[OK] Demande d'étude de rapport d'analyse (alarmant!)

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Demande d'étude de rapport d'analyse (alarmant!)

Messagede Zanshin » 06 Fév 2012, 20:42

Bonsoir,

Mon ordinateur est (très probablement) infecté et j'ai rencontré/je rencontre les problèmes suivants :

- le rapport Hijackthis de mon ordinateur est alarmant : entre 50 et 70 croix rouges (problèmes) dont un fichier « protection » invisible sous Windows comme sous DOS qui est détecté comme suspect par hitman pro et que je n'arrive pas à supprimer. D'autres logiciels malveillants ont été détectés de façon discontinue ces derniers mois sur mon ordinateur.

- lenteur pour faire des tâches toutes simples (pas de problèmes du à la fragmentation car j'ai vérifié) alors que mon ordinateur est très performant (date d'un an : processeur i7, 8 Go RAM).

- le mot de passe principal que j'avais mis sur firefox (pour protéger les autres mots de passe) a été changé à mon insu alors que personne n'accède à mon ordinateur (qui m'est personnel) .

Je suis actuellement sous Windows 7 Intégrale 64 bits.

Mon antivirus a toujours été Mcafee depuis que j'ai acheté cet ordinateur (janvier 2011). Mon parefeu est celui de Mcafee (celui de Windows est donc désactivé).

J'utilise malwarebyte pour faire un scan complet toutes les 3 semaines minimum. J'ai comme l'impression que j'i bien des saloperies qui se chargent avant la session (j'ai par ailleurs --trop?- de processus "svchost").

J'utilise chrome actuellement, mais j ai aussi utilisé firefox, Internet Explorer et Opéra par le passé.

Vous trouverez comme demandé les rapports dans les messages suivants. Je vous rajoute le rapport d'hijackthis effectué en mode normal (pas en mode sans échec) en plus à la suite du rapport de malwarebyte.

Merci d'avance pour votre aide, :wink:

Cordialement,

Zanshin


Malwarebytes Anti-Malware 1.60.1.1000
http://www.malwarebytes.org

Version de la base de données: v2012.02.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Olivier :: OLIVIER-PC [administrateur]

Protection: Activé

06/02/2012 19:05:09
mbam-log-2012-02-06 (19-05-09).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM | P2P
Options d'examen désactivées:
Elément(s) analysé(s): 225660
Temps écoulé: 5 minute(s), 35 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:41:17, on 15/01/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.jerecherche.org/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://jerecherche.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.jerecherche.org/keyword/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-web.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://jerecherche.org/?nav=if&zon=Spie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jerecherche.org?nav=if&zon=Stpie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~2\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111223222139.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - G:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Nokia.PCSync] "G:\Program Files (x86)\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "G:\Program Files (x86)\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [tempHome] C:\Users\Olivier\AppData\Local\Temp\racourci.vbe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Protection.lnk = C:\Users\Olivier\Protection.exe
O4 - Global Startup: Secunia PSI Tray.lnk = G:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~2\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~2\COPERN~1\COPERN~1.EXE
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~2\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package 1) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{54077F4C-81AD-4A71-B872-220DBC01D56E}: NameServer = 0.0.0.0
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: CyberLink Product - 2010/12/16 02:37:33 (CLKMSVC10_9EC60124) - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
O23 - Service: rpcnetp - Unknown owner - C:\Windows\System32\rpcnetp.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Secunia PSI Agent - Secunia - G:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - G:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 28185 bytes
Zanshin
 
Messages: 22
Inscription: 06 Fév 2012, 20:08

Re: Demande d'étude de rapport d'analyse (alarmant!)

Messagede Zanshin » 06 Fév 2012, 20:44

OTL logfile created on: 06/02/2012 19:25:01 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Olivier\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

7,93 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 76,48% Memory free
15,87 Gb Paging File | 13,30 Gb Available in Paging File | 83,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 227,96 Gb Total Space | 100,24 Gb Free Space | 43,97% Space Free | Partition Type: NTFS
Drive E: | 78,59 Gb Total Space | 32,93 Gb Free Space | 41,90% Space Free | Partition Type: NTFS
Drive G: | 144,53 Gb Total Space | 104,45 Gb Free Space | 72,27% Space Free | Partition Type: NTFS

Computer Name: OLIVIER-PC | User Name: Olivier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/25 19:41:30 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2012/01/16 20:32:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Olivier\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/05 13:34:56 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/10/05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/10/05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) -- G:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/01/10 15:24:20 | 000,399,416 | ---- | M] (Secunia) -- G:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2010/11/20 13:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/20 08:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/12 19:18:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/07/01 16:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/07/01 16:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/03/04 03:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 03:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/09 20:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/12 21:29:01 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
MOD - [2012/01/12 21:28:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/16 11:55:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/16 11:55:39 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/13 21:43:23 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 21:43:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 21:43:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 21:43:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 21:42:58 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 21:42:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 21:42:50 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/05 13:53:06 | 000,576,000 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011/04/20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2010/11/13 00:52:13 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:00:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll
MOD - [2010/02/09 20:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 20:34:00 | 000,410,944 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\fr\DataSafeOnline.resources.dll
MOD - [2010/02/09 20:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 20:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 20:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 20:34:00 | 000,066,880 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\fr\SdbShared.resources.dll
MOD - [2010/02/09 20:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 20:34:00 | 000,046,400 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\fr\SdbUI.resources.dll
MOD - [2010/02/09 20:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/18 17:01:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/05 17:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 17:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 17:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/11/02 19:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/01/25 19:41:30 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2012/01/05 19:38:22 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/05 13:34:56 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011/10/05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)
SRV - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- G:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 15:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- G:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/09/29 00:45:14 | 000,254,448 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/20 08:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/08/12 19:18:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/07/01 16:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/07/01 16:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 03:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/29 09:04:58 | 000,572,928 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/16 16:32:05 | 000,287,304 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/10/03 15:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/07/29 18:54:27 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/02 11:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/12/02 11:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/12/02 11:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/12/02 11:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/11/20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/10 16:22:16 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/09/01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/19 23:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/07/21 17:00:44 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/15 05:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/12 11:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/22 13:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/21 04:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010/06/21 04:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/06/21 04:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010/05/31 05:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Pilote de carte de la série Intel(R)
DRV:64bit: - [2010/05/25 07:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/25 07:45:38 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/04/27 05:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 05:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/26 08:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/03/03 11:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/02 19:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/09/17 14:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/10/05 15:45:48 | 000,048,888 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys -- (SDHookDriver)
DRV - [2010/05/25 07:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-222305607-392724612-3976858061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Olivier\Desktop\CISCO
IE - HKU\S-1-5-21-222305607-392724612-3976858061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://jerecherche.org
IE - HKU\S-1-5-21-222305607-392724612-3976858061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.jerecherche.org/keyword/
IE - HKU\S-1-5-21-222305607-392724612-3976858061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://jerecherche.org
IE - HKU\S-1-5-21-222305607-392724612-3976858061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.search-web.net
IE - HKU\S-1-5-21-222305607-392724612-3976858061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://jerecherche.org/?nav=if&zon=Spie
IE - HKU\S-1-5-21-222305607-392724612-3976858061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = jerecherche.org
IE - HKU\S-1-5-21-222305607-392724612-3976858061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.jerecherche.org
IE - HKU\S-1-5-21-222305607-392724612-3976858061-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jerecherche.org?nav=if&zon=Stpie
IE - HKU\S-1-5-21-222305607-392724612-3976858061-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-222305607-392724612-3976858061-1000\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKU\S-1-5-21-222305607-392724612-3976858061-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=mcafee&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Olivier\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Olivier\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/11 23:13:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/12/23 23:33:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/26 11:45:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/01/02 19:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olivier\AppData\Roaming\Mozilla\Extensions
[2011/03/19 16:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olivier\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/02 19:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olivier\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/12/16 19:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\1xulfqwv.default\extensions
[2011/12/23 23:33:25 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2011/11/11 23:13:04 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
() (No name found) -- C:\USERS\OLIVIER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1XULFQWV.DEFAULT\EXTENSIONS\{27C60876-B5C9-4335-B4F3-52B26782220C}.XPI
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/12 22:14:09 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/08/21 11:42:02 | 000,001,637 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search-web.xml

========== Chrome ==========

CHR - default_search_provider: Recherche s\u00E9curis\u00E9e (Enabled)
CHR - default_search_provider: search_url = http://fr.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Olivier\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Olivier\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Olivier\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Olivier\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Spybot - Search & Destroy = C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: YouTube = C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Recherche Google = C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: SiteAdvisor = C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: Gmail = C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/04 17:36:18 | 000,436,431 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15019 more lines...
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111223222139.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20111223222139.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - G:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll File not found
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-222305607-392724612-3976858061-1000\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-222305607-392724612-3976858061-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Delphine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54077F4C-81AD-4A71-B872-220DBC01D56E}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5441EA9F-E73F-472C-A908-5060BD33AD65}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\copernicagent - No CLSID value found
O18:64bit: - Protocol\Handler\copernicagentcache - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Suite...
Zanshin
 
Messages: 22
Inscription: 06 Fév 2012, 20:08

Re: Demande d'étude de rapport d'analyse (alarmant!)

Messagede Zanshin » 06 Fév 2012, 20:45

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 18:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/06 18:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/02/06 18:28:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/06 18:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/02/06 17:56:39 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{5D8C9945-A3EA-4120-ABF9-2D26F23BB997}
[2012/02/06 17:56:27 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{F3617068-60F8-449F-B750-2CE4F32BE2E8}
[2012/02/04 17:33:55 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2012/02/04 17:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/02/04 17:29:27 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/02/04 17:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/02/04 17:02:50 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{2C38BAC6-7950-4148-8940-579C149B77A0}
[2012/02/04 17:02:35 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{1176468B-C5F7-4B16-A9D7-80C0C48A371E}
[2012/02/04 00:40:38 | 002,375,720 | ---- | C] (ESET) -- C:\Users\Olivier\Desktop\SysInspector.exe
[2012/02/04 00:39:49 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{1FD3F72E-ACBF-4D36-AB82-637CF2BAB479}
[2012/02/04 00:39:27 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{1E26BACE-1AF3-4735-B34F-BA6DCF436805}
[2012/02/03 12:39:00 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{C4E1EF86-526C-48BF-9690-DD1082EA7633}
[2012/02/03 12:38:38 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{B43EE2DC-55A6-4ECB-BCFD-C8ABE4C9B62C}
[2012/02/02 18:04:57 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{088E70F0-DE51-42A8-B9E9-C83A2D28DC01}
[2012/02/02 18:04:31 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{B6D4761A-EB74-47CD-AFC0-783BB23EC6F2}
[2012/02/01 16:15:39 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Roaming\Roxio Log Files
[2012/02/01 12:19:26 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{650D6749-A177-4D44-8941-026EF698EBB2}
[2012/02/01 12:19:15 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{D68C1DC7-5A95-4868-87C0-B7195E594887}
[2012/01/31 16:42:36 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{F4D98DD8-E345-4C40-933F-7DCB8686C08E}
[2012/01/31 16:42:13 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{D3F3B7DC-4A60-4DDB-8ECF-702F9869336F}
[2012/01/31 01:15:12 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{9C56CFFA-21AC-48FF-91AD-0F4C8E9459E7}
[2012/01/30 13:14:57 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{3591C3C7-FAB2-432F-9902-CF08F907B513}
[2012/01/30 13:14:43 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{39290BB6-DDD8-44AD-B408-3B2EF48A2474}
[2012/01/29 14:19:30 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{23A87257-41CB-44FD-BA7F-121ADC8881FC}
[2012/01/29 14:19:16 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{E7FC9C3E-4916-439C-8C0A-99A81192CBFA}
[2012/01/28 11:36:12 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{D959E258-EC9B-4DE5-BFFE-E45DBA155DFB}
[2012/01/28 11:35:50 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{BA2A48C5-D30C-4538-824B-B2C5E607A51B}
[2012/01/27 17:54:27 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{36E7C2F3-AB61-48C6-9508-EB685A4E4D03}
[2012/01/27 17:54:13 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{8BBDB239-A221-4F50-9769-891FD0C4CA44}
[2012/01/26 20:17:40 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{9267BD7F-4CA0-4038-B1A6-6F11655F8C07}
[2012/01/26 20:17:18 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{A870DD3A-9057-42C1-954A-C83E61FC3BC5}
[2012/01/25 18:35:31 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/25 18:35:30 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/25 18:35:29 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/25 18:35:29 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/25 18:35:28 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/25 18:35:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/25 18:35:13 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{244F724D-A5B2-4B02-9C86-6993E742CEEA}
[2012/01/25 18:34:51 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{E799041A-3690-4CEE-A035-47ACCFC9DB46}
[2012/01/24 11:05:19 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{265BD967-EA55-416C-A75E-9C5EB4A1123D}
[2012/01/24 11:04:56 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{8DE340AD-655B-4ED0-BC3E-17498C98ED31}
[2012/01/23 21:34:28 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Roaming\Canneverbe Limited
[2012/01/23 21:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012/01/23 21:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012/01/23 17:41:32 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{CDE55A77-0BF5-4885-A872-AA7A9BAFCFC0}
[2012/01/23 17:41:10 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{BA9404A0-F954-43E3-B3CE-AFE3B1482D51}
[2012/01/22 12:56:14 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{A83974BB-0153-44BE-B31E-A435CA85AE5B}
[2012/01/22 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{5ADA4F0F-6737-4210-978B-19A739CEA5B5}
[2012/01/21 16:21:30 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{2B58F540-0D65-4EF2-B808-236DF1186F95}
[2012/01/21 16:21:15 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{291B5DCE-2339-45EA-826D-368A5C39D77F}
[2012/01/20 17:36:40 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{863B634E-25D3-422C-9EF8-6387E6E68740}
[2012/01/20 17:36:29 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{E8E30775-867F-46CC-8052-4DB86B209F86}
[2012/01/19 23:23:30 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{90A82F0F-0A8F-4BE9-B518-D3DACDD708C2}
[2012/01/19 23:23:14 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{A3B070DF-A810-45EF-B7D8-0225A2560573}
[2012/01/18 13:50:04 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/01/18 13:49:06 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\Google
[2012/01/18 13:48:51 | 000,606,592 | ---- | C] (Google Inc.) -- C:\Users\Olivier\Documents\ChromeSetup.exe
[2012/01/18 13:43:45 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{C3175FFB-336D-4C3B-B518-56CD9EF88C2B}
[2012/01/18 13:43:22 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{F0BAD48B-D06E-48B1-97E6-83C110C59FC9}
[2012/01/17 17:32:02 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{B8F2225F-23C1-4594-B47C-645D9D95986A}
[2012/01/17 17:31:35 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{5126C77C-A1F8-49F1-BB61-64DC119CB3AB}
[2012/01/16 20:32:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Olivier\Desktop\OTL.exe
[2012/01/16 17:29:27 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{24BB64AF-7F1A-47C8-BDCB-62B677E1F365}
[2012/01/16 17:29:04 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{E3D283F5-8C42-44D0-9DBF-C697C6871DC8}
[2012/01/15 17:21:21 | 000,000,000 | ---D | C] -- C:\Users\Olivier\Desktop\HIJACKTHIS
[2012/01/15 11:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/15 11:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/01/15 11:26:10 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{04D4001D-7634-4A3D-9FDD-10A2D437ADEA}
[2012/01/15 11:25:48 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{DDAEE918-05B2-4D6C-8CDE-519AA08F4414}
[2012/01/14 10:26:38 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{AAEBDB07-E7A0-440A-B4EC-9F6286D41E6B}
[2012/01/14 10:26:23 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{9E972CDD-D217-4F48-898A-E9A3EF6441DE}
[2012/01/13 13:23:19 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{D2195DA6-0906-4020-8CDD-6B54A235735B}
[2012/01/13 13:23:08 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{4469B0E1-3033-4190-A467-AF0070A1C4B2}
[2012/01/12 19:20:22 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{C1681FC0-8E8D-4207-A2DA-F8A79EB6A440}
[2012/01/12 19:19:59 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{35FF7115-EA54-4E31-8E48-16796C6E85A5}
[2012/01/11 20:38:02 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 20:37:38 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 20:36:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 20:36:49 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 20:36:00 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 20:35:59 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 20:35:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/11 13:38:53 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{CDFCFBA3-A0A9-4315-BD98-65A8ED12DD13}
[2012/01/11 13:38:43 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{9D27B32C-EA14-4170-8372-B75E175D4BF3}
[2012/01/10 20:25:11 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{9B2D5160-D7AF-41C3-A370-05E7C9AD1DF0}
[2012/01/10 20:24:59 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{5E466301-1EFA-424F-9DE3-C98566F5939B}
[2012/01/09 17:40:32 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{D56CEA11-D85F-47C8-8256-6437956A58D4}
[2012/01/09 17:40:19 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{BA648B6A-DEC3-4899-91F5-886E18425EB6}
[2012/01/08 13:31:00 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{F5116655-0FB7-4C52-9CB6-403632ADA981}
[2012/01/08 13:30:36 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{77108135-FC38-4FCE-97B6-4AB7B88EC3A0}
[2011/03/02 17:38:06 | 005,943,496 | ---- | C] (Absolute Software Corp. ) -- C:\Users\Olivier\AppData\Roaming\LoJackSetup.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Olivier\*.tmp files -> C:\Users\Olivier\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/06 19:27:22 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/02/06 18:58:46 | 000,000,923 | ---- | M] () -- C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/06 18:58:39 | 000,000,743 | ---- | M] () -- C:\Users\Olivier\Desktop\NTREGOPT.lnk
[2012/02/06 18:58:39 | 000,000,724 | ---- | M] () -- C:\Users\Olivier\Desktop\ERUNT.lnk
[2012/02/06 18:54:07 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/02/06 18:48:00 | 000,276,991 | ---- | M] () -- C:\Users\Olivier\Documents\Pb erdnt.jpg
[2012/02/06 18:47:04 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 18:47:04 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 18:46:49 | 000,227,378 | ---- | M] () -- C:\Users\Olivier\Documents\Pb erdnt.png
[2012/02/06 18:46:32 | 001,580,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/06 18:46:32 | 000,716,884 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/02/06 18:46:32 | 000,626,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/06 18:46:32 | 000,136,698 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/02/06 18:46:32 | 000,111,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/06 18:46:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-222305607-392724612-3976858061-1000UA.job
[2012/02/06 18:42:23 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/02/06 18:41:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/06 18:41:18 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2012/02/06 18:35:57 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2012/02/06 18:35:57 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2012/02/06 18:35:54 | 2094,301,183 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/06 18:35:43 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2012/02/06 18:20:08 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/06 17:53:56 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-222305607-392724612-3976858061-1000Core.job
[2012/02/04 19:12:52 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/02/04 19:12:52 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/02/04 17:46:13 | 000,031,120 | ---- | M] () -- C:\Users\Olivier\Documents\avant modif du registre 17h45.xml
[2012/02/04 17:36:18 | 000,436,431 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/04 17:29:46 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/02/02 23:58:27 | 000,301,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/02 23:41:40 | 002,375,720 | ---- | M] (ESET) -- C:\Users\Olivier\Desktop\SysInspector.exe
[2012/02/02 21:32:05 | 000,021,492 | ---- | M] () -- C:\Users\Olivier\Desktop\LISTE.odt
[2012/02/01 19:46:35 | 005,788,700 | ---- | M] () -- C:\Users\Olivier\Documents\Khodorkovski.mp4
[2012/02/01 17:05:39 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/01 16:53:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/02/01 16:12:15 | 000,001,753 | ---- | M] () -- C:\Users\Olivier\Documents\philippe 2e stage.html
[2012/01/25 20:06:09 | 000,117,368 | ---- | M] () -- C:\Users\Olivier\Documents\Badge.pdf
[2012/01/25 19:41:38 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe
[2012/01/25 19:41:30 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2012/01/24 21:41:44 | 000,140,683 | ---- | M] () -- C:\Users\Olivier\Documents\aurélien.jpg
[2012/01/22 19:48:53 | 000,001,570 | ---- | M] () -- C:\Users\Olivier\Desktop\ui - Raccourci.lnk
[2012/01/18 13:48:53 | 000,606,592 | ---- | M] (Google Inc.) -- C:\Users\Olivier\Documents\ChromeSetup.exe
[2012/01/17 19:19:05 | 000,000,011 | ---- | M] () -- C:\Users\Olivier\logie
[2012/01/17 01:16:36 | 000,013,378 | ---- | M] () -- C:\Users\Olivier\Desktop\CCNA1 (2).pdf - Raccourci.lnk
[2012/01/16 20:32:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Olivier\Desktop\OTL.exe
[2012/01/15 11:44:34 | 000,001,314 | ---- | M] () -- C:\Users\Olivier\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/15 11:36:12 | 000,002,963 | ---- | M] () -- C:\Users\Olivier\Desktop\Pb infos.rtf
[2012/01/14 21:42:49 | 000,000,008 | ---- | M] () -- C:\Users\Olivier\logff
[2012/01/13 13:30:48 | 000,014,864 | ---- | M] () -- C:\Users\Olivier\Desktop\Recettes.ods
[2012/01/09 17:46:10 | 000,000,000 | ---- | M] () -- C:\Users\Olivier\tmp1.24
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Olivier\*.tmp files -> C:\Users\Olivier\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/06 19:27:22 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/02/06 18:48:00 | 000,276,991 | ---- | C] () -- C:\Users\Olivier\Documents\Pb erdnt.jpg
[2012/02/06 18:46:49 | 000,227,378 | ---- | C] () -- C:\Users\Olivier\Documents\Pb erdnt.png
[2012/02/06 18:24:49 | 000,000,923 | ---- | C] () -- C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/06 18:24:28 | 000,000,743 | ---- | C] () -- C:\Users\Olivier\Desktop\NTREGOPT.lnk
[2012/02/06 18:24:28 | 000,000,724 | ---- | C] () -- C:\Users\Olivier\Desktop\ERUNT.lnk
[2012/02/04 17:46:13 | 000,031,120 | ---- | C] () -- C:\Users\Olivier\Documents\avant modif du registre 17h45.xml
[2012/02/04 17:30:11 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/02/04 17:30:10 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/02/04 17:30:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/02/04 17:29:46 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/02/04 17:29:46 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/02/03 16:15:16 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/01 19:46:33 | 005,788,700 | ---- | C] () -- C:\Users\Olivier\Documents\Khodorkovski.mp4
[2012/02/01 16:12:15 | 000,001,753 | ---- | C] () -- C:\Users\Olivier\Documents\philippe 2e stage.html
[2012/02/01 15:23:17 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/01/25 20:06:16 | 000,117,368 | ---- | C] () -- C:\Users\Olivier\Documents\Badge.pdf
[2012/01/24 21:41:44 | 000,140,683 | ---- | C] () -- C:\Users\Olivier\Documents\aurélien.jpg
[2012/01/23 21:34:21 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012/01/22 19:48:53 | 000,001,570 | ---- | C] () -- C:\Users\Olivier\Desktop\ui - Raccourci.lnk
[2012/01/18 13:49:11 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-222305607-392724612-3976858061-1000UA.job
[2012/01/18 13:49:10 | 000,001,034 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-222305607-392724612-3976858061-1000Core.job
[2012/01/17 01:16:36 | 000,013,378 | ---- | C] () -- C:\Users\Olivier\Desktop\CCNA1 (2).pdf - Raccourci.lnk
[2012/01/15 11:38:12 | 000,001,314 | ---- | C] () -- C:\Users\Olivier\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/14 10:48:09 | 000,002,963 | ---- | C] () -- C:\Users\Olivier\Desktop\Pb infos.rtf
[2012/01/09 17:46:10 | 000,000,000 | ---- | C] () -- C:\Users\Olivier\tmp1.24
[2011/09/25 16:08:49 | 000,014,359 | ---- | C] () -- C:\Users\Olivier\AppData\Roaming\NMM-MetaData.db
[2011/06/07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/06/07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/06/07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/06/07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/06/07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/05/24 22:13:56 | 000,000,873 | ---- | C] () -- C:\Users\Olivier\AppData\Local\Images.fl
[2011/04/21 21:11:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/04/21 21:11:00 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2011/04/10 17:45:55 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/04/10 17:45:55 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/04/10 17:45:55 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/04/10 17:40:16 | 000,000,063 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/04/10 15:00:20 | 000,000,095 | ---- | C] () -- C:\Users\Olivier\AppData\Local\fusioncache.dat
[2011/03/31 18:43:06 | 000,109,967 | ---- | C] () -- C:\Windows\CopernicAgentUninstall.exe
[2011/03/26 12:17:48 | 000,024,576 | ---- | C] () -- C:\Users\Olivier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/02 17:37:02 | 000,000,046 | ---- | C] () -- C:\Users\Olivier\AppData\Roaming\FactoryInstaller.xml
[2011/02/20 18:14:56 | 000,007,601 | ---- | C] () -- C:\Users\Olivier\AppData\Local\resmon.resmoncfg
[2011/02/01 22:22:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/02/01 22:09:39 | 000,000,981 | ---- | C] () -- C:\Windows\eReg.dat
[2010/12/27 19:25:25 | 001,611,238 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/03/29 22:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\SysWow64\CddbCdda.dll

========== LOP Check ==========

[2011/11/01 18:28:03 | 000,000,000 | ---D | M] -- C:\Users\Delphine\AppData\Roaming\Nokia
[2011/09/25 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\Delphine\AppData\Roaming\PC Suite
[2011/12/10 12:20:15 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\.purple
[2011/03/02 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Absolute
[2012/01/23 21:34:28 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Canneverbe Limited
[2011/03/31 18:43:09 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Copernic
[2011/05/29 18:47:07 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\gtk-2.0
[2011/09/25 16:08:50 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Nokia
[2011/06/21 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\ObviousIdea
[2011/09/29 19:45:38 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\OpenOffice.org
[2010/12/26 18:46:52 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Opera
[2011/09/25 16:18:25 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\PC Suite
[2010/12/26 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\PCDr
[2011/10/26 16:35:12 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Samsung
[2012/02/01 16:57:57 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\SoftGrid Client
[2011/10/30 15:11:48 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Softplicity
[2011/03/19 16:37:22 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Thunderbird
[2012/01/02 19:11:21 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\TomTom
[2011/06/19 14:14:21 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\TP
[2011/10/25 15:55:43 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Windows Live Writer
[2011/05/04 18:52:47 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Wireshark
[2011/09/14 21:21:07 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Wizards of the Coast
[2011/02/22 20:45:03 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\Opera
[2011/02/22 20:49:25 | 000,000,000 | ---D | M] -- C:\Users\Pierre\AppData\Roaming\PCDr
[2012/02/06 18:42:23 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/02/01 16:53:01 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/02/01 17:05:39 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/04 19:12:52 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/02/04 19:12:52 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2012/02/02 23:58:45 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/06 18:54:07 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2009/07/14 02:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\SysNative\ctfmon.exe
[2009/07/14 02:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[2009/07/14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\SysWOW64\ctfmon.exe
[2009/07/14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2010/12/16 10:43:27 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/10/05 15:46:38 | 003,167,656 | ---- | M] (Safer-Networking Ltd.) MD5=0AB68BFCE1579A61C36B79CAAFDCE992 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/12/16 10:43:48 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/12/16 10:43:27 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/12/16 10:43:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/12/16 10:43:48 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/16 10:43:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/12/16 10:43:48 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/16 10:43:37 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/16 10:43:48 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/12/16 10:43:27 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/12/16 10:43:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/12/16 10:43:27 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: IASTOR.SYS >
[2010/03/03 11:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Drivers\storage\R263958\f6flpy-x64\iaStor.sys
[2010/03/03 11:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/03/03 11:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2010/03/03 11:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/12/16 10:43:48 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/12/16 10:43:48 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 603 bytes -> C:\Users\Olivier\Desktop\00. 09_09_2011 - Support de cours.eml:OECustomProperty

< End of report >
Zanshin
 
Messages: 22
Inscription: 06 Fév 2012, 20:08

Re: Demande d'étude de rapport d'analyse (alarmant!)

Messagede Zanshin » 06 Fév 2012, 20:47

OTL Extras logfile created on: 06/02/2012 19:25:01 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Olivier\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

7,93 Gb Total Physical Memory | 6,07 Gb Available Physical Memory | 76,48% Memory free
15,87 Gb Paging File | 13,30 Gb Available in Paging File | 83,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 227,96 Gb Total Space | 100,24 Gb Free Space | 43,97% Space Free | Partition Type: NTFS
Drive E: | 78,59 Gb Total Space | 32,93 Gb Free Space | 41,90% Space Free | Partition Type: NTFS
Drive G: | 144,53 Gb Total Space | 104,45 Gb Free Space | 72,27% Space Free | Partition Type: NTFS

Computer Name: OLIVIER-PC | User Name: Olivier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [hitmanpro] -- "C:\Program Files\Hitman Pro 3.5\HitmanPro35_x64.exe" "%1\"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [hitmanpro] -- "C:\Program Files\Hitman Pro 3.5\HitmanPro35_x64.exe" "%1\"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Moniteur de la technologie Intel® Turbo Boost
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-040C-1000-0000000FF1CE}" = Microsoft Office « Démarrer en un clic » 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Logiciel Intel(R) PROSet/Wireless WiFi
"{D21540A9-37AC-40FC-8106-15A4C1A2DD1A}" = Oracle VM VirtualBox 4.1.4
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Package de pilotes Windows - Nokia Modem (03/05/2008 3.7)
"Dell Support Center" = Dell Support Center
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Package de pilotes Windows - Nokia Modem (03/13/2008 6.86.0.1)
"HitmanPro35" = Hitman Pro 3.5
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05653DE1-6567-40C6-B930-39D399B64369}" = OpenOffice.org 3.3
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{176B3593-72F1-459C-829C-5E9671E2CB35}" = GameSpy Comrade
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5AFEABF5-7411-4C29-9FA9-71ABE880662D}" = Nokia PC Suite
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{82CAA6CE-4E66-44EF-A799-6974B4302D44}" = Caesar IV Demo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140011-0061-040C-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Français
"{90140011-0066-040C-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Français
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-040C-0000-0000000FF1CE}" = Visionneuse Microsoft PowerPoint
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}" = PC Connectivity Solution
"{EBE030DD-D404-4D92-85E9-8C3624820808}_is1" = Light Image Resizer 4.0.6.2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"AVerMedia H339 Hybrid TV Tuner" = AVerMedia H339 Hybrid TV Tuner 2.2.64.64
"Cisco Networking Academy curriculum_is1" = Cisco Networking Academy curriculum 4.0.0.2
"Copernic Agent Basic" = Copernic Agent Basic
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mozilla Thunderbird 9.0.1 (x86 en-GB)" = Mozilla Thunderbird 9.0.1 (x86 en-GB)
"MSC" = McAfee SecurityCenter
"Nokia PC Suite" = Nokia PC Suite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office « Démarrer en un clic » 2010
"Opera 11.60.1185" = Opera 11.60
"Pidgin" = Pidgin
"Red Alert 2" = Command & Conquer Alerte Rouge 2
"Secunia PSI" = Secunia PSI (2.0.0.3001)
"Steam App 440" = Team Fortress 2
"Steam App 8930" = Sid Meier's Civilization V
"TomTom HOME" = TomTom HOME 2.8.3.2458
"WinLiveSuite" = Windows Live
"WinRAR archiver" = WinRAR 4.00 (32 bits)
"WOLAPI" = Composants Internet Partagés de Westwood

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-222305607-392724612-3976858061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/01/2012 15:29:27 | Computer Name = Olivier-PC | Source = CVHSVC | ID = 100
Description = Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}):
DownloadLatest Failed: Il n’existe actuellement aucune connexion réseau active.
Le service de transfert intelligent d’arrière plan (BITS) recommencera plus tard,
lorsqu’une carte sera connectée.

Error - 15/01/2012 11:25:17 | Computer Name = Olivier-PC | Source = CVHSVC | ID = 100
Description = Pour information uniquement. (Patch task for {90140011-0061-040C-0000-0000000FF1CE}):
DownloadLatest Failed: Il n’existe actuellement aucune connexion réseau active.
Le service de transfert intelligent d’arrière plan (BITS) recommencera plus tard,
lorsqu’une carte sera connectée.

Error - 15/01/2012 11:25:17 | Computer Name = Olivier-PC | Source = CVHSVC | ID = 100
Description = Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}):
DownloadLatest Failed: Il n’existe actuellement aucune connexion réseau active.
Le service de transfert intelligent d’arrière plan (BITS) recommencera plus tard,
lorsqu’une carte sera connectée.

Error - 16/01/2012 15:52:37 | Computer Name = Olivier-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante hl2.exe, version : 0.0.0.0, horodatage
: 0x4ea78f27 Nom du module défaillant : client.dll, version : 0.0.0.0, horodatage
: 0x4f0cb5f4 Code d’exception : 0xc0000005 Décalage d’erreur : 0x004118b2 ID du processus
défaillant : 0x1908 Heure de début de l’application défaillante : 0x01ccd48681c1d34e
Chemin
d’accès de l’application défaillante : g:\program files (x86)\steam\steamapps\z4nshin\team
fortress 2\hl2.exe Chemin d’accès du module défaillant: g:\program files (x86)\steam\steamapps\z4nshin\team
fortress 2\tf\bin\client.dll ID de rapport : a3654d64-407b-11e1-856c-b8af62bd2d33

Error - 17/01/2012 12:59:26 | Computer Name = Olivier-PC | Source = System Restore | ID = 8193
Description =

Error - 17/01/2012 15:37:28 | Computer Name = Olivier-PC | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « G:\Program Files
(x86)\Nokia\Nokia PC Suite 6\TIS_VistaPIM.dll ». Assembly dépendant Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 17/01/2012 15:44:27 | Computer Name = Olivier-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\program files
(x86)\spybot - search & destroy\DelZip179.dll ». Erreur dans le fichier de manifeste
ou de stratégie « c:\program files (x86)\spybot - search & destroy\DelZip179.dll »
à la ligne 8. La valeur « * » de l’attribut « language » de l’élément « assemblyIdentity »
n’est pas valide.

Error - 17/01/2012 15:46:09 | Computer Name = Olivier-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\program files
(x86)\spybot - search & destroy\DelZip179.dll ». Erreur dans le fichier de manifeste
ou de stratégie « c:\program files (x86)\spybot - search & destroy\DelZip179.dll »
à la ligne 8. La valeur « * » de l’attribut « language » de l’élément « assemblyIdentity »
n’est pas valide.

Error - 17/01/2012 15:46:29 | Computer Name = Olivier-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\program files
(x86)\spybot - search & destroy\DelZip179.dll ». Erreur dans le fichier de manifeste
ou de stratégie « c:\program files (x86)\spybot - search & destroy\DelZip179.dll »
à la ligne 8. La valeur « * » de l’attribut « language » de l’élément « assemblyIdentity »
n’est pas valide.

Error - 21/01/2012 16:57:59 | Computer Name = Olivier-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante hl2.exe, version : 0.0.0.0, horodatage
: 0x4ea78f27 Nom du module défaillant : client.dll, version : 0.0.0.0, horodatage
: 0x4f14c9c3 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00411b04 ID du processus
défaillant : 0x1064 Heure de début de l’application défaillante : 0x01ccd87df1487776
Chemin
d’accès de l’application défaillante : g:\program files (x86)\steam\steamapps\z4nshin\team
fortress 2\hl2.exe Chemin d’accès du module défaillant: g:\program files (x86)\steam\steamapps\z4nshin\team
fortress 2\tf\bin\client.dll ID de rapport : 992594c8-4472-11e1-856c-b8af62bd2d33

[ Dell Events ]
Error - 07/08/2011 11:50:06 | Computer Name = Olivier-PC | Source = DataSafe | ID = 17
Description = Le processus a été interrompu avant la fin.

Error - 07/08/2011 15:43:08 | Computer Name = Olivier-PC | Source = DataSafe | ID = 17
Description = Le processus a été interrompu avant la fin.

Error - 07/08/2011 15:43:08 | Computer Name = Olivier-PC | Source = DataSafe | ID = 17
Description = Le processus a été interrompu avant la fin.

Error - 28/08/2011 16:09:31 | Computer Name = Olivier-PC | Source = DataSafe | ID = 17
Description = Le processus a été interrompu avant la fin.

Error - 28/08/2011 16:09:31 | Computer Name = Olivier-PC | Source = DataSafe | ID = 17
Description = Le processus a été interrompu avant la fin.

Error - 29/08/2011 12:45:58 | Computer Name = Olivier-PC | Source = DataSafe | ID = 17
Description = Le processus a été interrompu avant la fin.

Error - 29/08/2011 12:45:58 | Computer Name = Olivier-PC | Source = DataSafe | ID = 17
Description = Le processus a été interrompu avant la fin.

Error - 12/12/2011 15:54:54 | Computer Name = Olivier-PC | Source = DataSafe | ID = 17
Description = Le processus a été interrompu avant la fin.

Error - 12/12/2011 15:54:54 | Computer Name = Olivier-PC | Source = DataSafe | ID = 17
Description = Le processus a été interrompu avant la fin.

Error - 28/12/2011 11:41:12 | Computer Name = Olivier-PC | Source = DataSafe | ID = 17
Description = Le processus a été interrompu avant la fin.

[ Media Center Events ]
Error - 20/08/2011 12:55:49 | Computer Name = Olivier-PC | Source = MCUpdate | ID = 0
Description = 18:55:49 - Erreur de connexion à Internet. 18:55:49 - Impossible
de contacter le service..

Error - 20/08/2011 12:56:22 | Computer Name = Olivier-PC | Source = MCUpdate | ID = 0
Description = 18:56:18 - Erreur de connexion à Internet. 18:56:18 - Impossible
de contacter le service..

Error - 04/09/2011 21:22:35 | Computer Name = Olivier-PC | Source = MCUpdate | ID = 0
Description = 03:22:29 - Erreur de connexion à Internet. 03:22:29 - Impossible
de contacter le service..

Error - 08/09/2011 22:49:05 | Computer Name = Olivier-PC | Source = MCUpdate | ID = 0
Description = 04:49:05 - Erreur de connexion à Internet. 04:49:05 - Impossible
de contacter le service..

Error - 08/09/2011 22:49:16 | Computer Name = Olivier-PC | Source = MCUpdate | ID = 0
Description = 04:49:11 - Erreur de connexion à Internet. 04:49:11 - Impossible
de contacter le service..

[ System Events ]
Error - 03/02/2012 19:41:09 | Computer Name = Olivier-PC | Source = Application Popup | ID = 1060
Description = Le chargement de \??\C:\Users\Olivier\AppData\Local\Temp\esihdrv.sys
a été bloqué en raison d’une incompatibilité avec ce système. Contactez l’éditeur
de votre logiciel pour obtenir une version compatible du pilote.

Error - 03/02/2012 19:41:09 | Computer Name = Olivier-PC | Source = Service Control Manager | ID = 7000
Description = Le service esihdrv n’a pas pu démarrer en raison de l’erreur : %%1275

Error - 03/02/2012 19:41:09 | Computer Name = Olivier-PC | Source = Application Popup | ID = 1060
Description = Le chargement de \??\C:\Users\Olivier\AppData\Local\Temp\esihdrv.sys
a été bloqué en raison d’une incompatibilité avec ce système. Contactez l’éditeur
de votre logiciel pour obtenir une version compatible du pilote.

Error - 03/02/2012 19:41:09 | Computer Name = Olivier-PC | Source = Service Control Manager | ID = 7000
Description = Le service esihdrv n’a pas pu démarrer en raison de l’erreur : %%1275

Error - 03/02/2012 19:41:10 | Computer Name = Olivier-PC | Source = Application Popup | ID = 1060
Description = Le chargement de \??\C:\Users\Olivier\AppData\Local\Temp\esihdrv.sys
a été bloqué en raison d’une incompatibilité avec ce système. Contactez l’éditeur
de votre logiciel pour obtenir une version compatible du pilote.

Error - 03/02/2012 19:41:10 | Computer Name = Olivier-PC | Source = Service Control Manager | ID = 7000
Description = Le service esihdrv n’a pas pu démarrer en raison de l’erreur : %%1275

Error - 04/02/2012 18:40:23 | Computer Name = Olivier-PC | Source = Service Control Manager | ID = 7023
Description = Le service Agent de stratégie IPsec s’est arrêté avec l’erreur : %%1747

Error - 06/02/2012 13:33:06 | Computer Name = Olivier-PC | Source = Service Control Manager | ID = 7034
Description = Le service Spybot S&D 2 Live Protection Service s’est terminé de façon
inattendue pour la 1ème fois.

Error - 06/02/2012 13:42:30 | Computer Name = Olivier-PC | Source = DCOM | ID = 10010
Description =

Error - 06/02/2012 13:42:35 | Computer Name = Olivier-PC | Source = DCOM | ID = 10010
Description =


< End of report >
Zanshin
 
Messages: 22
Inscription: 06 Fév 2012, 20:08

Re: Demande d'étude de rapport d'analyse (alarmant!)

Messagede nickW » 07 Fév 2012, 02:02

Bonsoir,

le rapport Hijackthis de mon ordinateur est alarmant : entre 50 et 70 croix rouges (problèmes)


HijackThis est obsolète, et ne connaît ni Windows 7 ni le 64bit!
Le robot d'analyse en ligne est dangereux.



Peux-tu faire ceci:

Étape 1: AdwCleaner (de Xplode), téléchargement
Télécharger AdwCleaner depuis la page ci-dessous:
http://general-changelog-team.fr/telech ... adwcleaner
Enregistrer le fichier adwcleaner.exe sur le Bureau.


Étape 2: AdwCleaner (de Xplode), analyse
Faire un clic droit sur adwcleaner.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal d'AdwCleaner s'affiche:
Image

Cliquer sur le bouton Recherche.

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'AdwCleaner.
Fermer le Bloc-notes.


Étape 3: Résultat
Envoyer en réponse:
*- le rapport d'analyse d'AdwCleaner (contenu du fichier %SystemDrive%\AdwCleaner[Rn].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'étude de rapport d'analyse (alarmant!)

Messagede Zanshin » 07 Fév 2012, 18:04

Bonsoir,

je vous remercie pour votre réponse, et votre rapidité. =)

Pour mon ordinateur je tiens aussi à rajouter que mon navigateur firefox se bloquait/figeait à la fin de chaque téléchargement (même les plus petits) pendant une dizaine de secondes, ainsi que des changements de page par défaut était effectué à mon insu régulièrement sur les différents navigateurs que j'utilisais(hijack?).

Concernant le logiciel Hijackthis, vous me dites qu'il ne suporte pas Windows 7 et l'architecture 64 bits, pourtant j'ai vu plein de sites avec le téléchargement de ce logiciel pour Windows 7 (dont 64 bits), s'agit-il de rogues?

Voici le rapport de Adwcleaner:

# AdwCleaner v1.408 - Rapport créé le 07/02/2012 à 17:54:05
# Mis à jour le 29/01/2012 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : Olivier - OLIVIER-PC (Administrateur)
# Exécuté depuis : C:\Users\Olivier\Desktop\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Users\Olivier\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Dossier Présent : C:\Users\Olivier\parm.fr
Dossier Présent : C:\Windows\System32\prncnfgd
Fichier Présent : C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chat-Land site de chat et de rencontre gratuit.URL
Fichier Présent : C:\Users\Olivier\scriptjava.html
Fichier Présent : C:\Users\Olivier\errorlog.tmp
Fichier Présent : C:\Program Files (x86)\Mozilla Firefox\searchplugins\search-web.xml

***** [Registre] *****

Clé Présente : HKLM\SOFTWARE\Software
Clé Présente : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Clé Présente : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.chat-land.org]

***** [Registre (x64)] *****

Clé Présente : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Clé Présente : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.chat-land.org]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://jerecherche.org?nav=if&zon=Stpie
[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Secondary_Page_URL] = hxxp://jerecherche.org
[HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultName] = jerecherche.org
[HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultURL] = hxxp://www.jerecherche.org
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://jerecherche.org/?nav=if&zon=Spie
[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://jerecherche.org
[HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://www.jerecherche.org/keyword/
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.search-web.net

-\\ Mozilla Firefox v [Impossible d'obtenir la version]

Profil : 1xulfqwv.default
Fichier : C:\Users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\1xulfqwv.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v16.0.912.77

Fichier : C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Opera v11.60.1185.0

Fichier : C:\Users\Olivier\AppData\Roaming\Opera\Opera\operaprefs.ini

Présente : Home URL=hxxp://www.search-web.net

*************************

AdwCleaner[R1].txt - [3584 octets] - [07/02/2012 17:54:05]

########## EOF - C:\AdwCleaner[R1].txt - [3712 octets] ##########
Zanshin
 
Messages: 22
Inscription: 06 Fév 2012, 20:08

Re: Demande d'étude de rapport d'analyse (alarmant!)

Messagede nickW » 07 Fév 2012, 22:06

Bonsoir,

Deux p'tites remarques préliminaires:

alors que personne n'accède à mon ordinateur (qui m'est personnel)

Tu as donc trois identités: :shock:
C:\Users\Delphine
C:\Users\Olivier
C:\Users\Pierre

alors que personne n'accède à mon ordinateur (qui m'est personnel)

C'est donc toi qui t'es inscrit sur le site Chat-Land.

As-tu lu toutes les conditions générales d'utilisation ....

Image
Source: hxxp://www.chat-land.ord/vip/cgu.php

Se sont installés: search-web.net et jerecherche.org


Premiers nettoyages:

Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image McAfee Antivirus: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Exit" et confirmer
Image TeaTimer de Spybot-S&D: clic droit dans la SysBarre (à coté de l'horloge) sur l'icône du Résident de Spybot-S&D, puis choisir "Quitter Résident de Spybot-S&D".
Image MBAM: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), clic sur "Désactiver la protection" puis valider par "Oui"; nouveau clic droit sur l'icône dans la SysBarre, clic sur "Quitter" puis valider par "Oui"


Étape 2: AdwCleaner (de Xplode), nettoyage

Fermer tous les navigateurs internet (Internet Explorer, Firefox, Opera, Chrome, etc).

Faire un clic droit sur adwcleaner.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal d'AdwCleaner s'affiche:
Image

Cliquer sur le bouton Suppression.

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'AdwCleaner.
Fermer le Bloc-notes.


Étape 3: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 4: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 5: Résultats
Envoyer en réponse:
*- le rapport de nettoyage d'AdwCleaner (contenu du fichier %SystemDrive%\AdwCleaner[Sn].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'étude de rapport d'analyse (alarmant!)

Messagede Zanshin » 08 Fév 2012, 18:40

Bonsoir,

je confirme, qu'il y a bien 2 autres comptes d'utilisateurs:
- un compte pour ma soeur
- un compte pour mon père (qui est désactivé à l'heure qu'il est).

Mais tous les deux n'ont du accèder à l'ordinateur depuis que je l'ais (janvier 2011), moins d' une dizaine de fois à eux deux réunis.
Et je suis certain qu'ils n'y ont pas eu accès récemment sinon ils me l'aurait dit (surtout que ma soeur est absente la plupart du temps et mon père utilise l'ordinateur "central" de la maison -un MAC- pour le quotidien), et de plus, c'est mon PC portable personnel.

Je confirme également que c'est bien moi qui me suis inscris sur chat-land, mais j'ai pas lu toutes les conditions générales d'utilisation... sinon j'aurais fais demi tour. ^^

Par ailleurs, est ce normal que j'ais autant de processus "svchost" (je sais qu'on peut en avoir bcp, mais là je me pose des questions vu le nombre -12 processus- :/ )?

Les manips que je dois faire, ne vaut-il mieux pas que je les fasses en mode sans échecs? (jusqu'ici je les faisait en mode "normal")

J'ai eu au démarrage de nombreux messages d'erreurs à propos d'eru et de clé de registres :

"error saving file C:\Windows\ERDNT\Autobackup\...\BCD !

Continue with the next file?

RegCreateKeyEx : 5 - accès refusé"



Je n'utilise pas l'ordinateur infecté actuellement mais je vais pouvoir recommencer à l'utiliser, avec votre autorisation bien sûr! :wink:



# AdwCleaner v1.408 - Rapport créé le 08/02/2012 à 17:57:42
# Mis à jour le 29/01/2012 par Xplode
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : Olivier - OLIVIER-PC (Administrateur)
# Exécuté depuis : C:\Users\Olivier\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\Olivier\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Fichier Supprimé : C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chat-Land site de chat et de rencontre gratuit.URL
Fichier Supprimé : C:\Users\Olivier\scriptjava.html
Fichier Supprimé : C:\Users\Olivier\errorlog.tmp
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\search-web.xml

***** [Registre] *****

Clé Supprimée : HKLM\SOFTWARE\Software
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.chat-land.org]

***** [Registre (x64)] *****


***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://jerecherche.org?nav=if&zon=Stpie --> hxxp://www.google.fr
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Secondary_Page_URL] = hxxp://jerecherche.org --> hxxp://www.google.fr
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultName] = jerecherche.org --> hxxp://www.google.fr
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultURL] = hxxp://www.jerecherche.org --> hxxp://www.google.fr
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://jerecherche.org/?nav=if&zon=Spie --> hxxp://www.google.fr
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://jerecherche.org --> hxxp://www.google.fr
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://www.jerecherche.org/keyword/ --> hxxp://www.google.fr
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.search-web.net --> hxxp://www.google.fr

-\\ Mozilla Firefox v [Impossible d'obtenir la version]

Profil : 1xulfqwv.default
Fichier : C:\Users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\1xulfqwv.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v16.0.912.77

Fichier : C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Opera v11.60.1185.0

Fichier : C:\Users\Olivier\AppData\Roaming\Opera\Opera\operaprefs.ini

Supprimée : Home URL=hxxp://www.search-web.net

*************************

AdwCleaner[R1].txt - [3703 octets] - [07/02/2012 17:54:05]
AdwCleaner[S1].txt - [3306 octets] - [08/02/2012 17:57:42]

*************************

Dossier Temporaire : 757 dossier(s) et 244 fichier(s) supprimés

########## EOF - C:\AdwCleaner[S1].txt - [3530 octets] ##########
Zanshin
 
Messages: 22
Inscription: 06 Fév 2012, 20:08

Re: Demande d'étude de rapport d'analyse (alarmant!)

Messagede Zanshin » 08 Fév 2012, 18:42

OTL logfile created on: 08/02/2012 18:08:54 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Olivier\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

7,93 Gb Total Physical Memory | 5,98 Gb Available Physical Memory | 75,34% Memory free
15,87 Gb Paging File | 13,50 Gb Available in Paging File | 85,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 227,96 Gb Total Space | 100,71 Gb Free Space | 44,18% Space Free | Partition Type: NTFS
Drive D: | 2,54 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 78,59 Gb Total Space | 32,90 Gb Free Space | 41,86% Space Free | Partition Type: NTFS
Drive G: | 144,53 Gb Total Space | 104,53 Gb Free Space | 72,33% Space Free | Partition Type: NTFS

Computer Name: OLIVIER-PC | User Name: Olivier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/25 19:41:30 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2012/01/16 20:32:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Olivier\Desktop\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/05 13:34:56 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/10/05 15:46:52 | 003,578,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/10/05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) -- G:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2011/01/10 15:24:20 | 000,399,416 | ---- | M] (Secunia) -- G:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2011/01/10 15:24:20 | 000,291,896 | ---- | M] (Secunia) -- G:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/20 08:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/12 19:18:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/07/01 16:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/07/01 16:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/03/04 03:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 03:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/09 20:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/12 21:29:01 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\be4f1d78d06979df7fd08dedf0d8c804\System.Web.Services.ni.dll
MOD - [2012/01/12 21:28:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/16 11:55:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/16 11:55:39 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/13 21:43:23 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 21:43:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 21:43:05 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 21:43:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 21:42:58 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 21:42:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 21:42:50 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/05 13:53:06 | 000,576,000 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2011/04/20 12:39:12 | 000,565,827 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
MOD - [2010/11/13 00:52:13 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:00:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll
MOD - [2010/02/09 20:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 20:34:00 | 000,410,944 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\fr\DataSafeOnline.resources.dll
MOD - [2010/02/09 20:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 20:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 20:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 20:34:00 | 000,066,880 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\fr\SdbShared.resources.dll
MOD - [2010/02/09 20:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 20:34:00 | 000,046,400 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\fr\SdbUI.resources.dll
MOD - [2010/02/09 20:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/07/14 16:23:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/18 17:01:08 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/05 17:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 17:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 17:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/11/02 19:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/01/25 19:41:30 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2012/01/05 19:38:22 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/05 13:34:56 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/10/05 15:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe -- (SDHookService)
SRV - [2011/10/05 15:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe -- (SDWSCService)
SRV - [2011/10/05 15:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe -- (SDUpdateService)
SRV - [2011/10/05 15:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe -- (SDScannerService)
SRV - [2011/01/10 15:24:20 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- G:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/01/10 15:24:20 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- G:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/09/29 00:45:14 | 000,254,448 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/20 08:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/08/12 19:18:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/07/01 16:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/07/01 16:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 03:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/29 09:04:58 | 000,572,928 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/16 16:32:05 | 000,287,304 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/10/03 15:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/07/29 18:54:27 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/02 11:14:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2010/12/02 11:14:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010/12/02 11:14:22 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2010/12/02 11:14:18 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/11/20 14:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 14:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 12:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/09/10 16:22:16 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/09/01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010/08/20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/19 23:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/07/21 17:00:44 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/15 05:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/12 11:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/22 13:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/21 04:26:38 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010/06/21 04:26:36 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010/06/21 04:26:36 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010/05/31 05:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Pilote de carte de la série Intel(R)
DRV:64bit: - [2010/05/25 07:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/25 07:45:38 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/04/27 05:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 05:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/26 08:03:20 | 000,160,880 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/03/03 11:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/02 19:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/09/17 14:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/10/05 15:45:48 | 000,048,888 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys -- (SDHookDriver)
DRV - [2010/05/25 07:45:52 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Olivier\Desktop\CISCO
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = http://www.google.fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=mcafee&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Olivier\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Olivier\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/08 17:59:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/12/23 23:33:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/26 11:45:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2012/02/08 17:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olivier\AppData\Roaming\Mozilla\Extensions
[2011/03/19 16:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olivier\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/02 19:11:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olivier\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2011/12/16 19:10:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Olivier\AppData\Roaming\Mozilla\Firefox\Profiles\1xulfqwv.default\extensions
[2011/12/23 23:33:25 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/02/08 17:59:46 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
() (No name found) -- C:\USERS\OLIVIER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1XULFQWV.DEFAULT\EXTENSIONS\{27C60876-B5C9-4335-B4F3-52B26782220C}.XPI
[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/12 22:14:09 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Recherche s\u00E9curis\u00E9e (Enabled)
CHR - default_search_provider: search_url = http://fr.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Olivier\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Olivier\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Olivier\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Olivier\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Spybot - Search & Destroy = C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: YouTube = C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Recherche Google = C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: SiteAdvisor = C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: Gmail = C:\Users\Olivier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

SUITE...
Zanshin
 
Messages: 22
Inscription: 06 Fév 2012, 20:08

Re: Demande d'étude de rapport d'analyse (alarmant!)

Messagede Zanshin » 08 Fév 2012, 18:43

O1 HOSTS File: ([2012/02/04 17:36:18 | 000,436,431 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15019 more lines...
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111223222139.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20111223222139.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - G:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll File not found
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] G:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files (x86)\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwar ... TSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwar ... /CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54077F4C-81AD-4A71-B872-220DBC01D56E}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5441EA9F-E73F-472C-A908-5060BD33AD65}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\copernicagent - No CLSID value found
O18:64bit: - Protocol\Handler\copernicagentcache - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/08 08:08:11 | 000,000,000 | R--D | M] - D:\Autorun -- [ UDF ]
O32 - AutoRun File - [2007/09/17 19:48:04 | 000,263,744 | R--- | M] (Firaxis Games) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2007/09/20 03:18:35 | 000,006,276 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{99e927da-08af-11e0-b9f3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{99e927da-08af-11e0-b9f3-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2007/09/17 19:48:04 | 000,263,744 | R--- | M] (Firaxis Games)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/08 18:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/02/06 18:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/06 18:28:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/06 18:24:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/02/06 17:56:39 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{5D8C9945-A3EA-4120-ABF9-2D26F23BB997}
[2012/02/06 17:56:27 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{F3617068-60F8-449F-B750-2CE4F32BE2E8}
[2012/02/04 17:33:55 | 000,000,000 | ---D | C] -- C:\SpybotBootCD
[2012/02/04 17:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/02/04 17:29:27 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2012/02/04 17:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/02/04 17:02:50 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{2C38BAC6-7950-4148-8940-579C149B77A0}
[2012/02/04 17:02:35 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{1176468B-C5F7-4B16-A9D7-80C0C48A371E}
[2012/02/04 00:40:38 | 002,375,720 | ---- | C] (ESET) -- C:\Users\Olivier\Desktop\SysInspector.exe
[2012/02/04 00:39:49 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{1FD3F72E-ACBF-4D36-AB82-637CF2BAB479}
[2012/02/04 00:39:27 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{1E26BACE-1AF3-4735-B34F-BA6DCF436805}
[2012/02/03 12:39:00 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{C4E1EF86-526C-48BF-9690-DD1082EA7633}
[2012/02/03 12:38:38 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{B43EE2DC-55A6-4ECB-BCFD-C8ABE4C9B62C}
[2012/02/02 18:04:57 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{088E70F0-DE51-42A8-B9E9-C83A2D28DC01}
[2012/02/02 18:04:31 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{B6D4761A-EB74-47CD-AFC0-783BB23EC6F2}
[2012/02/01 16:15:39 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Roaming\Roxio Log Files
[2012/02/01 12:19:26 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{650D6749-A177-4D44-8941-026EF698EBB2}
[2012/02/01 12:19:15 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{D68C1DC7-5A95-4868-87C0-B7195E594887}
[2012/01/31 16:42:36 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{F4D98DD8-E345-4C40-933F-7DCB8686C08E}
[2012/01/31 16:42:13 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{D3F3B7DC-4A60-4DDB-8ECF-702F9869336F}
[2012/01/31 01:15:12 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{9C56CFFA-21AC-48FF-91AD-0F4C8E9459E7}
[2012/01/30 13:14:57 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{3591C3C7-FAB2-432F-9902-CF08F907B513}
[2012/01/30 13:14:43 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{39290BB6-DDD8-44AD-B408-3B2EF48A2474}
[2012/01/29 14:19:30 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{23A87257-41CB-44FD-BA7F-121ADC8881FC}
[2012/01/29 14:19:16 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{E7FC9C3E-4916-439C-8C0A-99A81192CBFA}
[2012/01/28 11:36:12 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{D959E258-EC9B-4DE5-BFFE-E45DBA155DFB}
[2012/01/28 11:35:50 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{BA2A48C5-D30C-4538-824B-B2C5E607A51B}
[2012/01/27 17:54:27 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{36E7C2F3-AB61-48C6-9508-EB685A4E4D03}
[2012/01/27 17:54:13 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{8BBDB239-A221-4F50-9769-891FD0C4CA44}
[2012/01/26 20:17:40 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{9267BD7F-4CA0-4038-B1A6-6F11655F8C07}
[2012/01/26 20:17:18 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{A870DD3A-9057-42C1-954A-C83E61FC3BC5}
[2012/01/25 18:35:13 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{244F724D-A5B2-4B02-9C86-6993E742CEEA}
[2012/01/25 18:34:51 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{E799041A-3690-4CEE-A035-47ACCFC9DB46}
[2012/01/24 11:05:19 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{265BD967-EA55-416C-A75E-9C5EB4A1123D}
[2012/01/24 11:04:56 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{8DE340AD-655B-4ED0-BC3E-17498C98ED31}
[2012/01/23 21:34:28 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Roaming\Canneverbe Limited
[2012/01/23 21:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012/01/23 21:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2012/01/23 17:41:32 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{CDE55A77-0BF5-4885-A872-AA7A9BAFCFC0}
[2012/01/23 17:41:10 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{BA9404A0-F954-43E3-B3CE-AFE3B1482D51}
[2012/01/22 12:56:14 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{A83974BB-0153-44BE-B31E-A435CA85AE5B}
[2012/01/22 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{5ADA4F0F-6737-4210-978B-19A739CEA5B5}
[2012/01/21 16:21:30 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{2B58F540-0D65-4EF2-B808-236DF1186F95}
[2012/01/21 16:21:15 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{291B5DCE-2339-45EA-826D-368A5C39D77F}
[2012/01/20 17:36:40 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{863B634E-25D3-422C-9EF8-6387E6E68740}
[2012/01/20 17:36:29 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{E8E30775-867F-46CC-8052-4DB86B209F86}
[2012/01/19 23:23:30 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{90A82F0F-0A8F-4BE9-B518-D3DACDD708C2}
[2012/01/19 23:23:14 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{A3B070DF-A810-45EF-B7D8-0225A2560573}
[2012/01/18 13:50:04 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/01/18 13:49:06 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\Google
[2012/01/18 13:43:45 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{C3175FFB-336D-4C3B-B518-56CD9EF88C2B}
[2012/01/18 13:43:22 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{F0BAD48B-D06E-48B1-97E6-83C110C59FC9}
[2012/01/17 17:32:02 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{B8F2225F-23C1-4594-B47C-645D9D95986A}
[2012/01/17 17:31:35 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{5126C77C-A1F8-49F1-BB61-64DC119CB3AB}
[2012/01/16 20:32:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Olivier\Desktop\OTL.exe
[2012/01/16 17:29:27 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{24BB64AF-7F1A-47C8-BDCB-62B677E1F365}
[2012/01/16 17:29:04 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{E3D283F5-8C42-44D0-9DBF-C697C6871DC8}
[2012/01/15 17:21:21 | 000,000,000 | ---D | C] -- C:\Users\Olivier\Desktop\HIJACKTHIS
[2012/01/15 11:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/15 11:38:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/01/15 11:26:10 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{04D4001D-7634-4A3D-9FDD-10A2D437ADEA}
[2012/01/15 11:25:48 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{DDAEE918-05B2-4D6C-8CDE-519AA08F4414}
[2012/01/14 10:26:38 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{AAEBDB07-E7A0-440A-B4EC-9F6286D41E6B}
[2012/01/14 10:26:23 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{9E972CDD-D217-4F48-898A-E9A3EF6441DE}
[2012/01/13 13:23:19 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{D2195DA6-0906-4020-8CDD-6B54A235735B}
[2012/01/13 13:23:08 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{4469B0E1-3033-4190-A467-AF0070A1C4B2}
[2012/01/12 19:20:22 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{C1681FC0-8E8D-4207-A2DA-F8A79EB6A440}
[2012/01/12 19:19:59 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{35FF7115-EA54-4E31-8E48-16796C6E85A5}
[2012/01/11 13:38:53 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{CDFCFBA3-A0A9-4315-BD98-65A8ED12DD13}
[2012/01/11 13:38:43 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{9D27B32C-EA14-4170-8372-B75E175D4BF3}
[2012/01/10 20:25:11 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{9B2D5160-D7AF-41C3-A370-05E7C9AD1DF0}
[2012/01/10 20:24:59 | 000,000,000 | ---D | C] -- C:\Users\Olivier\AppData\Local\{5E466301-1EFA-424F-9DE3-C98566F5939B}
[2011/03/02 17:38:06 | 005,943,496 | ---- | C] (Absolute Software Corp. ) -- C:\Users\Olivier\AppData\Roaming\LoJackSetup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/08 18:15:08 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/02/08 18:08:49 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 18:08:49 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/08 18:08:03 | 001,580,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/08 18:08:03 | 000,716,884 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/02/08 18:08:03 | 000,626,020 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/08 18:08:03 | 000,136,698 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/02/08 18:08:03 | 000,111,400 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/08 18:07:49 | 000,687,744 | ---- | M] () -- C:\Users\Olivier\Documents\pb bcd.png
[2012/02/08 18:05:07 | 000,691,604 | ---- | M] () -- C:\Users\Olivier\Documents\pb eru.png
[2012/02/08 18:01:47 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/02/08 17:59:57 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2012/02/08 17:59:55 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2012/02/08 17:59:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/08 17:59:48 | 2094,301,183 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/08 17:47:53 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-222305607-392724612-3976858061-1000Core.job
[2012/02/08 17:47:12 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-222305607-392724612-3976858061-1000UA.job
[2012/02/07 17:44:40 | 000,578,643 | ---- | M] () -- C:\Users\Olivier\Desktop\adwcleaner.exe
[2012/02/06 19:27:22 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/02/06 18:58:46 | 000,000,923 | ---- | M] () -- C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/06 18:58:39 | 000,000,743 | ---- | M] () -- C:\Users\Olivier\Desktop\NTREGOPT.lnk
[2012/02/06 18:58:39 | 000,000,724 | ---- | M] () -- C:\Users\Olivier\Desktop\ERUNT.lnk
[2012/02/06 18:48:00 | 000,276,991 | ---- | M] () -- C:\Users\Olivier\Documents\Pb erdnt.jpg
[2012/02/06 18:46:49 | 000,227,378 | ---- | M] () -- C:\Users\Olivier\Documents\Pb erdnt.png
[2012/02/06 18:35:57 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2012/02/06 18:35:43 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2012/02/06 18:20:08 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 19:12:52 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/02/04 19:12:52 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/02/04 17:46:13 | 000,031,120 | ---- | M] () -- C:\Users\Olivier\Documents\avant modif du registre 17h45.xml
[2012/02/04 17:36:18 | 000,436,431 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/04 17:29:46 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/02/02 23:58:27 | 000,301,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/02 23:41:40 | 002,375,720 | ---- | M] (ESET) -- C:\Users\Olivier\Desktop\SysInspector.exe
[2012/02/02 21:32:05 | 000,021,492 | ---- | M] () -- C:\Users\Olivier\Desktop\LISTE.odt
[2012/02/01 19:46:35 | 005,788,700 | ---- | M] () -- C:\Users\Olivier\Documents\Khodorkovski.mp4
[2012/02/01 17:05:39 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/01 16:53:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/02/01 16:12:15 | 000,001,753 | ---- | M] () -- C:\Users\Olivier\Documents\philippe 2e stage.html
[2012/01/25 20:06:09 | 000,117,368 | ---- | M] () -- C:\Users\Olivier\Documents\Badge.pdf
[2012/01/25 19:41:38 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\Upgrd.exe
[2012/01/25 19:41:30 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.exe
[2012/01/24 21:41:44 | 000,140,683 | ---- | M] () -- C:\Users\Olivier\Documents\aurélien.jpg
[2012/01/22 19:48:53 | 000,001,570 | ---- | M] () -- C:\Users\Olivier\Desktop\ui - Raccourci.lnk
[2012/01/17 19:19:05 | 000,000,011 | ---- | M] () -- C:\Users\Olivier\logie
[2012/01/17 01:16:36 | 000,013,378 | ---- | M] () -- C:\Users\Olivier\Desktop\CCNA1 (2).pdf - Raccourci.lnk
[2012/01/16 20:32:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Olivier\Desktop\OTL.exe
[2012/01/15 11:44:34 | 000,001,314 | ---- | M] () -- C:\Users\Olivier\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/15 11:36:12 | 000,002,963 | ---- | M] () -- C:\Users\Olivier\Desktop\Pb infos.rtf
[2012/01/14 21:42:49 | 000,000,008 | ---- | M] () -- C:\Users\Olivier\logff
[2012/01/13 13:30:48 | 000,014,864 | ---- | M] () -- C:\Users\Olivier\Desktop\Recettes.ods
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/08 18:07:49 | 000,687,744 | ---- | C] () -- C:\Users\Olivier\Documents\pb bcd.png
[2012/02/08 18:05:07 | 000,691,604 | ---- | C] () -- C:\Users\Olivier\Documents\pb eru.png
[2012/02/07 17:49:38 | 000,578,643 | ---- | C] () -- C:\Users\Olivier\Desktop\adwcleaner.exe
[2012/02/06 19:27:22 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/02/06 18:48:00 | 000,276,991 | ---- | C] () -- C:\Users\Olivier\Documents\Pb erdnt.jpg
[2012/02/06 18:46:49 | 000,227,378 | ---- | C] () -- C:\Users\Olivier\Documents\Pb erdnt.png
[2012/02/06 18:24:49 | 000,000,923 | ---- | C] () -- C:\Users\Olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/06 18:24:28 | 000,000,743 | ---- | C] () -- C:\Users\Olivier\Desktop\NTREGOPT.lnk
[2012/02/06 18:24:28 | 000,000,724 | ---- | C] () -- C:\Users\Olivier\Desktop\ERUNT.lnk
[2012/02/04 17:46:13 | 000,031,120 | ---- | C] () -- C:\Users\Olivier\Documents\avant modif du registre 17h45.xml
[2012/02/04 17:30:11 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/02/04 17:30:10 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/02/04 17:30:10 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/02/04 17:29:46 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/02/04 17:29:46 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/02/03 16:15:16 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/01 19:46:33 | 005,788,700 | ---- | C] () -- C:\Users\Olivier\Documents\Khodorkovski.mp4
[2012/02/01 16:12:15 | 000,001,753 | ---- | C] () -- C:\Users\Olivier\Documents\philippe 2e stage.html
[2012/02/01 15:23:17 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/01/25 20:06:16 | 000,117,368 | ---- | C] () -- C:\Users\Olivier\Documents\Badge.pdf
[2012/01/24 21:41:44 | 000,140,683 | ---- | C] () -- C:\Users\Olivier\Documents\aurélien.jpg
[2012/01/23 21:34:21 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012/01/22 19:48:53 | 000,001,570 | ---- | C] () -- C:\Users\Olivier\Desktop\ui - Raccourci.lnk
[2012/01/18 13:49:11 | 000,001,086 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-222305607-392724612-3976858061-1000UA.job
[2012/01/18 13:49:10 | 000,001,034 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-222305607-392724612-3976858061-1000Core.job
[2012/01/17 01:16:36 | 000,013,378 | ---- | C] () -- C:\Users\Olivier\Desktop\CCNA1 (2).pdf - Raccourci.lnk
[2012/01/15 11:38:12 | 000,001,314 | ---- | C] () -- C:\Users\Olivier\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/14 10:48:09 | 000,002,963 | ---- | C] () -- C:\Users\Olivier\Desktop\Pb infos.rtf
[2011/09/25 16:08:49 | 000,014,359 | ---- | C] () -- C:\Users\Olivier\AppData\Roaming\NMM-MetaData.db
[2011/06/07 10:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/06/07 10:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/06/07 10:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/06/07 10:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/06/07 10:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/05/24 22:13:56 | 000,000,873 | ---- | C] () -- C:\Users\Olivier\AppData\Local\Images.fl
[2011/04/21 21:11:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2011/04/21 21:11:00 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2011/04/10 17:45:55 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2011/04/10 17:45:55 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2011/04/10 17:45:55 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2011/04/10 17:40:16 | 000,000,063 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/04/10 15:00:20 | 000,000,095 | ---- | C] () -- C:\Users\Olivier\AppData\Local\fusioncache.dat
[2011/03/31 18:43:06 | 000,109,967 | ---- | C] () -- C:\Windows\CopernicAgentUninstall.exe
[2011/03/26 12:17:48 | 000,024,576 | ---- | C] () -- C:\Users\Olivier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/02 17:37:02 | 000,000,046 | ---- | C] () -- C:\Users\Olivier\AppData\Roaming\FactoryInstaller.xml
[2011/02/20 18:14:56 | 000,007,601 | ---- | C] () -- C:\Users\Olivier\AppData\Local\resmon.resmoncfg
[2011/02/01 22:22:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/02/01 22:09:39 | 000,000,981 | ---- | C] () -- C:\Windows\eReg.dat
[2010/12/27 19:25:25 | 001,611,238 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/03/29 22:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\SysWow64\CddbCdda.dll

========== LOP Check ==========

[2011/12/10 12:20:15 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\.purple
[2011/03/02 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Absolute
[2012/01/23 21:34:28 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Canneverbe Limited
[2011/03/31 18:43:09 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Copernic
[2011/05/29 18:47:07 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\gtk-2.0
[2011/09/25 16:08:50 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Nokia
[2011/06/21 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\ObviousIdea
[2011/09/29 19:45:38 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\OpenOffice.org
[2010/12/26 18:46:52 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Opera
[2011/09/25 16:18:25 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\PC Suite
[2010/12/26 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\PCDr
[2011/10/26 16:35:12 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Samsung
[2012/02/01 16:57:57 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\SoftGrid Client
[2011/10/30 15:11:48 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Softplicity
[2011/03/19 16:37:22 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Thunderbird
[2012/01/02 19:11:21 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\TomTom
[2011/06/19 14:14:21 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\TP
[2011/10/25 15:55:43 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Windows Live Writer
[2011/05/04 18:52:47 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Wireshark
[2011/09/14 21:21:07 | 000,000,000 | ---D | M] -- C:\Users\Olivier\AppData\Roaming\Wizards of the Coast
[2012/02/08 18:01:47 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/02/01 16:53:01 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/02/01 17:05:39 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/02/04 19:12:52 | 000,000,350 | ---- | M] () -- C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/02/04 19:12:52 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2012/02/02 23:58:45 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/08 18:15:08 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 603 bytes -> C:\Users\Olivier\Desktop\00. 09_09_2011 - Support de cours.eml:OECustomProperty

< End of report >
Zanshin
 
Messages: 22
Inscription: 06 Fév 2012, 20:08

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 12 invités