Rapport de ZHPDiag v1.27.2406 par Nicolas Coolman, Update du 12/07/2011 Run by Alexis at 15/07/2011 13:48:27 Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html ---\\ Web Browser MSIE: Internet Explorer v8.0.7600.16385 (Defaut) ---\\ System Information Windows 7 Ultimate Edition, 64-bit (Build 7600) ~ Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD ~ Operating System: 64 Bits ~ Boot mode: ~ Normal (Normal boot) Total RAM: 2810 MB (26% free) ~ System Restore: Activé (Enable) System drive C: has 320 GB (71%) free of 451 GB ---\\ Logged in mode ~ Computer Name: ALEXIS-PC ~ User Name: Alexis ~ All Users Names: Alexis, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O82 ~ Logged in as Administrator ---\\ Environnement Variables ~ %AppData%=C:\Users\Alexis\AppData\Roaming\ ~ %Desktop%=C:\Users\Alexis\Desktop\ ~ %Favorites%=C:\Users\Alexis\Favorites\ ~ %LocalAppData%=C:\Users\Alexis\AppData\Local\ ~ %StartMenu%=C:\Users\Alexis\AppData\Roaming\Microsoft\Windows\Start Menu\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 320 Go of 451 Go) D:\ CD-ROM drive (Free 0 Go of 0 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 305 Go of 345 Go) G:\ Hard drive, Flash drive, Thumb drive (Free 292 Go of 293 Go) R:\ Hard drive, Flash drive, Thumb drive (Free 13 Go of 15 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK ---\\ Recherche particulière de fichiers génériques [MD5.647B736BAF27E714E2B990308C2BEC2D] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2009 - 19:28:02.) -- C:\Windows\Explorer.exe [2868224] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (....) (.14/07/2009 - 02:14:31.) -- C:\Windows\system32\rundll32.exe [44544] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256] [MD5.0D874F3BC751CC2198AF2E6783FB8B35] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.14/07/2009 - 02:16:19.) -- C:\Windows\system32\wininet.dll [977920] ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes Favoris (My Favorites) : 3/26 ~ Mes Documents (My Documents) : 1/2 ~ Mon Bureau (My Desktop) : 3/635 ~ Menu demarrer (Programs) : 7/25 ---\\ Processus lancés [MD5.2E9A1A6555C20424FC6DCC3AF21F4D68] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3451496] [MD5.89C981608FE15F3BAB8389794220C350] - (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe [2388264] [MD5.474C4819EEC595978D183C807FB58334] - (...) -- C:\Users\Alexis\Downloads\ZHPDiag_silent.exe [704238] [MD5.00365B3515C30F66CDB938F6729F3D0C] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [656896] ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R0 - HKUS\S-1-5-21-1444762759-731789217-3777956152-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKUS\S-1-5-21-1444762759-731789217-3777956152-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: avast! WebRep [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.Pas de propriétaire - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: avast! WebRep [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.Pas de propriétaire - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\ ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: avast! WebRep [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.Pas de propriétaire - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-21-1444762759-731789217-3777956152-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-1444762759-731789217-3777956152-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.) O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.) ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Users\Alexis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Alexis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Alexis\Desktop\Adobe Photoshop CS4 - Raccourci.lnk . (.Adobe Systems, Incorporated.) -- C:\Users\Alexis\Downloads\AdobePhotoshopCS4FRPortable\Adobe Photoshop CS4 11.0.1 FR Portable - Majax31 - 2009\Adobe Photoshop CS4.exe O4 - Global Startup: C:\Users\Alexis\Desktop\Blender.lnk . (...) -- C:\Program Files (x86)\Blender Foundation\Blender\blender.exe O4 - Global Startup: C:\Users\Alexis\Desktop\Dofus 2.lnk . (...) -- C:\Program Files (x86)\Dofus 2\app\UpLauncher.exe O4 - Global Startup: C:\Users\Alexis\Desktop\MBRCheck.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe O4 - Global Startup: C:\Users\Alexis\Desktop\Tetromino Revolution.lnk . (...) -- C:\Program Files (x86)\TERMINAL Studio\Tetromino Revolution\RUNNER.EXE O4 - Global Startup: C:\Users\Alexis\Desktop\ZHPDiag.lnk . (.Nicolas Coolman.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe O4 - Global Startup: C:\Users\Alexis\Desktop\ZHPFix.lnk . (.Nicolas Coolman.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix.exe O4 - Global Startup: C:\Users\Alexis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk . (...) -- C:\Windows\Installer\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}\SafariIco.exe O4 - Global Startup: C:\Users\Alexis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\Alexis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk . (...) -- C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe (.not file.) ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{74289784-2B26-4384-9686-5A7FBB46FF6D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{74289784-2B26-4384-9686-5A7FBB46FF6D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{74289784-2B26-4384-9686-5A7FBB46FF6D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (AMD External Events Utility) . (...) - C:\Windows\system32\atiesrxx.exe (.not file.) O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ---\\ Tâches planifiées en automatique (O39) [MD5.7B43567B4C32AD7ADED537CD3B1342B9] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys O41 - Driver: (VBoxDrv) . (.Oracle Corporation - VirtualBox Support Driver.) - C:\Windows\System32\DRIVERS\VBoxDrv.sys O41 - Driver: (VBoxUSBMon) . (.Oracle Corporation - VirtualBox USB Monitor Driver.) - C:\Windows\System32\DRIVERS\VBoxUSBMon.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys ---\\ Logiciels installés (O42) O42 - Logiciel: AMD USB Filter Driver - (.Advanced Micro Devices, Inc..) [HKLM][64Bits] -- {987B04C4-B5AC-4AD6-A7E9-8D681085B850} O42 - Logiciel: ATI Catalyst Install Manager - (.ATI Technologies, Inc..) [HKLM] -- {3B20226B-63ED-B863-B224-FE40401B21CA} O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe AIR O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {FDB3B167-F4FA-461D-976F-286304A57B2A} O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM][64Bits] -- {853A4763-6643-4604-8D64-28BDD8925F4C} O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {6956856F-B6B3-4BE0-BA0B-8F495BE32033} O42 - Logiciel: Blender (remove only) - (.Pas de propriétaire.) [HKLM][64Bits] -- Blender O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {E4F5E48E-7155-4CF9-88CD-7F377EC9AC54} O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM][64Bits] -- {FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74} O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} O42 - Logiciel: MSVCRT Redists - (.Sony Creative Software Inc..) [HKLM][64Bits] -- {40719211-D09A-11DF-BA30-0013D3D69929} O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {4B6C7001-C7D6-3710-913E-5BC23FCE91E6} O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} O42 - Logiciel: Oracle VM VirtualBox 4.0.10 - (.Oracle Corporation.) [HKLM] -- {1DABE61D-DE02-4404-939A-925C202B3721} O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM][64Bits] -- {B0F16072-A60E-41E9-BC55-CD586889145D} O42 - Logiciel: Safari - (.Apple Inc..) [HKLM][64Bits] -- {6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1} O42 - Logiciel: Tetromino Revolution 1.0 - (.Pas de propriétaire.) [HKLM][64Bits] -- Tetromino Revolution_is1 O42 - Logiciel: Vegas Pro 10.0 - (.Sony.) [HKLM][64Bits] -- {3CD46E1E-D09A-11DF-A391-0013D3D69929} O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- WinLiveSuite O42 - Logiciel: Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5} O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {D45240D3-B6B3-4FF9-B243-54ECE3E10066} O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8} O42 - Logiciel: Windows Live Installer - (.Microsoft Corporation.) [HKLM][64Bits] -- {0B0F231F-CE6A-483D-AA23-77B364F75917} O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6057E21C-ABE9-4059-AE3E-3BEB9925E660} O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {EB4DF488-AAEF-406F-A341-CB2AAA315B90} O42 - Logiciel: Windows Live PIMT Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {4CBABDFD-49F8-47FD-BE7D-ECDE7270525A} O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {A9BDCA6B-3653-467B-AC83-94367DA3BFE3} O42 - Logiciel: Windows Live Photo Common - (.Microsoft Corporation.) [HKLM][64Bits] -- {C893D8C0-1BA0-4517-B11C-E89B65E72F70} O42 - Logiciel: Windows Live SOXE - (.Microsoft Corporation.) [HKLM][64Bits] -- {682B3E4F-696A-42DE-A41C-4C07EA1678B4} O42 - Logiciel: Windows Live SOXE Definitions - (.Microsoft Corporation.) [HKLM][64Bits] -- {200FEC62-3C34-4D60-9CE8-EC372E01C08F} O42 - Logiciel: Windows Live UX Platform - (.Microsoft Corporation.) [HKLM][64Bits] -- {CE95A79E-E4FC-4FFF-8A75-29F04B942FF2} O42 - Logiciel: Windows Live UX Platform Language Pack - (.Microsoft Corporation.) [HKLM][64Bits] -- {09F56A49-A7B1-4AAB-95B9-D13094254AD1} O42 - Logiciel: avast! Pro Antivirus - (.AVAST Software.) [HKLM][64Bits] -- avast ---\\ HKCU & HKLM Software Keys [HKCU\Software\ATI] [HKCU\Software\AVAST Software] [HKCU\Software\Adobe] [HKCU\Software\AppDataLow\Software\Microsoft] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Apple Inc.] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\DirectShow] [HKCU\Software\IM Providers] [HKCU\Software\Macromedia] [HKCU\Software\Policies] [HKCU\Software\Sony Creative Software] [HKCU\Software\Tetromino Revolution] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Wow6432Node] [HKLM\Software\AMD] [HKLM\Software\ATI Technologies] [HKLM\Software\ATI] [HKLM\Software\AVAST Software] [HKLM\Software\Adobe] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\BlenderFoundation] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Dofus 2] [HKLM\Software\Intel] [HKLM\Software\Macromedia] [HKLM\Software\MozillaPlugins] [HKLM\Software\ODBC] [HKLM\Software\Oracle] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\Sonic] [HKLM\Software\Sony Creative Software] [HKLM\Software\VST] [HKLM\Software\WinRAR] [HKLM\Software\Wow6432Node] ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 15/07/2011 - 07:57:18 - [577544008] ----D- C:\Program Files\Adobe O43 - CFD: 14/07/2011 - 13:42:24 - [23132034] ----D- C:\Program Files\ATI O43 - CFD: 14/07/2011 - 13:44:34 - [28] ----D- C:\Program Files\ATI Technologies O43 - CFD: 14/07/2011 - 13:49:34 - [294697880] ----D- C:\Program Files\AVAST Software O43 - CFD: 15/07/2011 - 10:15:52 - [0] ----D- C:\Program Files\Blender Foundation O43 - CFD: 14/07/2011 - 14:08:58 - [195932] ----D- C:\Program Files\Bonjour O43 - CFD: 14/07/2009 - 05:20:10 - [173632950] ----D- C:\Program Files\Common Files O43 - CFD: 14/07/2011 - 13:44:56 - [931896] ----D- C:\Program Files\DIFX O43 - CFD: 14/07/2009 - 17:35:14 - [90257428] ----D- C:\Program Files\DVD Maker O43 - CFD: 14/07/2011 - 13:36:14 - [0] -SH-D- C:\Program Files\Fichiers communs O43 - CFD: 14/07/2009 - 17:24:10 - [5166389] ----D- C:\Program Files\Internet Explorer O43 - CFD: 14/07/2009 - 17:35:14 - [149236786] ----D- C:\Program Files\Microsoft Games O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild O43 - CFD: 15/07/2011 - 12:47:20 - [125909159] ----D- C:\Program Files\Oracle O43 - CFD: 14/07/2009 - 07:32:40 - [36249769] ----D- C:\Program Files\Reference Assemblies O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information O43 - CFD: 14/07/2009 - 17:24:10 - [4039168] ----D- C:\Program Files\Windows Defender O43 - CFD: 14/07/2009 - 17:35:14 - [9224824] ----D- C:\Program Files\Windows Journal O43 - CFD: 14/07/2009 - 17:24:10 - [6667776] ----D- C:\Program Files\Windows Mail O43 - CFD: 14/07/2009 - 17:24:10 - [7687085] ----D- C:\Program Files\Windows Media Player O43 - CFD: 14/07/2011 - 13:36:14 - [12624564] ----D- C:\Program Files\Windows NT O43 - CFD: 14/07/2009 - 17:24:10 - [5516568] ----D- C:\Program Files\Windows Photo Viewer O43 - CFD: 14/07/2009 - 07:32:40 - [235008] ----D- C:\Program Files\Windows Portable Devices O43 - CFD: 14/07/2009 - 17:24:10 - [8207231] ----D- C:\Program Files\Windows Sidebar O43 - CFD: 14/07/2011 - 13:38:34 - [4524560] ----D- C:\Program Files\WinRAR O43 - CFD: 15/07/2011 - 08:49:54 - [100929695] ----D- C:\Program Files\Common Files\Adobe O43 - CFD: 15/07/2011 - 11:19:10 - [60081814] ----D- C:\Program Files\Common Files\Microsoft Shared O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services O43 - CFD: 14/07/2009 - 05:20:10 - [608768] ----D- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 14/07/2009 - 17:24:10 - [12009971] ----D- C:\Program Files\Common Files\System O43 - CFD: 15/07/2011 - 07:57:56 - [390843573] ----D- C:\ProgramData\Adobe O43 - CFD: 14/07/2011 - 14:08:26 - [24784896] ----D- C:\ProgramData\Apple O43 - CFD: 14/07/2011 - 14:09:18 - [45087016] ----D- C:\ProgramData\Apple Computer O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data O43 - CFD: 14/07/2011 - 13:47:52 - [187] ----D- C:\ProgramData\ATI O43 - CFD: 14/07/2011 - 13:49:34 - [2629530] ----D- C:\ProgramData\AVAST Software O43 - CFD: 14/07/2011 - 13:36:14 - [0] -SH-D- C:\ProgramData\Bureau O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Documents O43 - CFD: 14/07/2011 - 13:36:14 - [0] -SH-D- C:\ProgramData\Favoris O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Favorites O43 - CFD: 14/07/2011 - 13:36:14 - [0] -SH-D- C:\ProgramData\Menu Démarrer O43 - CFD: 15/07/2011 - 12:42:50 - [275420908] -S--D- C:\ProgramData\Microsoft O43 - CFD: 14/07/2011 - 13:36:14 - [0] -SH-D- C:\ProgramData\Modèles O43 - CFD: 15/07/2011 - 07:39:06 - [3755] ----D- C:\ProgramData\Sony O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Start Menu O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Templates O43 - CFD: 15/07/2011 - 09:55:52 - [1801568] ----D- C:\Users\Alexis\AppData\Roaming\Adobe O43 - CFD: 14/07/2011 - 14:57:42 - [4478] ----D- C:\Users\Alexis\AppData\Roaming\app O43 - CFD: 14/07/2011 - 14:11:04 - [1345706] ----D- C:\Users\Alexis\AppData\Roaming\Apple Computer O43 - CFD: 14/07/2011 - 13:47:52 - [0] ----D- C:\Users\Alexis\AppData\Roaming\ATI O43 - CFD: 15/07/2011 - 10:16:24 - [7476456] ----D- C:\Users\Alexis\AppData\Roaming\Blender Foundation O43 - CFD: 14/07/2011 - 18:38:38 - [6971522] ----D- C:\Users\Alexis\AppData\Roaming\Dofus 2 O43 - CFD: 14/07/2011 - 14:57:40 - [0] ----D- C:\Users\Alexis\AppData\Roaming\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 O43 - CFD: 15/07/2011 - 09:12:04 - [0] ----D- C:\Users\Alexis\AppData\Roaming\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 O43 - CFD: 14/07/2011 - 18:35:54 - [0] ----D- C:\Users\Alexis\AppData\Roaming\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 O43 - CFD: 14/07/2011 - 13:37:06 - [0] ----D- C:\Users\Alexis\AppData\Roaming\Identities O43 - CFD: 14/07/2011 - 13:56:22 - [58589] ----D- C:\Users\Alexis\AppData\Roaming\Macromedia O43 - CFD: 14/07/2009 - 17:35:04 - [0] ----D- C:\Users\Alexis\AppData\Roaming\Media Center Programs O43 - CFD: 15/07/2011 - 12:42:44 - [2340833] -S--D- C:\Users\Alexis\AppData\Roaming\Microsoft O43 - CFD: 15/07/2011 - 07:41:54 - [0] ----D- C:\Users\Alexis\AppData\Roaming\Publish Providers O43 - CFD: 14/07/2011 - 14:57:42 - [0] ----D- C:\Users\Alexis\AppData\Roaming\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1 O43 - CFD: 15/07/2011 - 09:16:12 - [756198] ----D- C:\Users\Alexis\AppData\Roaming\Sony O43 - CFD: 14/07/2011 - 13:38:46 - [12] ----D- C:\Users\Alexis\AppData\Roaming\WinRAR O43 - CFD: 15/07/2011 - 09:55:56 - [13509931] ----D- C:\Users\Alexis\AppData\Local\Adobe O43 - CFD: 14/07/2011 - 14:08:28 - [0] ----D- C:\Users\Alexis\AppData\Local\Apple O43 - CFD: 14/07/2011 - 14:17:40 - [140898768] ----D- C:\Users\Alexis\AppData\Local\Apple Computer O43 - CFD: 14/07/2011 - 13:36:28 - [0] -SH-D- C:\Users\Alexis\AppData\Local\Application Data O43 - CFD: 14/07/2011 - 13:47:52 - [59724] ----D- C:\Users\Alexis\AppData\Local\ATI O43 - CFD: 14/07/2011 - 13:36:28 - [0] -SH-D- C:\Users\Alexis\AppData\Local\Historique O43 - CFD: 15/07/2011 - 12:42:50 - [106937528] ----D- C:\Users\Alexis\AppData\Local\Microsoft O43 - CFD: 15/07/2011 - 07:40:38 - [71846] ----D- C:\Users\Alexis\AppData\Local\Sony O43 - CFD: 15/07/2011 - 13:48:56 - [61804345] ----D- C:\Users\Alexis\AppData\Local\Temp O43 - CFD: 14/07/2011 - 13:36:28 - [0] -SH-D- C:\Users\Alexis\AppData\Local\Temporary Internet Files O43 - CFD: 15/07/2011 - 13:01:08 - [92712] ----D- C:\Users\Alexis\AppData\Local\VirtualStore O43 - CFD: 15/07/2011 - 09:01:48 - [36864] ----D- C:\Users\Alexis\AppData\Local\Windows Live O43 - CFD: 14/07/2011 - 13:56:28 - [201981096] ----D- C:\Program Files (x86)\Adobe O43 - CFD: 15/07/2011 - 08:50:10 - [9185112] ----D- C:\Program Files (x86)\Adobe Story O43 - CFD: 14/07/2011 - 13:44:52 - [80942] ----D- C:\Program Files (x86)\AMD O43 - CFD: 14/07/2011 - 14:08:26 - [2221118] ----D- C:\Program Files (x86)\Apple Software Update O43 - CFD: 14/07/2011 - 13:43:10 - [81489623] ----D- C:\Program Files (x86)\ATI Technologies O43 - CFD: 15/07/2011 - 10:16:14 - [32837364] ----D- C:\Program Files (x86)\Blender Foundation O43 - CFD: 14/07/2011 - 14:08:58 - [617156] ----D- C:\Program Files (x86)\Bonjour O43 - CFD: 15/07/2011 - 08:49:16 - [413251970] ----D- C:\Program Files (x86)\Common Files O43 - CFD: 14/07/2011 - 13:56:30 - [969949146] ----D- C:\Program Files (x86)\Dofus 2 O43 - CFD: 14/07/2011 - 14:09:42 - [5592477] ----D- C:\Program Files (x86)\Internet Explorer O43 - CFD: 15/07/2011 - 11:54:54 - [38411899] ----D- C:\Program Files (x86)\Microsoft Silverlight O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files (x86)\MSBuild O43 - CFD: 14/07/2011 - 14:09:42 - [76724283] ----D- C:\Program Files (x86)\QuickTime O43 - CFD: 14/07/2009 - 07:32:40 - [38593281] ----D- C:\Program Files (x86)\Reference Assemblies O43 - CFD: 14/07/2011 - 14:10:30 - [42294986] ----D- C:\Program Files (x86)\Safari O43 - CFD: 15/07/2011 - 07:39:04 - [380566763] ----D- C:\Program Files (x86)\Sony O43 - CFD: 15/07/2011 - 12:47:30 - [24926391] ----D- C:\Program Files (x86)\TERMINAL Studio O43 - CFD: 14/07/2009 - 06:57:08 - [0] --H-D- C:\Program Files (x86)\Uninstall Information O43 - CFD: 14/07/2009 - 17:24:10 - [524800] ----D- C:\Program Files (x86)\Windows Defender O43 - CFD: 15/07/2011 - 08:58:12 - [61032423] ----D- C:\Program Files (x86)\Windows Live O43 - CFD: 14/07/2009 - 17:24:10 - [6180864] ----D- C:\Program Files (x86)\Windows Mail O43 - CFD: 14/07/2009 - 17:24:10 - [5024017] ----D- C:\Program Files (x86)\Windows Media Player O43 - CFD: 14/07/2009 - 07:32:40 - [12194484] ----D- C:\Program Files (x86)\Windows NT O43 - CFD: 14/07/2009 - 17:24:10 - [4417800] ----D- C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 14/07/2009 - 07:32:42 - [189440] ----D- C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 14/07/2009 - 17:24:10 - [7009683] ----D- C:\Program Files (x86)\Windows Sidebar O43 - CFD: 15/07/2011 - 13:48:46 - [3925291] ----D- C:\Program Files (x86)\ZHPDiag O43 - CFD: 15/07/2011 - 08:50:06 - [171415886] ----D- C:\Program Files (x86)\Common Files\Adobe O43 - CFD: 14/07/2011 - 13:56:26 - [31517343] ----D- C:\Program Files (x86)\Common Files\Adobe AIR O43 - CFD: 14/07/2011 - 14:08:38 - [52831429] ----D- C:\Program Files (x86)\Common Files\Apple O43 - CFD: 14/07/2011 - 19:08:54 - [20542074] ----D- C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files (x86)\Common Files\Services O43 - CFD: 14/07/2009 - 05:20:10 - [41103783] ----D- C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 14/07/2009 - 17:24:10 - [10102259] ----D- C:\Program Files (x86)\Common Files\System O43 - CFD: 14/07/2011 - 14:01:04 - [85736494] ----D- C:\Program Files (x86)\Common Files\Windows Live ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.4CCCF4E865E29EC85C252885C658FCCB] - 15/07/2011 - 12:39:05 ---A- . (...) -- C:\TDSSKiller.2.5.11.0_15.07.2011_13.36.44_log.txt [65932] O44 - LFC:[MD5.24ECE41D4AECA0369449279F0165D28B] - 15/07/2011 - 12:30:49 ---A- . (...) -- C:\TDSSKiller.2.5.11.0_15.07.2011_13.26.25_log.txt [65932] O44 - LFC:[MD5.B8F51800FEFFFFFF57494E444F577E31] - 15/07/2011 - 12:23:03 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1074553] O44 - LFC:[MD5.D293465938AC1EC3C91A03D458111008] - 15/07/2011 - 11:54:01 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1524562] O44 - LFC:[MD5.7A322090A1AA0B1025C137D42A653945] - 15/07/2011 - 11:54:01 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [103568] O44 - LFC:[MD5.F009F53293481A532F0B5C1210FA6E9D] - 15/07/2011 - 11:54:01 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [127684] O44 - LFC:[MD5.4CF02A1BBC15949206EA1CE9C3A89C17] - 15/07/2011 - 11:54:01 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [607190] O44 - LFC:[MD5.5E2CB9BC464C545BCF1ADD3859209B81] - 15/07/2011 - 11:54:01 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [695004] O44 - LFC:[MD5.B8E392483A223417326437DC01AD763C] - 15/07/2011 - 11:35:11 ---A- . (...) -- C:\Windows\setupact.log [18434] O44 - LFC:[MD5.A7C914AE99ABA61894C746FC15D46B4D] - 15/07/2011 - 11:35:07 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.F5B91100D4597B9AC879A30830A9B3ED] - 14/07/2011 - 13:18:10 RSHA- . (...) -- C:\BOOTSECT.BAK [8192] O44 - LFC:[MD5.2320C2AC6577ECF1D4211F2D9BABE3DD] - 14/07/2011 - 12:52:55 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\SysNative\aswBoot.exe [238968] O44 - LFC:[MD5.0439C6170F7F6355BB5275C9CAA6050F] - 14/07/2011 - 12:49:37 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\Windows\avastSS.scr [40648] O44 - LFC:[MD5.2320C2AC6577ECF1D4211F2D9BABE3DD] - 14/07/2011 - 12:49:37 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\System32\aswBoot.exe [190016] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 14/07/2011 - 12:45:57 ---A- . (...) -- C:\Windows\ativpsrm.bin [0] O44 - LFC:[MD5.D63A0B0BF14E46F30D7F6D6C598FDA22] - 14/07/2011 - 12:44:54 ---A- . (...) -- C:\Windows\DPINST.LOG [7444] O44 - LFC:[MD5.49333ACC26AEA623D2DD5451E3D44748] - 14/07/2011 - 12:40:35 ---A- . (.AMD - CoInstaller DLL.) -- C:\Windows\SysNative\coinst.dll [55296] O44 - LFC:[MD5.D0AEFFE30104F2CE07F95F8DCF76F8B9] - 14/07/2011 - 12:40:35 ---A- . (.Advanced Micro Devices, Inc. - atiuxpag.dll.) -- C:\Windows\SysNative\atiuxp64.dll [36352] O44 - LFC:[MD5.906B542AA3AC86F3EBBA04B930E71CA5] - 14/07/2011 - 12:40:32 ---A- . (.Advanced Micro Devices, Inc. - Radeon Video Acceleration Universal Driver.) -- C:\Windows\SysNative\atiumd6a.dll [2716160] O44 - LFC:[MD5.4F43F38A245C57A5CAB6E88C67775D27] - 14/07/2011 - 12:40:31 ---A- . (.AMD - TMM Clone Control Module.) -- C:\Windows\SysNative\atitmm64.dll [120320] O44 - LFC:[MD5.5CEDBB24669508A1AD70A1FC75C7BAEA] - 14/07/2011 - 12:40:31 ---A- . (.ATI Technologies Inc. - atiumdag.dll.) -- C:\Windows\SysNative\atiumd64.dll [4801536] O44 - LFC:[MD5.296A2741FC3113BC3645BCC56361B1C1] - 14/07/2011 - 12:40:31 ---A- . (.Advanced Micro Devices, Inc. - atiu9pag.dll.) -- C:\Windows\SysNative\atiu9p64.dll [28160] O44 - LFC:[MD5.A869F9503A748CAA63739C820BFA5035] - 14/07/2011 - 12:40:30 ---A- . (.ATI Technologies, Inc. - ATI Desktop CWDDEDI DLL.) -- C:\Windows\SysNative\atipdl64.dll [420864] O44 - LFC:[MD5.4A6DB3B75728F319B6F0D6FD63717B2B] - 14/07/2011 - 12:40:25 ---A- . (.AMD - Multi-language DPPE DLL.) -- C:\Windows\SysNative\atimuixx.dll [12288] O44 - LFC:[MD5.FC3F8BE473E6136F2C04303D6F54E289] - 14/07/2011 - 12:40:25 ---A- . (.Advanced Micro Devices, Inc. - ATI OpenGL driver.) -- C:\Windows\SysNative\atio6axx.dll [18845696] O44 - LFC:[MD5.A96D2103DBA7873D1E6842D81C7FC310] - 14/07/2011 - 12:40:25 ---A- . (.Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) -- C:\Windows\SysNative\amdpcom64.dll [53248] O44 - LFC:[MD5.A96D2103DBA7873D1E6842D81C7FC310] - 14/07/2011 - 12:40:25 ---A- . (.Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) -- C:\Windows\SysNative\atimpc64.dll [53248] O44 - LFC:[MD5.2ECE44B8D51C5D6EBCEB81974AC93661] - 14/07/2011 - 12:40:23 ---A- . (.Advanced Micro Devices, Inc. - atiglpxx.dll.) -- C:\Windows\SysNative\atiglpxx.dll [12800] O44 - LFC:[MD5.2ECE44B8D51C5D6EBCEB81974AC93661] - 14/07/2011 - 12:40:23 ---A- . (.Advanced Micro Devices, Inc. - atiglpxx.dll.) -- C:\Windows\System32\atiglpxx.dll [12800] O44 - LFC:[MD5.9898644AE3F60F6F6DCA8CCE400F900D] - 14/07/2011 - 12:40:22 ---A- . (.AMD - AMD External Events Client Module.) -- C:\Windows\SysNative\atieclxx.exe [450560] O44 - LFC:[MD5.D865F8ABFF031563E860D16A38BD5A35] - 14/07/2011 - 12:40:22 ---A- . (.AMD - AMD External Events Service Module.) -- C:\Windows\SysNative\atiesrxx.exe [202752] O44 - LFC:[MD5.5B3995563503A13AACE2F775C7D39C6E] - 14/07/2011 - 12:40:22 ---A- . (.ATI Technologies, Inc. - atiedu64.) -- C:\Windows\SysNative\atiedu64.dll [59392] O44 - LFC:[MD5.2450713A9CD652447E55EED02317DEE0] - 14/07/2011 - 12:40:22 ---A- . (.Advanced Micro Devices, Inc. - atigktxx.dll.) -- C:\Windows\SysNative\atig6txx.dll [16896] O44 - LFC:[MD5.F047DC4C8C7897D203CD6198C32F540D] - 14/07/2011 - 12:40:22 ---A- . (.Advanced Micro Devices, Inc. - atiglpxx.dll.) -- C:\Windows\SysNative\atig6pxx.dll [14848] O44 - LFC:[MD5.A24D34AFFB187143DEA7CCB70261A9E4] - 14/07/2011 - 12:40:21 ---A- . (.ATI Technologies Inc. - atidxx64.dll.) -- C:\Windows\SysNative\atidxx64.dll [3800064] O44 - LFC:[MD5.2B62BC1B028E08449BB8FA88A8B65B1F] - 14/07/2011 - 12:40:20 ---A- . (.Advanced Micro Devices Inc. - ATI CAL runtime.) -- C:\Windows\SysNative\aticalrt64.dll [43008] O44 - LFC:[MD5.077F64F129044B841EE2981286129781] - 14/07/2011 - 12:40:20 ---A- . (.Advanced Micro Devices, Inc. - Graphics DEM.) -- C:\Windows\SysNative\ATIDEMGX.dll [446464] O44 - LFC:[MD5.0389095493BD48669D5F3BCBCE9CD88A] - 14/07/2011 - 12:40:19 ---A- . (.Advanced Micro Devices Inc. - ATI CAL DD.) -- C:\Windows\SysNative\aticaldd64.dll [4781568] O44 - LFC:[MD5.D4BB61CBF4DAD6A4E7166B11CD7EC6DD] - 14/07/2011 - 12:40:18 ---A- . (.Advanced Micro Devices Inc. - ATI CAL compiler runtime.) -- C:\Windows\SysNative\aticalcl64.dll [39936] O44 - LFC:[MD5.749584902AE80A53EFDA4F8FA03E1713] - 14/07/2011 - 12:40:18 ---A- . (.Advanced Micro Devices, Inc. - ATIBRTMON.) -- C:\Windows\SysNative\atibtmon.exe [118784] O44 - LFC:[MD5.D54350BE1D5C9EA4038E5F50CF601C6E] - 14/07/2011 - 12:40:18 ---A- . (.Advanced Micro Devices, Inc. - atiapfxx Application.) -- C:\Windows\SysNative\atiapfxx.exe [143360] O44 - LFC:[MD5.AAD73A0043BB148C02E743ED5A395905] - 14/07/2011 - 12:40:17 ---A- . (.Advanced Micro Devices, Inc. - ADL.) -- C:\Windows\SysNative\atiadlxx.dll [330752] O44 - LFC:[MD5.B85EC97A9E5520F61E36E3462702719C] - 14/07/2011 - 12:35:15 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [274464] O44 - LFC:[MD5.8620EAA228235C7CC7FBC1DDCC230AB7] - 14/07/2011 - 12:30:48 ---A- . (...) -- C:\Windows\setuperr.log [269] O44 - LFC:[MD5.C3727A0867CFC3E057080C321DB58A15] - 14/07/2011 - 12:23:53 ---A- . (...) -- C:\Windows\SysNative\license.rtf [57704] O44 - LFC:[MD5.C3727A0867CFC3E057080C321DB58A15] - 14/07/2011 - 12:23:53 ---A- . (...) -- C:\Windows\System32\license.rtf [57704] O44 - LFC:[MD5.64E2297E57BFA49F02DB6C2E22DB2625] - 14/07/2011 - 12:23:16 ---A- . (...) -- C:\Windows\DtcInstall.log [1774] O44 - LFC:[MD5.83F8CEAB6312A2818C9F3BC60BF3FE2D] - 14/07/2011 - 12:23:08 ---A- . (...) -- C:\Windows\TSSysprep.log [1313] O44 - LFC:[MD5.4404A2E798CC4873E6817E53DF04CC02] - 13/07/2011 - 23:34:58 ---A- . (...) -- C:\wubildr [88172] O44 - LFC:[MD5.A006962D317FDCF218A9841B6B8AE391] - 13/07/2011 - 21:22:42 ---A- . (...) -- C:\wubildr.mbr [8192] O44 - LFC:[MD5.F4E670ACCAA449D9D8550BD2007511D0] - 13/07/2011 - 18:17:54 ---A- . (...) -- C:\.rnd [1024] O44 - LFC:[MD5.583CFED933594C40EC3C9D8143E31651] - 01/07/2011 - 14:15:21 ---A- . (...) -- C:\Webcam.log [168] O44 - LFC:[MD5.BC2FEB091B9B2F87DB85DC0BE0B05D30] - 01/07/2011 - 13:29:21 ---A- . (...) -- C:\RHDSetup.log [3274] O44 - LFC:[MD5.D15E0F00BC63509544FC916E71C11436] - 24/06/2011 - 14:04:58 ---A- . (.Oracle Corporation - VirtualBox Bridged Networking Driver Notify.) -- C:\Windows\SysNative\VBoxNetFltNotify.dll [320816] O44 - LFC:[MD5.F136DAA6C1DCD8AE3F5247DE1E8DAF3E] - 29/03/2010 - 07:45:26 ---A- . (...) -- C:\Windows\SysNative\atiapfxx.blb [33616] O44 - LFC:[MD5.7BDF3220693B7CD84DB8BE7FFF6CE46E] - 29/03/2010 - 07:03:54 ---A- . (...) -- C:\Windows\SysNative\atiumd6a.cap [511072] O44 - LFC:[MD5.54E65E18DEECE6C5C4F3EFCD31691D49] - 24/03/2010 - 10:25:28 ---A- . (...) -- C:\Windows\SysNative\atipblag.dat [2093] O44 - LFC:[MD5.54E65E18DEECE6C5C4F3EFCD31691D49] - 24/03/2010 - 10:25:28 ---A- . (...) -- C:\Windows\System32\atipblag.dat [2093] O44 - LFC:[MD5.7BA2CC286C6696EBBBBD2B1ABFAD9458] - 02/03/2010 - 14:57:12 ---A- . (...) -- C:\Windows\atiogl.xml [20692] O44 - LFC:[MD5.04D4FDCAFA31B69F256FD5880576444C] - 25/02/2010 - 13:55:48 ---A- . (...) -- C:\Windows\SysNative\atiicdxx.dat [201875] ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"wdmaud.drv"="Pilote de fonction UAA 1.1 Microsoft pour High Definition Audio" . (...) -- (.not file.) ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0 ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 10/06/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [491088] O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 13/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339536] O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 13/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [182864] O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15440] O58 - SDL:[MD5.7A4B413614C055935567CF88A9734D38] - 10/06/2009 - 02:52:21 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [106576] O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 10/06/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys [194128] O58 - SDL:[MD5.B4AD0CACBAB298671DD6F6EF7E20679D] - 13/07/2009 - 02:52:21 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [28752] O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 13/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [87632] O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 13/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [97856] O58 - SDL:[MD5.F810E3EA3D1F3C3BA26F2F4719BDCA4F] - 14/07/2011 - 14:54:58 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\Windows\system32\drivers\aswFsBlk.sys [22360] O58 - SDL:[MD5.3687FD9CEDF56D3B9F18923F4E14F3F9] - 14/07/2011 - 14:55:05 ---A- . (.AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) -- C:\Windows\system32\drivers\aswMonFlt.sys [64344] O58 - SDL:[MD5.E99E48596B35E5D5240104BCD61B3471] - 14/07/2011 - 14:55:13 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\Windows\system32\drivers\aswRdr.sys [31064] O58 - SDL:[MD5.84AD8FB3FD2EFA52D8599A0028BBB6FE] - 14/07/2011 - 14:57:01 ---A- . (.AVAST Software - avast! Virtualization Driver.) -- C:\Windows\system32\drivers\aswSnx.sys [505176] O58 - SDL:[MD5.8CBA6CC5DCA9E3829F1792BF98F06901] - 14/07/2011 - 14:57:04 ---A- . (.AVAST Software - avast! self protection module.) -- C:\Windows\system32\drivers\aswSP.sys [280408] O58 - SDL:[MD5.184248F2DED7B1641C7F3B30381BAA2A] - 14/07/2011 - 14:55:53 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\Windows\system32\drivers\aswTdi.sys [53592] O58 - SDL:[MD5.E857EEE6B92AAA473EBB3465ADD8F7E7] - 20/06/2009 - 03:09:57 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\system32\drivers\athrx.sys [1394688] O58 - SDL:[MD5.83418F6EE5A81DDDD8E248FCBFC99AF6] - 14/07/2011 - 07:51:38 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atikmdag.sys [6405632] O58 - SDL:[MD5.7E58B5E1DEAA70BD46997068DF06B4E3] - 14/07/2011 - 06:46:28 ---A- . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) -- C:\Windows\system32\drivers\atikmpag.sys [188928] O58 - SDL:[MD5.C07A040D6B5A42DD41EE386CF90974C8] - 14/07/2011 - 16:55:32 ---A- . (.Advanced Micro Devices Inc. - AMD PCIE Filter Driver for ATI PCIE chipset.) -- C:\Windows\system32\drivers\AtiPcie.sys [16440] O58 - SDL:[MD5.83418F6EE5A81DDDD8E248FCBFC99AF6] - 14/07/2011 - 07:51:38 ---A- . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) -- C:\Windows\system32\drivers\atipmdag.sys [6405632] O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 10/06/2009 - 21:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys [270848] O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 14/07/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432] O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 14/07/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704] O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 14/07/2009 - 02:19:07 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [286720] O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 14/07/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104] O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 14/07/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976] O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 14/07/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720] O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 10/06/2009 - 21:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys [468480] O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 14/07/2009 - 02:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [17488] O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 10/06/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [530496] O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 10/06/2009 - 21:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys [3286016] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 14/07/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.0886D440058F203EBA0E1825E4355914] - 13/07/2009 - 02:47:48 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [77888] O58 - SDL:[MD5.D83EFB6FD45DF9D55E9A1AFC63640D50] - 10/06/2009 - 02:48:04 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys [410688] O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 13/07/2009 - 02:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44112] O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 13/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [114752] O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 13/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [106560] O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 13/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [65600] O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 13/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [115776] O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 10/06/2009 - 02:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys [35392] O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 13/07/2009 - 02:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [284736] O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 13/07/2009 - 02:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51264] O58 - SDL:[MD5.3E38712941E9BB4DDBEE00AFFE3FED3D] - 13/07/2009 - 02:48:27 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [149056] O58 - SDL:[MD5.477DC4D6DEB99BE37084C9AC6D013DA1] - 10/06/2009 - 02:45:45 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [167488] O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 10/06/2009 - 02:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1524816] O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 13/07/2009 - 02:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [128592] O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 14/07/2009 - 21:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040] O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 10/06/2009 - 02:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [43584] O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 13/07/2009 - 02:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [80464] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [24656] O58 - SDL:[MD5.2C780746DC44A28FE67004DC58173F05] - 14/07/2011 - 01:26:36 ---A- . (.Advanced Micro Devices - AMD USB Filter Driver.) -- C:\Windows\system32\drivers\usbfilter.sys [38456] O58 - SDL:[MD5.F8899654688AF11B5E8DDF9ED53CB72E] - 15/07/2011 - 14:04:58 ---A- . (.Oracle Corporation - VirtualBox Support Driver.) -- C:\Windows\system32\drivers\VBoxDrv.sys [219440] O58 - SDL:[MD5.01F5FF577CA9D3555941C5C266AF4385] - 15/07/2011 - 14:05:00 ---A- . (.Oracle Corporation - VirtualBox Host-Only Network Adapter Driver.) -- C:\Windows\system32\drivers\VBoxNetAdp.sys [144688] O58 - SDL:[MD5.2666D93096570F92346E3117B9C051E8] - 15/07/2011 - 14:05:00 ---A- . (.Oracle Corporation - VirtualBox Bridged Networking Driver.) -- C:\Windows\system32\drivers\VBoxNetFlt.sys [164656] O58 - SDL:[MD5.92D8DB75837262E3811DFABF80DC08E0] - 15/07/2011 - 14:05:00 ---A- . (.Oracle Corporation - VirtualBox USB Monitor Driver.) -- C:\Windows\system32\drivers\VBoxUSBMon.sys [44848] O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [17488] O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 10/06/2009 - 02:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [161872] ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %* O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %* O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (.Microsoft Corporation - Windows Control Panel.) -- "%1" %* O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.6D9E5361414A404F62DC249F2AADC327] [SPRF][31/01/2008] (.Pas de propriétaire - 7-zip32.) -- C:\Users\Alexis\AppData\Local\Temp\7-zip32.dll [506880] [MD5.1B847E3B584D224A6472231528624AD3] [SPRF][14/07/2011] (.Adobe Systems Inc. - Adobe AIR Installer.) -- C:\Users\Alexis\AppData\Local\Temp\AdobeAIRInstaller.exe [12989728] [MD5.22A5357AACD6728149F6CA6EE4D721C2] [SPRF][15/07/2011] (.Microsoft Corporation - Self-Extracting Cabinet.) -- C:\Users\Alexis\AppData\Local\Temp\IPx64_1036.exe [30272912] [MD5.BB97B0C74FE44C77992033C9961A61B8] [SPRF][12/04/2011] (...) -- C:\Users\Alexis\Desktop\ZHP_uninstall.exe [344169] ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.) O87 - FAEL: "FPS-SpoolSvc-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\spoolsv.exe (.not file.) O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" |Out - Domain - P6 - TRUE | .(...) -- C:\Windows\system32\lsass.exe (.not file.) O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.) O87 - FAEL: "RemoteSvcAdmin-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\services.exe (.not file.) O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "{5F979347-3042-4445-B529-7D693B7DB92C}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O87 - FAEL: "{BC3BBFB8-AC05-43EA-A173-12BF4034419B}" | In - Public - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe O87 - FAEL: "{2AFA8CEB-E15D-40BE-A6A5-52C9B1CE1DCD}" | In - Public - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 30/12/1899 0 | (AMD External Events Utility) . (.AMD.) - C:\Windows\system32\atiesrxx.exe SR - | Auto 23/02/2011 42184 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 14/07/2011 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Alexis at 15/07/2011 13:50:24 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR End of the scan (701 lines in 01mn 58s)(0)