----D- C:\Users\Omar\AppData\Local\CrashDumps
O43 - CFD: 2/12/2012 - 9:11:54 PM - [0.005] ----D- C:\Users\Omar\AppData\Local\CyberLink
O43 - CFD: 2/11/2012 - 3:07:22 AM - [15.815] ----D- C:\Users\Omar\AppData\Local\Diagnostics
O43 - CFD: 2/12/2012 - 2:25:56 PM - [0.323] ----D- C:\Users\Omar\AppData\Local\ElevatedDiagnostics
O43 - CFD: 12/2/2011 - 11:43:18 PM - [0] ----D- C:\Users\Omar\AppData\Local\Evernote
O43 - CFD: 2/12/2012 - 9:11:56 PM - [301.822] ----D- C:\Users\Omar\AppData\Local\Google
O43 - CFD: 2/12/2012 - 9:11:56 PM - [0.001] ----D- C:\Users\Omar\AppData\Local\GZero
O43 - CFD: 2/12/2012 - 9:11:56 PM - [0.820] ----D- C:\Users\Omar\AppData\Local\Hewlett-Packard
O43 - CFD: 2/12/2012 - 9:11:56 PM - [0.003] ----D- C:\Users\Omar\AppData\Local\Hewlett-Packard_Company
O43 - CFD: 12/2/2011 - 5:38:28 PM - [0] ----D- C:\Users\Omar\AppData\Local\Historique
O43 - CFD: 2/4/2012 - 3:43:26 PM - [0.081] ----D- C:\Users\Omar\AppData\Local\I Want This
O43 - CFD: 12/10/2011 - 4:17:58 PM - [0.014] ----D- C:\Users\Omar\AppData\Local\Ilivid Player
O43 - CFD: 12/25/2011 - 9:19:24 AM - [0] ----D- C:\Users\Omar\AppData\Local\kinoma
O43 - CFD: 1/10/2012 - 1:27:14 PM - [0.025] ----D- C:\Users\Omar\AppData\Local\LiveGBoost
O43 - CFD: 2/12/2012 - 9:26:32 PM - [-1581.231] ----D- C:\Users\Omar\AppData\Local\Microsoft
O43 - CFD: 2/12/2012 - 9:26:32 PM - [0.139] ----D- C:\Users\Omar\AppData\Local\Microsoft Help
O43 - CFD: 12/9/2011 - 1:05:24 AM - [46.592] ----D- C:\Users\Omar\AppData\Local\Mozilla
O43 - CFD: 12/30/2011 - 3:00:40 PM - [0.345] ----D- C:\Users\Omar\AppData\Local\Orange
O43 - CFD: 2/4/2012 - 1:36:48 AM - [0] ----D- C:\Users\Omar\AppData\Local\PACE Anti-Piracy
O43 - CFD: 12/10/2011 - 4:17:10 PM - [0] ----D- C:\Users\Omar\AppData\Local\PackageAware
O43 - CFD: 2/12/2012 - 9:11:56 PM - [0.000] ----D- C:\Users\Omar\AppData\Local\RemEngine
O43 - CFD: 2/8/2012 - 8:49:46 AM - [0.137] ----D- C:\Users\Omar\AppData\Local\SAP
O43 - CFD: 1/18/2012 - 12:16:18 PM - [0.001] ----D- C:\Users\Omar\AppData\Local\sijab-logs
O43 - CFD: 2/12/2012 - 9:11:56 PM - [11.374] ----D- C:\Users\Omar\AppData\Local\Sony Corporation
O43 - CFD: 2/12/2012 - 7:55:48 PM - [0.002] ----D- C:\Users\Omar\AppData\Local\Temp
O43 - CFD: 12/2/2011 - 5:38:28 PM - [0] ----D- C:\Users\Omar\AppData\Local\Temporary Internet Files
O43 - CFD: 12/21/2011 - 2:13:38 AM - [0.000] ----D- C:\Users\Omar\AppData\Local\Ubisoft Game Launcher
O43 - CFD: 2/12/2012 - 9:11:58 PM - [3.226] ----D- C:\Users\Omar\AppData\Local\VirtualStore
O43 - CFD: 2/12/2012 - 9:11:58 PM - [5.900] ----D- C:\Users\Omar\AppData\Local\Xenocode
O43 - CFD: 2/12/2012 - 9:10:30 PM - [1469.138] ----D- C:\Program Files (x86)\Adobe
O43 - CFD: 2/4/2012 - 12:27:02 AM - [2.857] ----D- C:\Program Files (x86)\Adobe Download Assistant
O43 - CFD: 2/4/2012 - 1:26:00 AM - [8.895] ----D- C:\Program Files (x86)\Adobe Story
O43 - CFD: 2/12/2012 - 9:10:30 PM - [0.208] ----D- C:\Program Files (x86)\AMD
O43 - CFD: 2/12/2012 - 6:52:14 PM - [2.324] ----D- C:\Program Files (x86)\AMD APP
O43 - CFD: 2/12/2012 - 9:10:30 PM - [2.316] ----D- C:\Program Files (x86)\Apple Software Update
O43 - CFD: 2/12/2012 - 9:10:48 PM - [71.093] ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 2/12/2012 - 10:57:38 AM - [0] ----D- C:\Program Files (x86)\AVG
O43 - CFD: 12/3/2011 - 12:03:38 AM - [5.684] ----D- C:\Program Files (x86)\BitTorrent
O43 - CFD: 2/12/2012 - 9:25:00 PM - [0.602] ----D- C:\Program Files (x86)\Bonjour
O43 - CFD: 2/12/2012 - 9:10:56 PM - [916.976] ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 2/12/2012 - 9:10:56 PM - [120.310] ----D- C:\Program Files (x86)\CyberLink
O43 - CFD: 2/12/2012 - 9:10:58 PM - [23.312] ----D- C:\Program Files (x86)\DAEMON Tools Lite
O43 - CFD: 2/12/2012 - 9:10:58 PM - [-1273.512] ----D- C:\Program Files (x86)\FIFA 12
O43 - CFD: 1/8/2012 - 12:05:10 PM - [1.639] ----D- C:\Program Files (x86)\GBoost
O43 - CFD: 2/12/2012 - 9:10:58 PM - [1832.743] ----D- C:\Program Files (x86)\Guitar Pro 6
O43 - CFD: 2/12/2012 - 9:25:20 PM - [224.136] ----D- C:\Program Files (x86)\Hewlett-Packard
O43 - CFD: 2/12/2012 - 9:11:00 PM - [445.148] ----D- C:\Program Files (x86)\HP Games
O43 - CFD: 2/4/2012 - 3:43:28 PM - [3.450] ----D- C:\Program Files (x86)\I Want This
O43 - CFD: 2/12/2012 - 9:11:00 PM - [34.213] ----D- C:\Program Files (x86)\iLivid
O43 - CFD: 2/12/2012 - 9:11:00 PM - [42.990] ----D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 2/12/2012 - 9:34:18 PM - [4.921] ----D- C:\Program Files (x86)\Internet Explorer
O43 - CFD: 2/12/2012 - 9:25:30 PM - [140.828] ----D- C:\Program Files (x86)\iTunes
O43 - CFD: 2/12/2012 - 9:11:00 PM - [99.582] ----D- C:\Program Files (x86)\Java
O43 - CFD: 2/12/2012 - 9:11:02 PM - [37.377] ----D- C:\Program Files (x86)\K-NFB Reading Technology Inc
O43 - CFD: 2/12/2012 - 9:11:02 PM - [-1695.155] ----D- C:\Program Files (x86)\KONAMI
O43 - CFD: 2/12/2012 - 9:23:24 PM - [0.962] ----D- C:\Program Files (x86)\McAfee Security Scan
O43 - CFD: 12/11/2011 - 4:03:42 PM - [0] ----D- C:\Program Files (x86)\Microsoft
O43 - CFD: 2/12/2012 - 9:11:02 PM - [37.927] ----D- C:\Program Files (x86)\Microsoft Analysis Services
O43 - CFD: 2/12/2012 - 9:11:02 PM - [-2016.805] ----D- C:\Program Files (x86)\Microsoft Games
O43 - CFD: 2/12/2012 - 9:11:02 PM - [791.894] ----D- C:\Program Files (x86)\Microsoft Office
O43 - CFD: 2/12/2012 - 9:11:02 PM - [0.960] ----D- C:\Program Files (x86)\Microsoft Security Client
O43 - CFD: 2/12/2012 - 9:11:02 PM - [40.699] ----D- C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 2/12/2012 - 9:11:02 PM - [1.722] ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 2/12/2012 - 9:11:02 PM - [0.757] ----D- C:\Program Files (x86)\Microsoft Sync Framework
O43 - CFD: 2/12/2012 - 9:11:02 PM - [0.312] ----D- C:\Program Files (x86)\Microsoft Synchronization Services
O43 - CFD: 2/12/2012 - 9:11:02 PM - [1.200] ----D- C:\Program Files (x86)\Microsoft Visual Studio 8
O43 - CFD: 2/12/2012 - 9:11:02 PM - [7.797] ----D- C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 2/12/2012 - 9:11:02 PM - [36.397] ----D- C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 2/12/2012 - 9:11:02 PM - [0.025] ----D- C:\Program Files (x86)\MSBuild
O43 - CFD: 1/19/2012 - 11:42:34 AM - [0] ----D- C:\Program Files (x86)\MSXML 4.0
O43 - CFD: 2/4/2012 - 1:25:08 AM - [0] ----D- C:\Program Files (x86)\My Company Name
O43 - CFD: 2/12/2012 - 9:25:36 PM - [20.787] R---D- C:\Program Files (x86)\Online Services
O43 - CFD: 7/21/2011 - 10:01:58 AM - [1.669] ----D- C:\Program Files (x86)\PlayReady
O43 - CFD: 2/12/2012 - 9:23:20 PM - [48.104] ----D- C:\Program Files (x86)\QuickTime
O43 - CFD: 2/12/2012 - 9:11:04 PM - [15.236] ----D- C:\Program Files (x86)\Realtek
O43 - CFD: 2/12/2012 - 9:11:04 PM - [37.345] ----D- C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 2/12/2012 - 9:11:04 PM - [420.375] ----D- C:\Program Files (x86)\SAP
O43 - CFD: 2/12/2012 - 9:25:42 PM - [16.555] R---D- C:\Program Files (x86)\Skype
O43 - CFD: 2/12/2012 - 9:11:06 PM - [62.355] ----D- C:\Program Files (x86)\Sony
O43 - CFD: 9/22/2011 - 6:10:30 PM - [0.727] ----D- C:\Program Files (x86)\SymSilent
O43 - CFD: 12/20/2011 - 12:05:42 AM - [0.470] ----D- C:\Program Files (x86)\SystemRequirementsLab
O43 - CFD: 2/12/2012 - 9:11:06 PM - [456.906] ----D- C:\Program Files (x86)\Ubisoft
O43 - CFD: 7/13/2009 - 11:57:08 PM - [0] ----D- C:\Program Files (x86)\Uninstall Information
O43 - CFD: 2/12/2012 - 9:11:08 PM - [80.793] ----D- C:\Program Files (x86)\VideoLAN
O43 - CFD: 2/12/2012 - 9:11:08 PM - [9.237] ----D- C:\Program Files (x86)\WildTangent Games
O43 - CFD: 2/12/2012 - 9:11:08 PM - [0.500] ----D- C:\Program Files (x86)\Windows Defender
O43 - CFD: 2/12/2012 - 9:11:08 PM - [26.092] ----D- C:\Program Files (x86)\Windows Live
O43 - CFD: 2/12/2012 - 9:34:18 PM - [5.895] ----D- C:\Program Files (x86)\Windows Mail
O43 - CFD: 2/12/2012 - 9:11:08 PM - [5.092] ----D- C:\Program Files (x86)\Windows Media Player
O43 - CFD: 2/12/2012 - 9:11:08 PM - [11.632] ----D- C:\Program Files (x86)\Windows NT
O43 - CFD: 2/12/2012 - 9:11:08 PM - [4.213] ----D- C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 11/20/2010 - 10:31:40 PM - [0.181] ----D- C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 2/12/2012 - 9:34:18 PM - [5.717] ----D- C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 2/12/2012 - 9:25:48 PM - [3.693] ----D- C:\Program Files (x86)\WinRAR
O43 - CFD: 2/12/2012 - 7:56:02 PM - [10.104] ----D- C:\Program Files (x86)\ZHPDiag
O43 - CFD: 2/12/2012 - 9:10:52 PM - [504.656] ----D- C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 2/12/2012 - 9:10:48 PM - [37.554] ----D- C:\Program Files (x86)\Common Files\Adobe AIR
O43 - CFD: 2/12/2012 - 9:10:54 PM - [98.985] ----D- C:\Program Files (x86)\Common Files\Apple
O43 - CFD: 2/12/2012 - 9:10:54 PM - [0.324] ----D- C:\Program Files (x86)\Common Files\ATI Technologies
O43 - CFD: 12/3/2011 - 12:08:22 AM - [0.095] ----D- C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 2/12/2012 - 9:25:12 PM - [9.532] ----D- C:\Program Files (x86)\Common Files\ESRI
O43 - CFD: 2/12/2012 - 9:10:54 PM - [4.862] ----D- C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 2/12/2012 - 9:10:54 PM - [1.201] ----D- C:\Program Files (x86)\Common Files\Java
O43 - CFD: 2/12/2012 - 9:10:56 PM - [177.022] ----D- C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 2/4/2012 - 1:25:08 AM - [0.195] ----D- C:\Program Files (x86)\Common Files\PX Storage Engine
O43 - CFD: 2/12/2012 - 9:25:14 PM - [27.068] ----D- C:\Program Files (x86)\Common Files\SAP Shared
O43 - CFD: 7/13/2009 - 10:20:10 PM - [0.003] ----D- C:\Program Files (x86)\Common Files\Services
O43 - CFD: 2/12/2012 - 9:10:56 PM - [0.355] ----D- C:\Program Files (x86)\Common Files\Sonic Shared
O43 - CFD: 2/12/2012 - 9:10:56 PM - [0.104] ----D- C:\Program Files (x86)\Common Files\Sony Shared
O43 - CFD: 2/12/2012 - 9:10:56 PM - [39.200] ----D- C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 2/12/2012 - 9:10:56 PM - [15.824] ----D- C:\Program Files (x86)\Common Files\System
O43 - CFD: 2/12/2012 - 9:10:56 PM - [0] ----D- C:\Program Files (x86)\Common Files\Windows Live
~ Scan Program Folder in 03mn AMs



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1/31/2012 - 10:26:55 AM RSHAD . (...) -- C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [0]
O44 - LFC:[MD5.5B5E81F3E9516E3399DB57E4B4D145F1] - 2/12/2012 - 6:36:54 PM -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.E354D78B7CBCCCB826B734BC626F314A] - 2/12/2012 - 6:38:03 PM ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [4980424]
O44 - LFC:[MD5.E354D78B7CBCCCB826B734BC626F314A] - 2/12/2012 - 6:38:03 PM RSHAD . (...) -- C:\Windows\system32\FNTCACHE.DAT [4980424]
O44 - LFC:[MD5.2618D852AE0BCD8CC3C0723656C704D1] - 2/12/2012 - 7:34:39 PM ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1668358]
O44 - LFC:[MD5.031EA507983966FFDDABD8BC3135F42D] - 2/12/2012 - 7:34:39 PM ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [122108]
O44 - LFC:[MD5.A26FB8B6F93F8C082F0CCA6F62CDA302] - 2/12/2012 - 7:34:39 PM ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [149820]
O44 - LFC:[MD5.E751FE4A35D97ED73E82C07CEBFBC020] - 2/12/2012 - 7:34:39 PM ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [654276]
O44 - LFC:[MD5.61FC59AAE8A21D0003B6EF31592584A3] - 2/12/2012 - 7:34:39 PM ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [747434]
O44 - LFC:[MD5.2618D852AE0BCD8CC3C0723656C704D1] - 2/12/2012 - 7:34:39 PM ---A- . (...) -- C:\Windows\system32\PerfStringBackup.INI [1668358]
O44 - LFC:[MD5.031EA507983966FFDDABD8BC3135F42D] - 2/12/2012 - 7:34:39 PM RSHAD . (...) -- C:\Windows\system32\perfc009.dat [122108]
O44 - LFC:[MD5.A26FB8B6F93F8C082F0CCA6F62CDA302] - 2/12/2012 - 7:34:39 PM RSHAD . (...) -- C:\Windows\system32\perfc00C.dat [149820]
O44 - LFC:[MD5.E751FE4A35D97ED73E82C07CEBFBC020] - 2/12/2012 - 7:34:39 PM RSHAD . (...) -- C:\Windows\system32\perfh009.dat [654276]
O44 - LFC:[MD5.61FC59AAE8A21D0003B6EF31592584A3] - 2/12/2012 - 7:34:39 PM RSHAD . (...) -- C:\Windows\system32\perfh00C.dat [747434]
O44 - LFC:[MD5.F3B9CE228483FEFC98A769F4B7514893] - 2/12/2012 - 7:50:18 PM ---A- . (...) -- C:\Windows\WindowsUpdate.log [1256796]
O44 - LFC:[MD5.E185BDA84E5F03F4E1D8DCA30E209277] - 2/4/2012 - 7:27:59 PM ---A- . (...) -- C:\Windows\epplauncher.mif [1912]
~ Scan Files in 03mn AMs



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Notification Packages . (.Broadcom Corporation. - BtwProximityCP DLL.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\TSpkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
~ Scan Keys in 00mn AMs



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\system32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\system32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\system32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\system32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\system32\Drivers\volmgrx.sys
~ Scan CSB in 00mn AMs



---\\ MountPoints2 Shell Key (O51) (None)

---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ Scan Keys in 00mn AMs



---\\ ShareTools MSconfig StartupReg (O53) (None)

---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll
~ Scan Keys in 00mn AMs



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn AMs



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
~ Scan Keys in 00mn AMs



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 7/13/2009 - 8:52:21 PM ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 7/13/2009 - 8:52:21 PM RSHAD . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339536]
O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 7/13/2009 - 8:52:21 PM RSHAD . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [182864]
O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 7/13/2009 - 8:52:21 PM RSHAD . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15440]
O58 - SDL:[MD5.6A2EEB0C4133B20773BB3DD0B7B377B4] - 2/18/2010 - 11:18:24 AM RSHAD . (.Advanced Micro Devices - AMD IO Driver.) -- C:\Windows\system32\drivers\amdiox64.sys [46136]
O58 - SDL:[MD5.D4121AE6D0C0E7E13AA221AA57EF2D49] - 7/21/2011 - 9:40:17 AM RSHAD . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [107904]
O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 7/13/2009 - 8:52:20 PM RSHAD . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys [194128]
O58 - SDL:[MD5.540DAF1CEA6094886D72126FD7C33048] - 7/21/2011 - 9:40:17 AM RSHAD . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [27008]
O58 - SDL:[MD5.F9D46B6B322708BD5AFCC8767EBDC901] - 4/16/2011 - 5:37:50 AM RSHAD . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amd_sata.sys [79488]
O58 - SDL:[MD5.329CC9C7E20DEEBCD4CD10816193EF14] - 4/16/2011 - 5:37:50 AM RSHAD . (.Advanced Micro Devices - Stor Filter Driver.) -- C:\Windows\system32\drivers\amd_xata.sys [40064]
O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 7/13/2009 - 8:52:21 PM RSHAD . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [87632]
O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 7/13/2009 - 8:52:21 PM RSHAD . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [97856]
O58 - SDL:[MD5.230CF51113CD4B830B3BFD09B0D4C066] - 10/17/2011 - 12:40:50 PM RSHAD . (.Advanced Micro Devices - AMD High Definition Audio Function Driver.) -- C:\Windows\system32\drivers\AtihdW76.sys [93712]
O58 - SDL:[MD5.EAC31AFCF791633CDFF37FACB3443532] - 11/30/2011 - 12:44:02 PM RSHAD . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [10497024]
O58 - SDL:[MD5.0F5901B4FAD08AA6F28EDF67F0AA3BE3] - 11/30/2011 - 11:13:28 AM RSHAD . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys [326656]
O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 6/10/2009 - 3:34:23 PM RSHAD . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys [270848]
O58 - SDL:[MD5.7F46A03C1890D47EF594995DD374C637] - 6/16/2011 - 5:26:14 AM RSHAD . (.Broadcom Corporation. - Broadcom Bluetooth Firmware Download Filter.) -- C:\Windows\system32\drivers\bcbtums.sys [133160]
O58 - SDL:[MD5.461E574D7967E895640109A371A912A5] - 9/22/2011 - 5:52:31 PM RSHAD . (.Broadcom Corporation - Broadcom 802.11 Network Adapter wireless driver.) -- C:\Windows\system32\drivers\BCMWL664.SYS [4729408]
O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 6/10/2009 - 3:41:06 PM RSHAD . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432]
O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 6/10/2009 - 3:41:06 PM RSHAD . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704]
O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 7/13/2009 - 8:19:07 PM RSHAD . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [286720]
O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 6/10/2009 - 3:41:10 PM RSHAD . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104]
O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 6/10/2009 - 3:41:10 PM RSHAD . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976]
O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 6/10/2009 - 3:41:10 PM RSHAD . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720]
O58 - SDL:[MD5.0D9F24D24FE52D16F97E758F36FA54BB] - 6/14/2011 - 8:44:56 PM RSHAD . (.Broadcom Corporation. - Broadcom Bluetooth USB AMP Filter for Windows Vista.) -- C:\Windows\system32\drivers\btwampfl.sys [620584]
O58 - SDL:[MD5.1D007889460CEE1BDF1009E054379706] - 6/14/2011 - 8:44:46 PM RSHAD . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\Windows\system32\drivers\btwaudio.sys [165416]
O58 - SDL:[MD5.3DF5971BE52709618FD3959033E654F7] - 6/14/2011 - 8:44:42 PM RSHAD . (.Broadcom Corporation. - Broadcom Bluetooth AVDT Service.) -- C:\Windows\system32\drivers\btwavdt.sys [178728]
O58 - SDL:[MD5.41933521A618475644B6E8D8487AF326] - 5/21/2011 - 2:49:36 AM RSHAD . (.Broadcom Corporation. - Bluetooth LAN Access Server Driver.) -- C:\Windows\system32\drivers\btwdpan.sys [89640]
O58 - SDL:[MD5.B9354F9F111C64F2495B60F1E24CB453] - 2/14/2011 - 4:17:44 AM RSHAD . (.Broadcom Corporation. - Broadcom Bluetooth L2CAP Service.) -- C:\Windows\system32\drivers\btwl2cap.sys [39976]
O58 - SDL:[MD5.745D388376D354B806102B78CE1DE611] - 6/14/2011 - 8:44:40 PM RSHAD . (.Broadcom Corporation. - Bluetooth Remote Control HID Minidriver.) -- C:\Windows\system32\drivers\btwrchid.sys [21544]
O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 6/10/2009 - 3:34:28 PM RSHAD . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys [468480]
O58 - SDL:[MD5.50F92C943F18B070F166D019DFAB3D9A] - 7/28/2010 - 3:13:50 AM RSHAD . (.CyberLink Corporation - CyberLink WebCam Virtual Driver.) -- C:\Windows\system32\drivers\clwvd.sys [31088]
O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 7/13/2009 - 8:52:31 PM RSHAD . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [17488]
O58 - SDL:[MD5.400582B09E0BB557D0EC28A945150EEB] - 12/2/2011 - 11:50:17 PM RSHAD . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\system32\drivers\dtsoftbus01.sys [279616]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 7/13/2009 - 8:47:48 PM RSHAD . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [530496]
O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 6/10/2009 - 3:34:33 PM RSHAD . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys [3286016]
O58 - SDL:[MD5.E403AACF8C7BB11375122D2464560311] - 5/18/2009 - 1:17:08 PM RSHAD . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\system32\drivers\GEARAspiWDM.sys [34152]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 6/10/2009 - 3:31:59 PM RSHAD . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.39D2ABCD392F3D8A6DCE7B60AE7B8EFC] - 11/20/2010 - 10:23:47 PM RSHAD . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [78720]
O58 - SDL:[MD5.AAAF44DB3BD0B9D1FB6969B23ECC8366] - 7/21/2011 - 9:40:17 AM RSHAD . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys [410496]
O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 7/13/2009 - 8:48:04 PM RSHAD . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44112]
O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 7/13/2009 - 8:48:04 PM RSHAD . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [114752]
O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 7/13/2009 - 8:48:04 PM RSHAD . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [106560]
O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 7/13/2009 - 8:48:04 PM RSHAD . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [65600]
O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 7/13/2009 - 8:48:04 PM RSHAD . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [115776]
O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 7/13/2009 - 8:48:04 PM RSHAD . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys [35392]
O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 7/13/2009 - 8:48:04 PM RSHAD . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [284736]
O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 7/13/2009 - 8:48:26 PM RSHAD . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51264]
O58 - SDL:[MD5.A85B4F2EF3A7304A5399EF0526423040] - 6/10/2009 - 3:35:35 PM RSHAD . (.NVIDIA Corporation - NVIDIA MCP Networking Function Driver..) -- C:\Windows\system32\drivers\nvm62x64.sys [408960]
O58 - SDL:[MD5.0A92CB65770442ED0DC44834632F66AD] - 7/21/2011 - 9:40:17 AM RSHAD . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [148352]
O58 - SDL:[MD5.DAB0E87525C10052BF65F06152F37E4A] - 7/21/2011 - 9:40:17 AM RSHAD . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [166272]
O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 7/13/2009 - 8:45:46 PM RSHAD . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1524816]
O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 7/13/2009 - 8:45:45 PM RSHAD . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [128592]
O58 - SDL:[MD5.EE082E06A82FF630351D1E0EBBD3D8D0] - 6/10/2011 - 6:34:52 AM RSHAD . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver.) -- C:\Windows\system32\drivers\Rt64win7.sys [539240]
O58 - SDL:[MD5.CFDFD15D2D26BB50B6F4BF2D4FE6FA70] - 4/8/2011 - 2:25:18 PM RSHAD . (.Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7.) -- C:\Windows\system32\drivers\RtsPStor.sys [338536]
O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 6/10/2009 - 3:37:19 PM RSHAD . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040]
O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 7/13/2009 - 8:45:45 PM RSHAD . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [43584]
O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 7/13/2009 - 8:45:46 PM RSHAD . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [80464]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 7/13/2009 - 8:45:55 PM RSHAD . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [24656]
O58 - SDL:[MD5.EBA98394A7D58F7552C52192BD8FA7E6] - 6/8/2011 - 2:58:52 PM RSHAD . (.IDT, Inc. - IDT PC Audio TPE.) -- C:\Windows\system32\drivers\stwrt64.sys [528384]
O58 - SDL:[MD5.C447977ED2A4AE9346FE3A0579A34D7C] - 6/9/2011 - 9:19:54 PM RSHAD . (.Synaptics Incorporated - Synaptics Touchpad Driver.) -- C:\Windows\system32\drivers\SynTP.sys [1451056]
O58 - SDL:[MD5.AA33FC47ED58C34E6E9261E4F850B7EB] - 8/2/2011 - 5:38:56 PM RSHAD . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\system32\drivers\usbaapl64.sys [51712]
O58 - SDL:[MD5.573D192E268F0C5B486B7E96F661E538] - 12/16/2010 - 2:06:46 PM RSHAD . (.Advanced Micro Devices - AMD USB Filter Driver.) -- C:\Windows\system32\drivers\usbfilter.sys [47232]
O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 7/13/2009 - 8:45:55 PM RSHAD . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [17488]
O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 7/13/2009 - 8:45:55 PM RSHAD . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [161872]
O58 - SDL:[MD5.0C4540311E11664B245A263E1154CEF8] - 6/10/2009 - 4:01:11 PM RSHAD . (.Conexant Systems, Inc. - HSF_HWAZL WDM driver.) -- C:\Windows\system32\drivers\VSTAZL6.SYS [292864]
O58 - SDL:[MD5.18E40C245DBFAF36FD0134A7EF2DF396] - 6/10/2009 - 4:01:11 PM RSHAD . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\Windows\system32\drivers\VSTCNXT6.SYS [740864]
O58 - SDL:[MD5.02071D207A9858FBE3A48CBFD59C4A04] - 6/10/2009 - 4:01:11 PM RSHAD . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\Windows\system32\drivers\VSTDPV6.SYS [1485312]
~ Scan Drivers in 02mn AMs



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 1.28 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ Scan ADS in 00mn AMs



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 11/30/2011 - C:\Windows\system32\DRIVERS\atikmdag.sys (amdkmdag) .(.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) - LEGACY_AMDKMDAG
O64 - Services: CurCS - 7/21/2011 - C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys (driverhardwarev2x64) .(.CybelSoft - Driver NT Ma-Config.com.) - LEGACY_DRIVERHARDWAREV2X64
O64 - Services: CurCS - 12/30/1899 - C:\Windows\system32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Scan Services in 00mn AMs



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\system32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\system32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\system32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Omar\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn AMs



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Omar\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Users\Omar\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) -- C:\Users\Omar\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) -- C:\Users\Omar\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
~ Scan Keys in 00mn AMs



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {2fa28606-de77-4029-af96-b231e3b8f827} - (Ask.com) - http://search.ask.com
O69 - SBI: SearchScopes [HKCU] {b7fca997-d0fb-4fe0-8afd-255e89cf9671} - (Yahoo) - http://qc.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {CCDE0647-E173-4FBA-8D10-D45F20915CA0} - (Amazon (Canada) Search Suggestions) - http://www.amazon.ca
O69 - SBI: SearchScopes [HKCU] {d43b3890-80c7-4010-a95d-1e77b5924dc3} - (Wikipedia) - http://fr.wikipedia.org
~ Scan Keys in 00mn AMs



---\\ Recherche des services démarrés par Svchost (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\system32\aelupsvc.dll [72192]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [80384]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\system32\certprop.dll [80384]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\system32\srvsvc.dll [236032]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\system32\gpsvc.dll [777728]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\system32\ikeext.dll [853504]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\system32\Audiosrv.dll [679424]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\system32\rasauto.dll [99328]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\system32\rasmans.dll [344064]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\system32\mprdim.dll [97792]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\system32\sens.dll [64512]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\system32\ipnathlp.dll [359424]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows™.) -- C:\Windows\system32\tapisrv.dll [316928]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\system32\termsrv.dll [680960]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\system32\wuaueng.dll [2420736]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\system32\qmgr.dll [849920]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\system32\shsvcs.dll [370688]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\system32\appinfo.dll [70656]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [156672]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\system32\mmcss.dll [67584]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [242688]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\system32\sessenv.dll [121856]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\system32\browser.dll [136192]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\system32\eapsvc.dll [111104]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [1110016]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\system32\kmsvc.dll [90624]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\system32\wercplsupport.dll [84480]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\system32\profsvc.dll [209920]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\system32\themeservice.dll [44544]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\system32\bdesvc.dll [100864]
~ Scan Services in 00mn AMs



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{BD035BDD-AF5D-4F2C-A632-5E4EEF52801F}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O87 - FAEL: "{F8F95AEF-8356-44B4-888B-6C94BEDA8959}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
O87 - FAEL: "{395D664C-7DBF-4BCD-8795-9A7B2D03BDD2}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - BitTorrent.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
O87 - FAEL: "{31B0AA78-F15C-404B-BDB1-C2B96E6D5C43}" | In - Private - P6 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\x64\maconfservice.exe
O87 - FAEL: "{1994319D-0562-4113-8FBF-6A5DE5D864F5}" | In - Private - P17 - TRUE | .(.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\x64\maconfservice.exe
O87 - FAEL: "{D1EE490B-E96F-44C0-8DC4-DC6FBE49D3A1}" | In - None - P17 - TRUE | .(.Apple Inc. - WebKit2WebProcess.exe.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
O87 - FAEL: "{61F09EC1-C833-406D-8D96-C6CC0B360D87}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{CDADF063-C438-4E41-93FD-D9DCDE8726E0}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe
O87 - FAEL: "{987ABE51-BFA0-4C07-A845-FBC7493B0AEC}" | In - Private - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O87 - FAEL: "{4C120141-96F5-4135-BB58-723E55BD708E}" | In - Private - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O87 - FAEL: "{92181913-68CB-4BDB-BABF-F3BFA82FB77E}" | In - None - P17 - TRUE | .(.Apple Inc. - iTunes.) -- C:\Program Files (x86)\iTunes\iTunes.exe
O87 - FAEL: "TCP Query User{CCB0FF05-9CB0-4B60-92E6-6F03BC64C580}C:\program files (x86)\fifa 12\game\fifa.exe" | In - Private - P6 - TRUE | .(.Electronic Arts - FIFA 12.) -- C:\Program Files (x86)\FIFA 12\Game\fifa.exe
O87 - FAEL: "UDP Query User{9AEE3272-C927-4EB7-AEFC-5FB850B8B5CE}C:\program files (x86)\fifa 12\game\fifa.exe" | In - Private - P17 - TRUE | .(.Electronic Arts - FIFA 12.) -- C:\Program Files (x86)\FIFA 12\Game\fifa.exe
O87 - FAEL: "TCP Query User{7D6EC33D-DFF9-4ABD-AC9D-4465A854168D}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" | In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Tom Clanc
O87 - FAEL: "UDP Query User{4ECCCF79-3A6C-4AB9-97D6-D838B7AC0F54}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" | In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Tom Clan
O87 - FAEL: "TCP Query User{7A4732CF-9AE4-423C-9495-4446CA638DF8}C:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe" | In - Private - P6 - TRUE | .(.Konami Digital Entertainment Co., Ltd..) -- C:\Program Files (x86)\KONAMI\Pro Evolution
O87 - FAEL: "UDP Query User{332D2FF8-9A26-426B-A535-54F2E2FEA7EC}C:\program files (x86)\konami\pro evolution soccer 2012\pes2012.exe" | In - Private - P17 - TRUE | .(.Konami Digital Entertainment Co., Ltd..) -- C:\Program Files (x86)\KONAMI\Pro Evolution
O87 - FAEL: "{E2B7D672-77BE-4207-B42B-6A6147FC48AF}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
O87 - FAEL: "{E06978FC-B8AF-4F63-9BF9-E45AE2A0EA52}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
O87 - FAEL: "{BD1EE346-FC12-4729-B6C0-5B6863C38961}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
O87 - FAEL: "{88112F7D-140B-4CF9-B410-CEDAC2627EB7}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
O87 - FAEL: "{678A90F4-9D53-45C2-B872-3C7FC20D7715}" | In - Private - P6 - TRUE | .(.Ubisoft - Autopatch system.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
O87 - FAEL: "{7D287985-B474-41E1-A847-EF76BE913937}" | In - Private - P17 - TRUE | .(.Ubisoft - Autopatch system.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
O87 - FAEL: "{AE19CD71-B541-4ED7-BA64-26CD6754579B}" | In - Private - P6 - TRUE | .(.Ubisoft Entertainment - UPlayBrowser Application.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
O87 - FAEL: "{F15AEC17-E1D6-45DB-8054-866DC446F63A}" | In - Private - P17 - TRUE | .(.Ubisoft Entertainment - UPlayBrowser Application.) -- C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
O87 - FAEL: "{BA36FB68-2575-4534-9B2D-A6242D7B089D}" | In - Private - P6 - TRUE | .(.Ensemble Studios - Age of Empires 3.) -- C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
O87 - FAEL: "{511A0E0F-E73D-4D67-A726-FF35D5A664B6}" | In - Private - P17 - TRUE | .(.Ensemble Studios - Age of Empires 3.) -- C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
~ Scan Firewall in 00mn AMs



---\\ Scan Additionnel (O88)
Database Version : 9071 - (05/02/2012)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKLM\Software\WOW6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.AskSBar
C:\Program Files\Enigma Software Group\SpyHunter =>Crapware.SpyHunter
~ Scan Additionnel in 10mn AMs



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 1/3/2012 63928 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 11/30/2011 204288 | (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe
SR - | Auto 12/5/2011 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 10/24/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 8/30/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 6/16/2011 1083680 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SS - | Demand 10/12/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Disabled 6/21/2011 85560 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
SR - | Auto 2/17/2011 682040 | (HPAuto) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
SS - | Disabled 10/11/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
SS - | Disabled 5/21/2011 103992 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
SR - | Demand 5/21/2011 818232 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SR - | Auto 4/8/2011 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 3/7/2011 2375168 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SS - | Demand 4/4/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Demand 11/13/2011 934760 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 11/14/2011 427640 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SS - | Demand 11/17/2011 73728 | (Sony SCSI Helper Service) . (.Sony Corporation.) - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
SR - | Auto 6/8/2011 301568 | C:\Windows\system32\stlang64.dll (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\stacsv64.exe
SS - | Demand 2/19/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 7/13/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Scan Services in 12mn AMs



---\\ Liste des émulateurs de CD/DVD (Hook du MBR)
O42 - Logiciel: DAEMON Tools Lite - (.DT Soft Ltd.) [HKLM] -- DAEMON Tools Lite
~ Scan Emulateurs in 12mn AMs



End of the scan (1357 lines in 45mn AMs)(0)

Edited by momar, 12 February 2012 - 08:11 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:34 PM

Posted 17 February 2012 - 12:42 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:34 PM

Posted 19 February 2012 - 11:36 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:34 PM

Posted 24 February 2012 - 12:28 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users