Votre question

[NON Résolu]TR/Starter.Y detecté dans ma clef usb

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
31 Août 2011 23:58:31

antivir trouve des TR/Starter.Y et des EXP/CVE-2010-2568.A
sous un dossier RECYCLER qui se met automatiquement dans ma clef USB
J ai formaté ma clef usb mais rien a faire, puis je l ai est mis en quarantaine
mais ils reviennent a chaque fois

que faire?

merci


Premium Security Suite
Date de création du fichier de rapport : mercredi 31 août 2011 23:56

La recherche porte sur 3316559 souches de virus.

Le programme fonctionne en version intégrale illimitée.
Les services en ligne sont disponibles.

Détenteur de la licence : Ghayyurious .
Numéro de série : 2215609619-ISECE-0000001
Plateforme : Windows 7 x64
Version de Windows : (Service Pack 1) [6.1.7601]
Mode Boot : Démarré normalement
Identifiant : LAURA - REMY
Nom de l'ordinateur : LAURA-REMY-PC

Informations de version :
BUILD.DAT : 10.2.0.141 Bytes 26/07/2011 11:01:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 31/08/2011 11:22:43
AVSCAN.DLL : 10.0.5.0 56680 Bytes 31/08/2011 11:22:43
LUKE.DLL : 10.3.0.5 45416 Bytes 31/08/2011 11:22:44
LUKERES.DLL : 10.0.0.0 13672 Bytes 11/04/2011 09:56:27
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 31/08/2011 11:22:44
AVREG.DLL : 10.3.0.9 88833 Bytes 31/08/2011 11:22:44
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 09:56:18
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 09:56:19
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 17:01:35
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 17:01:39
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07/07/2011 17:01:41
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16/08/2011 11:39:08
VBASE007.VDF : 7.11.13.61 2048 Bytes 16/08/2011 11:39:08
VBASE008.VDF : 7.11.13.62 2048 Bytes 16/08/2011 11:39:09
VBASE009.VDF : 7.11.13.63 2048 Bytes 16/08/2011 11:39:09
VBASE010.VDF : 7.11.13.64 2048 Bytes 16/08/2011 11:39:09
VBASE011.VDF : 7.11.13.65 2048 Bytes 16/08/2011 11:39:09
VBASE012.VDF : 7.11.13.66 2048 Bytes 16/08/2011 11:39:09
VBASE013.VDF : 7.11.13.95 166400 Bytes 17/08/2011 11:39:10
VBASE014.VDF : 7.11.13.125 209920 Bytes 18/08/2011 16:23:10
VBASE015.VDF : 7.11.13.157 184832 Bytes 22/08/2011 19:28:46
VBASE016.VDF : 7.11.13.201 128000 Bytes 24/08/2011 19:28:46
VBASE017.VDF : 7.11.13.234 160768 Bytes 25/08/2011 20:50:58
VBASE018.VDF : 7.11.14.16 141312 Bytes 30/08/2011 11:22:43
VBASE019.VDF : 7.11.14.17 2048 Bytes 30/08/2011 11:22:43
VBASE020.VDF : 7.11.14.18 2048 Bytes 30/08/2011 11:22:43
VBASE021.VDF : 7.11.14.19 2048 Bytes 30/08/2011 11:22:43
VBASE022.VDF : 7.11.14.20 2048 Bytes 30/08/2011 11:22:43
VBASE023.VDF : 7.11.14.21 2048 Bytes 30/08/2011 11:22:43
VBASE024.VDF : 7.11.14.22 2048 Bytes 30/08/2011 11:22:43
VBASE025.VDF : 7.11.14.23 2048 Bytes 30/08/2011 11:22:43
VBASE026.VDF : 7.11.14.24 2048 Bytes 30/08/2011 11:22:43
VBASE027.VDF : 7.11.14.25 2048 Bytes 30/08/2011 11:22:43
VBASE028.VDF : 7.11.14.26 2048 Bytes 30/08/2011 11:22:43
VBASE029.VDF : 7.11.14.27 2048 Bytes 30/08/2011 11:22:43
VBASE030.VDF : 7.11.14.28 2048 Bytes 30/08/2011 11:22:43
VBASE031.VDF : 7.11.14.39 92672 Bytes 31/08/2011 11:22:43
Version du moteur : 8.2.6.50
AEVDF.DLL : 8.1.2.1 106868 Bytes 11/04/2011 09:55:40
AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 27/08/2011 20:51:04
AESCN.DLL : 8.1.7.2 127349 Bytes 11/04/2011 09:55:35
AESBX.DLL : 8.2.1.34 323957 Bytes 07/07/2011 17:01:51
AERDL.DLL : 8.1.9.13 639349 Bytes 15/07/2011 08:09:25
AEPACK.DLL : 8.2.10.9 684406 Bytes 31/08/2011 11:22:43
AEOFFICE.DLL : 8.1.2.13 201083 Bytes 30/07/2011 18:18:44
AEHEUR.DLL : 8.1.2.161 3641720 Bytes 27/08/2011 20:51:02
AEHELP.DLL : 8.1.17.7 254327 Bytes 30/07/2011 18:18:36
AEGEN.DLL : 8.1.5.9 401780 Bytes 27/08/2011 20:51:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/04/2011 09:55:21
AECORE.DLL : 8.1.23.0 196983 Bytes 27/08/2011 20:50:59
AEBB.DLL : 8.1.1.0 53618 Bytes 11/04/2011 09:55:21
AVWINLL.DLL : 10.0.0.0 19304 Bytes 11/04/2011 09:55:52
AVPREF.DLL : 10.0.3.2 44904 Bytes 31/08/2011 11:22:43
AVREP.DLL : 10.0.0.10 174120 Bytes 07/07/2011 17:01:53
AVARKT.DLL : 10.0.26.1 255336 Bytes 31/08/2011 11:22:43
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 31/08/2011 11:22:43
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:28:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 11/04/2011 09:55:50
NETNT.DLL : 10.0.0.0 11624 Bytes 11/04/2011 09:56:10
RCIMAGE.DLL : 10.0.0.33 2901352 Bytes 31/08/2011 11:22:43
RCTEXT.DLL : 10.0.63.0 100200 Bytes 31/08/2011 11:22:43

Configuration pour la recherche actuelle :
Nom de la tâche...............................: Sélection manuelle
Fichier de configuration......................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\folder.avp
Documentation.................................: intégral
Action principale.............................: interactif
Action secondaire.............................: ignorer
Recherche sur les secteurs d'amorçage maître..: marche
Recherche sur les secteurs d'amorçage.........: marche
Secteurs d'amorçage...........................: G:,
Recherche dans les programmes actifs..........: marche
Recherche en cours sur l'enregistrement.......: marche
Recherche de Rootkits.........................: arrêt
Contrôle d'intégrité de fichiers système......: arrêt
Fichier mode de recherche.....................: Sélection de fichiers intelligente
Recherche sur les archives....................: marche
Limiter la profondeur de récursivité..........: 20
Archive Smart Extensions......................: marche
Heuristique de macrovirus.....................: marche
Heuristique fichier...........................: avancé

Début de la recherche : mercredi 31 août 2011 23:56

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe>
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe>
Processus de recherche 'GoogleToolbarUser_32.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe>
Processus de recherche 'SpeedDiskSrvProxy.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe>
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Windows\SysWOW64\svchost.exe>
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Windows\SysWOW64\svchost.exe>
Processus de recherche 'IELowutil.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Program Files (x86)\Internet Explorer\ielowutil.exe>
Processus de recherche 'DVDAgent.exe' - '1' module(s) sont contrôlés
Module OK -> <c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe>
Processus de recherche 'hpqToaster.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe>
Processus de recherche 'DivXUpdate.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe>
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe>
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe>
Processus de recherche 'hpwuschd2.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe>
Processus de recherche 'QLBCTRL.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe>
Processus de recherche 'LightScribeControlPanel.exe' - '1' module(s) sont contrôlés
Module OK -> <C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe>

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !
[AVERTISSEMENT] Erreur système [5]: Accès refusé.
[INFO] Veuillez relancer la recherche avec les droits d'administrateur
Secteur d'amorçage maître HD1
[INFO] Aucun virus trouvé !
[AVERTISSEMENT] Erreur système [5]: Accès refusé.
[INFO] Veuillez relancer la recherche avec les droits d'administrateur

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'G:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence :
C:\Program Files (x86)\Avira\AntiVir Desktop\
avsda.dll
[INFO] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\00000001
C:\Windows\system32\
mswsock.dll
[INFO] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\00000003
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\
armsvc.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AdobeARMservice\ImagePath
C:\Windows\system32\
svchost.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AeLookupSvc\ImagePath
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\
AESTSr64.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AESTFilters\ImagePath
C:\Program Files (x86)\Avira\AntiVir Desktop\
avfwsvc.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntiVirFirewallService\ImagePath
C:\Program Files (x86)\Avira\AntiVir Desktop\
avmailc.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntiVirMailService\ImagePath
C:\Program Files (x86)\Avira\AntiVir Desktop\
sched.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntiVirSchedulerService\ImagePath
C:\Program Files (x86)\Avira\AntiVir Desktop\
avguard.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntiVirService\ImagePath
C:\Program Files (x86)\Avira\AntiVir Desktop\
AVWEBGRD.EXE
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntiVirWebService\ImagePath
C:\Windows\system32\DRIVERS\
avfwot.sys
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avfwot\ImagePath
C:\Windows\Microsoft.NET\Framework\v2.0.50727\
mscorsvw.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\clr_optimization_v2.0.50727_32\ImagePath
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\
mscorsvw.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\clr_optimization_v2.0.50727_64\ImagePath
C:\Windows\Microsoft.NET\Framework\v4.0.30319\
mscorsvw.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\clr_optimization_v4.0.30319_32\ImagePath
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
mscorsvw.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\clr_optimization_v4.0.30319_64\ImagePath
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\
Com4QLBEx.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Com4QLBEx\ImagePath
C:\Windows\system32\
dllhost.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\COMSysApp\ImagePath
C:\Windows\system32\
cryptsvc.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CryptSvc\Parameters\ServiceDll
C:\Windows\system32\
dhcpcore.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Dhcp\Parameters\ServiceDll
C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\
DiskDoctorSrv.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DiskDoctorService\ImagePath
C:\Windows\ehome\
ehRecvr.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ehRecvr\ImagePath
C:\Windows\ehome\
ehsched.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ehSched\ImagePath
C:\Windows\system32\
es.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventSystem\Parameters\ServiceDll
C:\Windows\System32\
ezsvc7.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ezSharedSvc\Parameters\ServiceDll
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\
PresentationFontCache.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FontCache3.0.0.0\ImagePath
C:\Program Files (x86)\HP Games\HP Game Console\
GameConsoleService.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GameConsoleService\ImagePath
C:\Program Files (x86)\Google\Update\
GoogleUpdate.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gupdate\ImagePath
C:\Program Files (x86)\Google\Common\Google Updater\
GoogleUpdaterService.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gusvc\ImagePath
C:\Windows\system32\
hidserv.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hidserv\Parameters\ServiceDll
C:\Windows\system32\
provsvc.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HomeGroupProvider\Parameters\ServiceDll
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\
hphc_service.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HP Health Check Service\ImagePath
C:\Program Files (x86)\Hewlett-Packard\Shared\
hpqwmiex.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\hpqwmiex\ImagePath
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\
infocard.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\idsvc\ImagePath
C:\Program Files (x86)\Common Files\LightScribe\
LSSrvc.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LightScribeService\ImagePath
C:\Program Files (x86)\Malwarebytes' Anti-Malware\
mbamservice.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MBAMService\ImagePath
C:\Program Files (x86)\McAfee Security Scan\2.0.181\
McCHSvc.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\McComponentHostService\ImagePath
C:\Program Files (x86)\Microsoft Office\Office14\
GROOVE.EXE
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Microsoft SharePoint Workspace Audit Service\ImagePath
C:\Windows\system32\
msiexec.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msiserver\ImagePath
C:\Windows\System32\
netprofm.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netprofm\Parameters\ServiceDll
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\
SMSvcHost.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NetTcpPortSharing\ImagePath
C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\
OSE.EXE
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ose\ImagePath
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\
OSPPSVC.EXE
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\osppsvc\ImagePath
C:\Windows\SysWow64\
perfhost.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PerfHost\ImagePath
C:\Windows\system32\
pla.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pla\Parameters\ServiceDll
C:\Windows\system32\
qwave.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QWAVE\Parameters\ServiceDll
C:\Windows\System32\
mprdim.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Parameters\ServiceDll
C:\Program Files (x86)\CyberLink\Shared files\
RichVideo.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RichVideo\ImagePath
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\
SeaPort.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SeaPort\ImagePath
C:\Windows\System32\
sens.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SENS\Parameters\ServiceDll
C:\Windows\system32\
sessenv.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SessionEnv\Parameters\ServiceDll
C:\Windows\System32\
shsvcs.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ShellHWDetection\Parameters\ServiceDll
C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\
SpeedDiskSrv.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SpeedDiskService\ImagePath
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\
STacSV64.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\STacSV\ImagePath
C:\Windows\system32\drivers\
SymSpeedDisk.sys
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SYMSpeedDisk\ImagePath
C:\Windows\System32\
tapisrv.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TapiSrv\Parameters\ServiceDll
C:\Windows\servicing\
TrustedInstaller.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TrustedInstaller\ImagePath
C:\Windows\System32\
upnphost.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\upnphost\Parameters\ServiceDll
C:\Windows\System32\
wcncsvc.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wcncsvc\Parameters\ServiceDll
C:\Windows\System32\
WcsPlugInService.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WcsPlugInService\Parameters\ServiceDll
C:\Windows\system32\
wdi.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WdiServiceHost\Parameters\ServiceDll
C:\Windows\System32\
webclnt.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WebClient\Parameters\ServiceDll
C:\Windows\system32\drivers\
wimmount.sys
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WIMMount\ImagePath
C:\Windows\system32\
winhttp.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinHttpAutoProxySvc\Parameters\ServiceDll
C:\Windows\system32\
WsmSvc.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinRM\Parameters\ServiceDll
C:\Windows\System32\
wpcsvc.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WPCSvc\Parameters\ServiceDll
C:\Windows\system32\
SearchIndexer.exe
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WSearch\ImagePath
C:\Windows\system32\
unregmp2.exe
[INFO] HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\StubPath
C:\Windows\SysWOW64\
ie4uinit.exe
[INFO] HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}\StubPath
C:\Windows\SysWOW64\
rundll32.exe
[INFO] HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\StubPath
C:\Program Files (x86)\Common Files\LightScribe\
LSRunOnce.exe
[INFO] HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}\StubPath
C:\Windows\system32\
regsvr32.exe
[INFO] HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\StubPath
C:\Windows\system32\
cmd.exe
[INFO] HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}\StubPath
C:\Program Files (x86)\Windows Mail\
WinMail.exe
[INFO] HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\StubPath
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
desktop.ini
[INFO] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common Startup
C:\Windows\SysWOW64\
mshta.exe
[INFO] HKEY_CLASSES_ROOT\htafile\Shell\Open\command
C:\Windows\system32\
NLAapi.dll
[INFO] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\LibraryPath
C:\Windows\system32\
napinsp.dll
[INFO] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\LibraryPath
C:\Windows\system32\
pnrpnsp.dll
[INFO] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\LibraryPath
C:\Windows\system32\
wshtcpip.dll
[INFO] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005\DisplayString
C:\Windows\System32\
winrnr.dll
[INFO] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006\LibraryPath
C:\Windows\system32\
msrle32.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.mrle
C:\Windows\system32\
msvidc32.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.msvc
C:\Windows\system32\
imaadp32.acm
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.imaadpcm
C:\Windows\system32\
msg711.acm
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msg711
C:\Windows\system32\
msgsm32.acm
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msgsm610
C:\Windows\system32\
msadp32.acm
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.msadpcm
C:\Windows\system32\
midimap.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\midimapper
C:\Windows\system32\
msacm32.drv
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wavemapper
C:\Windows\system32\
msyuv.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.uyvy
C:\Windows\system32\
iyuv_32.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.iyuv
C:\Windows\system32\
tsbyuv.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.yvu9
C:\Windows\SysWOW64\
l3codeca.acm
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.l3acm
C:\Windows\system32\
iccvid.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.cvid
C:\Windows\system32\
l3codecp.acm
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\msacm.l3codecp
C:\Windows\system32\
wdmaud.drv
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\wave1
C:\Windows\system32\
DivX.dll
[0] Type d'archive: Runtime Packed
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\vidc.DIVX
--> Object
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\
CLIStart.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartCCC
c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\
MUIStartMenu.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HPCam_Menu
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\
QlbCtrl.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\QlbCtrl.exe
C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\
MUIStartMenu.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdatePRCShortCut
C:\Program Files (x86)\Hp\HP Software Update\
HPWuSchd2.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HP Software Update
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\
HPWAMain.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WirelessAssistant
C:\Program Files (x86)\Avira\AntiVir Desktop\
avgnt.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\avgnt
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\
AdobeARM.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Adobe ARM
C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\
FLxHCIm.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\FLxHCIm
C:\Program Files (x86)\Common Files\Java\Java Update\
jusched.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
C:\Program Files (x86)\DivX\DivX Update\
DivXUpdate.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DivXUpdate
C:\Program Files (x86)\Microsoft Office\Office14\
BCSSync.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BCSSync
C:\Program Files (x86)\Malwarebytes' Anti-Malware\
mbam.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Malwarebytes' Anti-Malware (reboot)
C:\Windows\system32\
wmploc.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\LocalizedName
C:\Windows\SysWOW64\
iedkcs32.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\LocalizedName
C:\Windows\system32\
Java.EXE
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
C:\Program Files (x86)\Java\jre6\bin\
regutils.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}\KeyFileName
C:\Windows\system32\
themeui.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\LocalizedName
C:\Windows\system32\
msieftp.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}\KeyFileName
C:\Windows\system32\
shell32.dll
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\LocalizedName
C:\Windows\system32\
clbcatq.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\clbcatq
C:\Windows\system32\
ole32.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\ole32
C:\Windows\system32\
advapi32.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\advapi32
C:\Windows\system32\
COMDLG32.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\COMDLG32
C:\Windows\system32\
gdi32.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\gdi32
C:\Windows\system32\
IERTUTIL.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\IERTUTIL
C:\Windows\system32\
IMAGEHLP.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\IMAGEHLP
C:\Windows\system32\
IMM32.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\IMM32
C:\Windows\system32\
kernel32.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\kernel32
C:\Windows\system32\
LPK.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\LPK
C:\Windows\system32\
MSCTF.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\MSCTF
C:\Windows\system32\
MSVCRT.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\MSVCRT
C:\Windows\system32\
NORMALIZ.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\NORMALIZ
C:\Windows\system32\
NSI.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\NSI
C:\Windows\system32\
OLEAUT32.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\OLEAUT32
C:\Windows\system32\
PSAPI.DLL
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\PSAPI
C:\Windows\system32\
rpcrt4.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\rpcrt4
C:\Windows\system32\
sechost.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\sechost
C:\Windows\system32\
Setupapi.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\Setupapi
C:\Windows\system32\
SHLWAPI.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\SHLWAPI
C:\Windows\system32\
URLMON.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\URLMON
C:\Windows\system32\
user32.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\user32
C:\Windows\system32\
USP10.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\USP10
C:\Windows\system32\
WININET.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\WININET
C:\Windows\system32\
WLDAP32.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\WLDAP32
C:\Windows\system32\
WS2_32.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\WS2_32
C:\Windows\system32\
difxapi.dll
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDlls\DifxApi
C:\Windows\system32\
scecli.DLL
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Notification Packages
C:\Windows\system32\
kerberos.DLL
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Security Packages
C:\Windows\system32\
msv1_0.DLL
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Security Packages
C:\Windows\system32\
schannel.DLL
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Security Packages
C:\Windows\system32\
wdigest.DLL
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Security Packages
C:\Windows\system32\
tspkg.DLL
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Security Packages
C:\Windows\system32\
pku2u.DLL
[INFO] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Security Packages
C:\Windows\system32\
userinit.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\Windows\system32\
explorer.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
C:\Windows\
explorer.exe
[INFO] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
C:\Program Files (x86)\Common Files\LightScribe\
LightScribeControlPanel.exe
[INFO] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LightScribe Control Panel
C:\Program Files (x86)\Google\GoogleToolbarNotifier\
GoogleToolbarNotifier.exe
[INFO] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\swg
C:\Users\LAURA - REMY\AppData\Local\rynchqow\
afcortxk.exe
[INFO] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AfcOrtxk
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Tentative en cours de contrôle du fichier à l'aide du pilote d'instantané.
Le registre a été contrôlé ( '156' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'G:\' <HP V210W>
G:\
autorun.inf
Copy of Shortcut to (2).lnk
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Tentative en cours de contrôle du fichier à l'aide du pilote d'instantané.
[AVERTISSEMENT] Impossible de créer l'instantané.
[AVERTISSEMENT] Erreur système [-2147212532]:
Copy of Shortcut to (3).lnk
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Tentative en cours de contrôle du fichier à l'aide du pilote d'instantané.
[AVERTISSEMENT] Impossible de créer l'instantané.
[AVERTISSEMENT] Erreur système [-2147212532]:
Copy of Shortcut to (4).lnk
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Tentative en cours de contrôle du fichier à l'aide du pilote d'instantané.
[AVERTISSEMENT] Impossible de créer l'instantané.
[AVERTISSEMENT] Erreur système [-2147212522]:
G:\RECYCLER\S-5-3-87-7677524027-0785688512-381707861-2624\
jLMedMsF.exe
byMaIkjl.exe
cUfGWhhu.exe
eXaCiZWO.exe
MrXMkvQw.exe
lMNxcSOh.exe
ZiYPExxG.exe
tCTAXVCc.exe
YEYAoKqT.exe
ZsAlkpfY.exe
CWoKvlGY.exe
KRZerGmS.exe
GKjTTWKT.exe
urgdtRdv.exe
OnLIekcs.cpl
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Tentative en cours de contrôle du fichier à l'aide du pilote d'instantané.
[AVERTISSEMENT] Impossible de créer l'instantané.
[AVERTISSEMENT] Erreur système [-2147212532]:
PMvgFZZu.exe
XkvPSvMm.exe
XxUDApVk.exe
BbVjsEvQ.exe
LFJBwMsw.exe
eEyGLKrc.exe
eGtTcyWH.exe
FTOaegKU.exe
OOGvfpBr.exe
vInaNlSA.exe
birjNGQG.exe
uSldWrDy.exe
gBHAZqno.exe
rjAvvQgJ.exe
mDVkjkOB.exe
dxtbShNW.exe
qykIoyGy.exe
NHKBIhOG.exe
BSMgwAhL.exe
eAQSclHK.exe
aygLAUpx.exe
gruHWwkS.cpl
[RESULTAT] Contient le cheval de Troie TR/Starter.Y
cXdKrxtK.exe
RUJLffSY.exe
mJRNbhkb.exe
chjdFmpP.exe
EtyAdYmb.exe
SoQTSBig.exe
QNemTcLo.exe
IMJINAcq.exe
xDbwMnyd.exe
XXPALjuQ.exe
PUcYDNTE.exe
KMBwSigL.exe
sHVfFhOM.exe
idSbyTYQ.exe
KLLTuqVn.exe
NLwZrHVf.cpl
[RESULTAT] Contient le cheval de Troie TR/Starter.Y
LuRGEvmS.exe
fEkhVssb.exe
cgXnSkki.exe
JtqHxgyR.exe
KZDCZSql.exe
UjLGMrJS.exe
CXEZeVNZ.exe
mCUbGxZC.exe
weIHsmUr.exe
kwwxCGrd.exe
PjMjkFkV.exe
QWncwYxM.exe
ugfCBpjW.exe
IiUpCRoT.exe
ZxwWlcBg.exe
BoWevWHA.exe
pwGqlbnS.cpl
[RESULTAT] Contient le cheval de Troie TR/Starter.Y
VTSxVQkA.exe
obbNCHdr.exe
rPkQxjdi.exe
ieScEvsS.exe
bjshbONQ.exe
sentkyMM.exe
ixMYmipx.exe
NklIGvDr.cpl
[RESULTAT] Contient le cheval de Troie TR/Starter.Y
pvaxHWRa.exe
bGRYVHbB.exe
uRprEFZX.exe
AAWvtdHZ.exe
UxrIlPaL.exe
ghFRaRwI.exe
uEcOSguL.exe
OHcVWGuu.exe
fdiNTTZD.exe
tnuvsWoD.exe
IIeqFMGN.exe
ljySZyMp.exe
LTkrsdRu.exe
KkjCfyFi.exe
StWULMBk.exe
EdcTepbV.cpl
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Tentative en cours de contrôle du fichier à l'aide du pilote d'instantané.
[AVERTISSEMENT] Impossible de créer l'instantané.
[AVERTISSEMENT] Erreur système [-2147212532]:
niSTePDj.exe
NLPxTMOQ.exe
OrDaVSPy.exe
INSNaZBV.cpl
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
[REMARQUE] Tentative en cours de contrôle du fichier à l'aide du pilote d'instantané.
[AVERTISSEMENT] Impossible de créer l'instantané.
[AVERTISSEMENT] Erreur système [-2147212532]:
qwapKbbP.exe
oxhSAqoL.exe
QwpvDwkH.exe
poDopQGZ.exe
AZhnvUvy.exe
LbXJqahf.exe
bvPaWPcn.exe
gxkdpDkM.exe
JGvwRrwF.exe
HrwgdMsh.exe
sjhxGFDc.exe
OjTDwOOf.exe
ypwhuGPB.exe
EOitYEod.exe
RdRnfQGU.exe
lMVbndjn.exe
HYsWjBrk.exe
CeeMYDTK.exe
oVyhIpvn.exe
yHsqQvcT.exe
lpBcOaRW.exe
vxNVpqGC.exe
heOBTlUX.exe
OadRCTUc.exe
ZrPVgjVp.exe
LDCjZGMS.exe
WAPvNTjs.exe
uyXFYQyc.exe
tKcAUNri.exe
SJYMVjhx.exe
XQjiskyc.exe
KlaNeGNr.exe
CfMOqxUO.exe
rLCBbhWc.exe
TjReMbPt.exe
IRnBupnw.exe
gqTHmryR.exe
TVyJjWRy.exe
YrEmmitv.exe
FvRZWQdf.exe
bRuixrVy.exe
LEnWRJxA.exe
tSgXAYqy.exe
MEkisaPD.exe
ywWwCQLK.exe
xHvMYfpQ.exe
mhipiVie.exe
XCqmAjqy.exe
jfDFUSqu.exe
xjPdPsBd.exe
LdZBmMid.exe
DQIvlEgN.exe
htiPkJOu.exe
phROWuvG.exe
nucSrjsi.exe

Début de la désinfection :
G:\RECYCLER\S-5-3-87-7677524027-0785688512-381707861-2624\
NklIGvDr.cpl
[RESULTAT] Contient le cheval de Troie TR/Starter.Y
[AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26004
[AVERTISSEMENT] Impossible de trouver le fichier source.
[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
[REMARQUE] Impossible de déplacer le fichier dans le répertoire de quarantaine !
[REMARQUE] Le fichier n'existe pas !
G:\RECYCLER\S-5-3-87-7677524027-0785688512-381707861-2624\
pwGqlbnS.cpl
[RESULTAT] Contient le cheval de Troie TR/Starter.Y
[AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26004
[AVERTISSEMENT] Impossible de trouver le fichier source.
[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
[REMARQUE] Impossible de déplacer le fichier dans le répertoire de quarantaine !
[REMARQUE] Le fichier n'existe pas !
G:\RECYCLER\S-5-3-87-7677524027-0785688512-381707861-2624\
NLwZrHVf.cpl
[RESULTAT] Contient le cheval de Troie TR/Starter.Y
[AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26004
[AVERTISSEMENT] Impossible de trouver le fichier source.
[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
[REMARQUE] Impossible de déplacer le fichier dans le répertoire de quarantaine !
[REMARQUE] Le fichier n'existe pas !
G:\RECYCLER\S-5-3-87-7677524027-0785688512-381707861-2624\
gruHWwkS.cpl
[RESULTAT] Contient le cheval de Troie TR/Starter.Y
[AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26004
[AVERTISSEMENT] Impossible de trouver le fichier source.
[REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK.
[REMARQUE] Impossible de déplacer le fichier dans le répertoire de quarantaine !
[REMARQUE] Le fichier n'existe pas !


Fin de la recherche : mercredi 31 août 2011 23:57
Temps nécessaire: 00:45 Minute(s)

La recherche a été effectuée intégralement

3 Les répertoires ont été contrôlés
328 Des fichiers ont été contrôlés
4 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
0 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
0 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
7 Impossible de scanner des fichiers
317 Fichiers non infectés
0 Les archives ont été contrôlées
13 Avertissements
11 Consignes

Autres pages sur : resolu starter detecte clef usb

1 Septembre 2011 10:31:23

Bonjour.

Télécharge Ad-Remover (de C_XX) sur ton Bureau.
Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours

• Double-clique sur AD-R situé sur ton Bureau pour le lancer.
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
• Choisis la langue F pour français.
• Au menu principal, choisis l'option Scanner.
/!\ Laisse travailler l'outil /!\

• Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
Pense à réactiver ton antivirus


Télécharge AdwCleaner (de Xplode) sur ton Bureau.
Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours

• Double-clique sur AdwCleaner.exe situé sur ton Bureau pour lancer l'installation.
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
• Sur le menu principal, clique sur Recherche et patiente le temps de l'analyse
• A la fin du scan, un rapport AdwCleaner[R].txt s'ouvre.

Pense à réactiver ton antivirus


Télécharge OTL (de Old Timer) sur ton bureau.
• Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

• L'écran principal de OTL s'affiche :


(1) Sélectionner le texte dans le bloc ci-dessous puis, cliquer-droit pour copier et enfin colle dans la zone Personnalisation de la fenêtre OTL.
netsvcs
msconfig
activex
drivers32
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
/md5start
explorer.exe
iexplorer.exe
userinit.exe
winlogon.exe
wininit.exe
svchost.exe
services.exe
atapi.sys
/md5stop

(2) S'assurer que les 4 cases soient sélectionnées
(3) Ensuite, cliquer sur le bouton Analyse
• A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.
PS : Les rapports sont aussi enregistrés sur le bureau


Télécharge MalwareByte's Anti-Malware
Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
Aide : Comment utiliser MBAM.

• Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
• Choisis ensuite "Exécuter un examen complet" puis "Rechercher"
• Sélectionne les disques dur et clique sur "Lancer l'examen"
• Laisse l'analyse se faire (cela peut durer longtemps).
• A la fin, vérifie que les éléments trouvés soient coché (dans "Résultat de l'examen).
• Puis cliquez sur "Supprimer la sélection" en bas.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
• Un rapport va s'afficher, enregistre-le sur le bureau et poste le dans la prochaine réponse.
• ou sinon, après le démarrage, il se trouvera dans l'onglet "Rapports/logs" de MalwareByte's Anti-Malware

Les rapports attendus:
• C:\Ad-Report-CLEAN.log
• AdwCleaner[R].txt
• OTL.Txt et Extras.Txt.situé sur ton bureau
• MalwareByte sur ton bureau

Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement les liens obtenus.
1 Septembre 2011 12:48:10

bonjour, merci a toi calimero28 ;) 
voila le 1er RAPPORT D' AD- REMOVER


======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [3]) -> Lancé à 12:16:50 le 01/09/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
LAURA - REMY@LAURA-REMY-PC (Hewlett-Packard HP Pavilion dv6 Notebook PC)

============== RECHERCHE ==============





============== SCAN ADDITIONNEL ==============

**** Internet Explorer Version [8.0.7601.17514] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://www.google.fr/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{9EAC3C5C-DE66-4DC6-8F0F-8F6475D85F69} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_SearchScopes\{9EAC3C5C-DE66-4DC6-8F0F-8F6475D85F69} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll)
HKCU_ElevationPolicy\{5FC80C85-4720-4580-9F1E-556B0A64533A} - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe (x)
HKCU_ElevationPolicy\{650DA0D7-C867-402B-B67D-0FE22C921EF7} - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe (x)
HKCU_ElevationPolicy\{924B636A-2FA1-4D88-B4BD-2279127EDB3A} - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files (x86)\Common Files\DivX Shared\DesktopService\DDMService.exe (DivX, LLC)
HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files (x86)\DivX\DivX Plus Web Player\dwpBroker.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-SCAN[3].txt - 01/09/2011 12:16:59 (3397 Octet(s))

Fin à: 12:17:50, 01/09/2011

============== E.O.F ==============
Contenus similaires
1 Septembre 2011 12:53:34

voila le RAPPORT d' AdwCleaner

# AdwCleaner v1.301 - Rapport créé le 01/09/2011 à 12:52:01
# Mis à jour le 28/08/11 à 21h par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : LAURA - REMY - LAURA-REMY-PC (Administrateur)
# Exécuté depuis : C:\Users\LAURA - REMY\Desktop\adwcleaner0.exe
# Option [Recherche]


***** [Processus] *****


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****


***** [Registre (64 bits)] *****


***** [Navigateurs] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\LAURA - REMY\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [867 octets] - [01/09/2011 12:52:01]

########## EOF - C:\AdwCleaner[R1].txt - [994 octets] ##########
1 Septembre 2011 13:08:34

Ensuite voila les Rapports d' OTL

OTL logfile created on: 01/09/2011 12:57:28 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\LAURA - REMY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,97 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 70,42% Memory free
7,93 Gb Paging File | 6,52 Gb Available in Paging File | 82,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,92 Gb Total Space | 230,52 Gb Free Space | 80,91% Space Free | Partition Type: NTFS
Drive D: | 12,97 Gb Total Space | 2,16 Gb Free Space | 16,68% Space Free | Partition Type: NTFS

Computer Name: LAURA-REMY-PC | User Name: LAURA - REMY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/01 12:54:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\LAURA - REMY\Desktop\OTL.exe
PRC - [2011/08/31 20:28:16 | 000,115,930 | --S- | M] () -- C:\Users\LAURA - REMY\AppData\Local\rynchqow\afcortxk.exe
PRC - [2011/08/31 13:22:44 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/08/31 13:22:43 | 000,567,464 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011/08/31 13:22:43 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011/08/31 13:22:43 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 16:07:38 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/30 02:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
PRC - [2010/11/30 02:23:56 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
PRC - [2010/11/30 02:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
PRC - [2010/11/30 02:23:44 | 000,406,888 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
PRC - [2009/07/23 20:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/31 20:28:16 | 000,115,930 | --S- | M] () -- C:\Users\LAURA - REMY\AppData\Local\rynchqow\afcortxk.exe
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/06/17 11:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 11:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 11:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 23:16:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2011/08/31 13:22:44 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/08/31 13:22:43 | 000,567,464 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011/08/31 13:22:43 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011/08/31 13:22:43 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 16:07:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/30 02:23:56 | 001,037,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe -- (SpeedDiskService)
SRV - [2010/11/30 02:23:44 | 001,029,480 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe -- (DiskDoctorService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 20:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 13:22:44 | 000,131,336 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avfwot.sys -- (avfwot)
DRV:64bit: - [2011/08/31 13:22:44 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/08/31 13:22:44 | 000,101,984 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avfwim.sys -- (avfwim)
DRV:64bit: - [2011/08/31 13:22:44 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/06/30 11:42:09 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/30 02:24:02 | 000,191,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SymDSMon.sys -- (SymDSMon)
DRV:64bit: - [2010/11/30 02:24:02 | 000,163,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/19 16:25:40 | 000,210,944 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010/11/19 16:25:40 | 000,049,664 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) Fresco Logic xHCI (USB3)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/07/21 05:39:00 | 000,140,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/02 23:51:00 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 20:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/29 19:00:00 | 000,116,752 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/06/10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2011/08/31 13:22:44 | 000,131,336 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\avfwot.sys -- (avfwot)
DRV - [2010/11/30 02:24:00 | 000,108,800 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\SymSpeedDisk.sys -- (SYMSpeedDisk)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3301899893-2849603091-1553462813-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-3301899893-2849603091-1553462813-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/08/22 23:26:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKU\S-1-5-21-3301899893-2849603091-1553462813-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3301899893-2849603091-1553462813-1001..\Run: [AfcOrtxk] C:\Users\LAURA - REMY\AppData\Local\rynchqow\afcortxk.exe ()
O4 - HKU\S-1-5-21-3301899893-2849603091-1553462813-1001..\Run: [RESTART_STICKY_NOTES] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\afcortxk.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-3301899893-2849603091-1553462813-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
O7 - HKU\S-1-5-21-3301899893-2849603091-1553462813-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-3301899893-2849603091-1553462813-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-wind... (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-wind... (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DAC4397-34F6-4172-AA18-BD5BECBB22A5}: DhcpNameServer = 212.27.40.240 212.27.40.241
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/09/01 01:54:12 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/09/01 01:54:12 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)


ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/09/01 12:54:28 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\LAURA - REMY\Desktop\OTL.exe
[2011/09/01 01:54:12 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2011/09/01 01:37:04 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ad-Remover
[2011/09/01 01:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover
[2011/09/01 01:31:36 | 000,000,000 | ---D | C] -- C:\UsbFix
[2011/09/01 01:31:25 | 001,238,108 | ---- | C] (El Desaparecido.com) -- C:\Users\LAURA - REMY\Desktop\UsbFix.exe
[2011/08/31 20:28:17 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\AppData\Local\rynchqow
[2011/08/30 01:41:51 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\pour activé microsoft office 2010
[2011/08/30 01:20:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2011/08/30 01:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/08/30 01:20:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/08/30 01:19:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/08/30 01:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2011/08/30 01:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/08/30 01:17:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/08/30 01:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/08/29 11:04:37 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\AppData\Roaming\Norton Utilities
[2011/08/29 10:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton Installer
[2011/08/29 10:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Utilities 15
[2011/08/29 10:47:25 | 000,191,232 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymDSMon.sys
[2011/08/29 10:47:25 | 000,163,384 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SymSpeedDisk.sys
[2011/08/29 10:47:25 | 000,108,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysWow64\drivers\SymSpeedDisk.sys
[2011/08/29 10:47:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec
[2011/08/29 10:47:23 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2011/08/29 10:47:23 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2011/08/29 10:47:23 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2011/08/29 10:47:23 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml.dll
[2011/08/29 10:47:23 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2011/08/29 10:47:17 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\Documents\UnErase
[2011/08/29 10:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2011/08/29 10:47:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Utilities 15
[2011/08/23 15:27:57 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\Documents\CyberLink
[2011/08/23 15:14:36 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\sik a gravé
[2011/08/22 23:51:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2011/08/22 23:51:06 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\AppData\Roaming\AVS4YOU
[2011/08/22 23:49:06 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/08/22 23:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2011/08/22 23:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2011/08/22 23:48:41 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll
[2011/08/22 23:48:39 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxhw32.dll
[2011/08/22 23:48:39 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2011/08/22 23:48:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2011/08/22 23:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2011/08/17 13:07:37 | 000,000,000 | -H-D | C] -- C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
[2011/08/17 13:07:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
[2011/08/17 11:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/08/17 11:54:16 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/08/17 11:54:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/08/17 11:54:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/08/17 11:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/08/15 12:08:46 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\AppData\Local\Microsoft Games
[2011/08/13 11:29:00 | 000,000,000 | ---D | C] -- C:\preload
[2011/08/11 19:06:19 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/11 10:37:10 | 000,000,000 | ---D | C] -- C:\02cb8ffb5e650d34f11942
[2011/08/11 09:43:27 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/11 09:43:27 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/11 09:43:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/11 09:43:27 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/11 09:43:27 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/11 09:43:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/11 09:43:27 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/11 09:43:27 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/11 09:43:27 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/11 09:43:26 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/11 09:43:21 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/11 09:43:21 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/11 09:43:21 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/11 09:43:21 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/11 09:43:21 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/11 09:43:21 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/11 09:43:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/11 09:43:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/11 09:43:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/11 09:43:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/11 09:43:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/11 09:43:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/11 09:43:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/11 09:43:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/11 09:43:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/11 09:43:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/11 09:43:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/11 09:43:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/11 09:43:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/11 09:43:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/11 09:43:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/11 09:43:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/11 09:43:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/11 09:43:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/11 09:43:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/11 09:43:19 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/11 09:43:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/11 09:43:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/11 09:43:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/11 09:43:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/11 09:43:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/11 09:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/11 09:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/11 09:43:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/11 09:43:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/11 09:43:05 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/08/11 09:43:04 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/08/11 09:43:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/08/11 09:43:04 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/08/11 09:43:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/08/11 09:43:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/08/11 09:43:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/08/11 09:43:00 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/11 09:42:59 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/11 09:42:59 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/03 15:59:43 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/08/03 15:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/08/03 15:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/08/03 09:00:42 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElcomSoft
[2011/08/03 09:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElcomSoft

========== Files - Modified Within 30 Days ==========

[2011/09/01 12:54:30 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\LAURA - REMY\Desktop\OTL.exe
[2011/09/01 12:50:02 | 000,463,806 | ---- | M] () -- C:\Users\LAURA - REMY\Desktop\adwcleaner0.exe
[2011/09/01 12:31:15 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/01 12:20:59 | 000,001,855 | ---- | M] () -- C:\Users\LAURA - REMY\Desktop\Ad-Remover.lnk
[2011/09/01 12:01:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/01 12:01:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/01 11:59:15 | 001,577,828 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/01 11:59:15 | 000,718,812 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/09/01 11:59:15 | 000,620,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/01 11:59:15 | 000,135,458 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/09/01 11:59:15 | 000,110,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/01 11:54:22 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2011/09/01 11:54:21 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/01 11:54:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/01 11:54:03 | 3195,420,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/01 01:31:28 | 001,238,108 | ---- | M] (El Desaparecido.com) -- C:\Users\LAURA - REMY\Desktop\UsbFix.exe
[2011/08/31 21:54:09 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Norton Utilities 15.lnk
[2011/08/31 20:28:16 | 000,115,930 | --S- | M] () -- C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\afcortxk.exe
[2011/08/31 19:00:49 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\NUSchedule.job
[2011/08/31 13:22:44 | 000,131,336 | ---- | M] (Avira GmbH) -- C:\Windows\SysWow64\drivers\avfwot.sys
[2011/08/31 13:22:44 | 000,131,336 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwot.sys
[2011/08/31 13:22:44 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/08/31 13:22:44 | 000,101,984 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avfwim.sys
[2011/08/31 13:22:44 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/08/30 09:54:59 | 000,457,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/30 02:06:22 | 000,000,460 | ---- | M] () -- C:\Users\LAURA - REMY\AppData\Roaming\wklnhst.dat
[2011/08/29 20:21:30 | 000,007,605 | ---- | M] () -- C:\Users\LAURA - REMY\AppData\Local\resmon.resmoncfg
[2011/08/24 17:50:03 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/08/23 14:52:55 | 000,001,265 | ---- | M] () -- C:\Users\LAURA - REMY\Desktop\AVS Audio Converter.lnk
[2011/08/23 01:50:09 | 000,001,265 | ---- | M] () -- C:\Users\LAURA - REMY\Desktop\AVS Video Converter.lnk
[2011/08/22 23:26:03 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/08/22 23:25:57 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/08/17 12:35:06 | 000,001,274 | ---- | M] () -- C:\Users\LAURA - REMY\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk
[2011/08/17 12:35:06 | 000,001,250 | ---- | M] () -- C:\Users\LAURA - REMY\Desktop\Glary Utilities.lnk
[2011/08/17 11:54:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011/08/17 11:54:09 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/08/17 11:54:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/08/17 11:54:09 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/08/13 06:58:17 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/09/01 12:50:00 | 000,463,806 | ---- | C] () -- C:\Users\LAURA - REMY\Desktop\adwcleaner0.exe
[2011/09/01 01:37:04 | 000,001,855 | ---- | C] () -- C:\Users\LAURA - REMY\Desktop\Ad-Remover.lnk
[2011/08/31 23:25:52 | 733,063,168 | ---- | C] () -- C:\Users\LAURA - REMY\Desktop\American Gangster (fr).avi
[2011/08/31 23:22:16 | 727,843,152 | ---- | C] () -- C:\Users\LAURA - REMY\Desktop\The.Expendables.2010.FRENCH.R5.LD.XViD-SERUM.avi
[2011/08/31 23:21:49 | 719,736,130 | ---- | C]
1 Septembre 2011 13:10:50

:hello: 

Tu as passé plusieurs fois l'outil AD-Remover : C:\Ad-Report-SCAN[3].txt - 01/09/2011 12:16:59 (3397 Octet(s))
Peux tu poster, le premier log du scan d'Ad-Remover avec le reste des autres outils.
1 Septembre 2011 13:15:08

OTL Extras logfile created on: 01/09/2011 12:57:28 - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\LAURA - REMY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,97 Gb Total Physical Memory | 2,79 Gb Available Physical Memory | 70,42% Memory free
7,93 Gb Paging File | 6,52 Gb Available in Paging File | 82,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,92 Gb Total Space | 230,52 Gb Free Space | 80,91% Space Free | Partition Type: NTFS
Drive D: | 12,97 Gb Total Space | 2,16 Gb Free Space | 16,68% Space Free | Partition Type: NTFS

Computer Name: LAURA-REMY-PC | User Name: LAURA - REMY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08B6E326-E785-4733-B3FD-0142E6A07F1B}" = Fresco Logic USB3.0 Host Controller
"{16AD84C0-E7A0-F64D-D55A-15D274C4439A}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{83715090-142B-D305-36EC-7538A007D336}" = ATI Catalyst Install Manager
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{8FCDACA0-E090-4A9A-AC71-A96E7371DC6E}" = HP 3D DriveGuard
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{266D0EEA-E5A6-4A08-A0EE-5391D4EA44A7}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{27B0C2FD-9739-8D7D-6552-307C786D9097}" = Catalyst Control Center InstallProxy
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{38022B5C-0C69-389F-DA48-B87480B5705A}" = CCC Help Turkish
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3BBBF379-6C7E-0985-18F6-6C60D6C36EC6}" = CCC Help Portuguese
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B2F56AC-C043-C84F-3EF1-E6D6F21E934F}" = Catalyst Control Center Graphics Full Existing
"{4E414048-A9DD-4F60-AA1D-018E716C88C9}" = Internet Explorer
"{4F2C2E34-5A3E-0E70-BDFC-A5B1E3C2FFAC}" = Catalyst Control Center Graphics Light
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{532715CE-CFD6-E4F8-53C3-2F1DE31C04DA}" = CCC Help Hungarian
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{558CC8A3-F1A2-9C31-7B90-F61E476B8622}" = CCC Help Dutch
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5D76ABD5-262B-6D65-6C13-F38175C7A5AF}" = CCC Help Korean
"{5D92E608-E454-0C8C-D577-7F7C06151117}" = CCC Help Greek
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79EECA21-CDFA-6012-5E8B-6CF2623D647A}" = Catalyst Control Center Graphics Full New
"{7BE6BC10-6737-CD9D-8363-F919B8D6D917}" = Catalyst Control Center Core Implementation
"{7E0610A2-E336-40B3-B685-C4905E97EC9A}" = OpenOffice.org 3.3
"{80FBA7A7-ABD1-4910-A916-023075C45593}" = CCC Help Danish
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8797DE34-22BC-CA33-6B67-A0CC2765B545}" = CCC Help German
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89D1C17B-90DE-650A-073A-A7FA7BC6ECE5}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C664716-FD23-9902-A29E-863D056F46FC}" = CCC Help Russian
"{8F36B221-F483-B7CE-4DDA-7BDA4D81E306}" = CCC Help English
"{8FB16749-1235-D027-AF25-1D22A9FEC0D5}" = CCC Help Thai
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
"{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91A3A4DE-656A-5C7A-5B61-75FB6D167A6A}" = CCC Help Polish
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDB805A-E11C-8842-2393-FDFDA17963AC}" = CCC Help Chinese Traditional
"{A16D1BBD-BE86-0183-4152-2E85FECC31F7}" = CCC Help Finnish
"{A19856E3-C9D7-988E-5B8C-70C87342B8DD}" = Catalyst Control Center Localization All
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Français
"{AD777154-A573-4FCA-C730-D7C33437262C}" = CCC Help Czech
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B66D2CC9-652D-EBE5-497F-74BBC1029FB4}" = CCC Help Japanese
"{B6A4D07E-725F-07CD-DE49-8AB76939631D}" = CCC Help Norwegian
"{BF930A5D-4F36-5158-C8DA-DECD5B51A78E}" = CCC Help Chinese Standard
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6FCE95C-0072-40C0-9AB2-3EF88DA6CED9}" = Catalyst Control Center Graphics Previews Common
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF166A93-835F-DF13-E974-FD73E8D7F4F6}" = CCC Help Swedish
"{E09F7D2B-C1C1-D80B-7775-6FFE9D713C60}" = CCC Help Spanish
"{E26EEBF8-3A50-8095-5877-AE243C8852EF}" = Catalyst Control Center Graphics Previews Vista
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EC8049FF-B0E3-A963-408C-1B1D8F20DD55}" = CCC Help Italian
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{FD1D88FA-E5E0-BA76-73C8-7362E9703842}" = ccc-core-static
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira Premium Security Suite
"AVS Audio Converter_is1" = AVS Audio Converter version 7
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"DivX Setup" = Configuration DivX
"Glary Utilities_is1" = Glary Utilities Pro 2.36.0.1232
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Norton Utilities 15_is1" = Norton Utilities 15
"Office14.PROPLUS" = Microsoft Office Professionnel Plus 2010
"Picasa 3" = Picasa 3
"Usbfix" = UsbFix By El Desaparecido
"VLC media player" = VLC media player 1.1.10
"WildTangent hp Master Uninstall" = HP Games

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3301899893-2849603091-1553462813-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Ad-Remover" = Ad-Remover
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/08/2011 16:08:52 | Computer Name = LAURA-REMY-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante iexplore.exe, version : 8.0.7601.17514,
horodatage : 0x4ce7a313 Nom du module défaillant : avsda64.dll, version : 10.0.0.7,
horodatage : 0x4b605df3 Code d’exception : 0xc0000005 Décalage d’erreur : 0x00000000000021d0
ID
du processus défaillant : 0x1284 Heure de début de l’application défaillante : 0x01cc63624c955513
Chemin
d’accès de l’application défaillante : C:\Program Files\Internet Explorer\iexplore.exe
Chemin
d’accès du module défaillant: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll
ID
de rapport : 0d0abdc1-cf56-11e0-898b-00269e220180

Error - 26/08/2011 06:01:49 | Computer Name = LAURA-REMY-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

Error - 27/08/2011 06:16:21 | Computer Name = LAURA-REMY-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

Error - 28/08/2011 05:01:14 | Computer Name = LAURA-REMY-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

Error - 29/08/2011 07:47:23 | Computer Name = LAURA-REMY-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

Error - 29/08/2011 19:32:24 | Computer Name = LAURA-REMY-PC | Source = Office Software Protection Platform Service | ID = 1017
Description = Installation of the Proof of Purchase failed. 0xC004F050 Partial Pkey=vhkc6
ACID=?
Detailed
Error[?]

Error - 30/08/2011 06:54:14 | Computer Name = LAURA-REMY-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

Error - 30/08/2011 08:09:13 | Computer Name = LAURA-REMY-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante iexplore.exe, version : 8.0.7601.17514,
horodatage : 0x4ce7a313 Nom du module défaillant : avsda64.dll, version : 10.0.0.7,
horodatage : 0x4b605df3 Code d’exception : 0xc0000005 Décalage d’erreur : 0x000000000000216f
ID
du processus défaillant : 0x1318 Heure de début de l’application défaillante : 0x01cc670af1b68400
Chemin
d’accès de l’application défaillante : C:\Program Files\Internet Explorer\iexplore.exe
Chemin
d’accès du module défaillant: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll
ID
de rapport : df8ad9ad-d300-11e0-942a-00269e220180

Error - 31/08/2011 09:29:37 | Computer Name = LAURA-REMY-PC | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

Error - 31/08/2011 16:37:41 | Computer Name = LAURA-REMY-PC | Source = Application Hang | ID = 1002
Description = Le programme iexplore.exe version 8.0.7601.17514 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID
de processus : 1da8 Heure de début : 01cc6815376f8734 Heure de fin : 32 Chemin d’accès
de l’application : C:\Program Files (x86)\Internet Explorer\iexplore.exe ID de rapport
: 0d6e228f-d411-11e0-92ab-00269e220180

[ System Events ]
Error - 23/08/2011 11:44:32 | Computer Name = LAURA-REMY-PC | Source = DCOM | ID = 10016
Description =

Error - 23/08/2011 11:44:32 | Computer Name = LAURA-REMY-PC | Source = DCOM | ID = 10016
Description =

Error - 23/08/2011 11:44:58 | Computer Name = LAURA-REMY-PC | Source = DCOM | ID = 10016
Description =

Error - 23/08/2011 11:44:58 | Computer Name = LAURA-REMY-PC | Source = DCOM | ID = 10016
Description =

Error - 23/08/2011 11:45:54 | Computer Name = LAURA-REMY-PC | Source = DCOM | ID = 10016
Description =

Error - 23/08/2011 11:45:54 | Computer Name = LAURA-REMY-PC | Source = DCOM | ID = 10016
Description =

Error - 23/08/2011 14:46:12 | Computer Name = LAURA-REMY-PC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 20:42:54 le ?23/?08/?2011 n’était pas
prévu.

Error - 27/08/2011 05:18:21 | Computer Name = LAURA-REMY-PC | Source = Tcpip | ID = 4199
Description = Le système a détecté un conflit d’adresses pour l’adresse IP 88.169.55.178
avec le système d’adresse physique réseau 00-1F-A7-73-AE-F5. En conséquence les
opérations réseau sur se système peuvent être interrompues.

Error - 27/08/2011 10:37:36 | Computer Name = LAURA-REMY-PC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:50:10 le ?27/?08/?2011 n’était pas
prévu.

Error - 27/08/2011 12:28:39 | Computer Name = LAURA-REMY-PC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 18:27:18 le ?27/?08/?2011 n’était pas
prévu.


< End of report >
1 Septembre 2011 13:18:57

Pour info, il ne fallait pas faire toutes ces demarche avec la clef USB branché au pc ?
car tu ne m'a pas dit si il fallait brancher ma clef usb ou non!
merci de ta réponsse
1 Septembre 2011 13:31:49

voila le 1er SCAN de Ad-Report

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 01:43:17 le 01/09/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
LAURA - REMY@LAURA-REMY-PC (Hewlett-Packard HP Pavilion dv6 Notebook PC)

============== RECHERCHE ==============





============== SCAN ADDITIONNEL ==============

**** Internet Explorer Version [8.0.7601.17514] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{9EAC3C5C-DE66-4DC6-8F0F-8F6475D85F69} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_SearchScopes\{9EAC3C5C-DE66-4DC6-8F0F-8F6475D85F69} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} (C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll)
HKCU_ElevationPolicy\{5FC80C85-4720-4580-9F1E-556B0A64533A} - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe (x)
HKCU_ElevationPolicy\{650DA0D7-C867-402B-B67D-0FE22C921EF7} - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10b.exe (x)
HKCU_ElevationPolicy\{924B636A-2FA1-4D88-B4BD-2279127EDB3A} - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files (x86)\Common Files\DivX Shared\DesktopService\DDMService.exe (DivX, LLC)
HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files (x86)\DivX\DivX Plus Web Player\dwpBroker.exe (?)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)
BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 01/09/2011 01:37:43 (3665 Octet(s))
C:\Ad-Report-SCAN[1].txt - 01/09/2011 01:43:22 (3460 Octet(s))

Fin à: 01:45:30, 01/09/2011

============== E.O.F ==============
1 Septembre 2011 13:50:32

Pour finir voila le RAPPORT de MBAM:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Version de la base de données: 7628

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

01/09/2011 13:42:39
mbam-log-2011-09-01 (13-42-39).txt

Type d'examen: Examen complet (C:\|G:\|)
Elément(s) analysé(s): 331578
Temps écoulé: 25 minute(s), 33 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 312

Processus mémoire infecté(s):
c:\Users\laura - remy\AppData\Local\rynchqow\afcortxk.exe (Trojan.Agent) -> 3348 -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AfcOrtxk (Trojan.Agent) -> Value: AfcOrtxk -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Users\laura - remy\AppData\Local\rynchqow\afcortxk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\aamqdxyw.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\aarhstgk.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\aicdlcys.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\aolshtjr.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\axhpwtyr.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ayrbvfma.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\bdasmnnl.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\bfcxnlle.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\bsatcgkt.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\bvjfdwxc.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\bxprhano.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\cgtulqhs.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\cixbhkji.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\cmukrlqv.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\coyxtkkx.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\cpjvofzv.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\csfqeycx.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\cybuoued.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\dfpdykmi.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\doxnkntk.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\dphmptjd.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\eddrunae.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ejbxmoec.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ekkmetjy.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\exsauygf.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\fkpdylxk.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\fmmhagua.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\fnhnfrhs.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\fnjcuxyi.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\fxuyddmd.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\fyxyptxr.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\gagfkplt.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\gbscauma.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ghfrnjgx.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\gigtgcsy.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\gsidoynu.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\gvfkvttt.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\hbuethfy.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\hovmjcvp.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\hrkzgboy.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\hswnkyqy.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ibxcakxf.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\icmxmiuh.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ijcqicwi.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\imjposfg.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\inwqqodi.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\iozwuriz.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\iqsrwynw.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\iufvvwlo.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\jeptlfgb.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\jhtnchll.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\jiopzsmj.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\jlaymptz.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\kbbsogdb.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\kblwnykk.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\kgluagea.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\kpnzypmq.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\kspqvsiy.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\lasdfeoj.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\llciuzdc.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\lmfuadco.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ltjxfees.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\lxjcmohx.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\lymmmcyi.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\mboqplfw.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\mbzvwpsp.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\mloaayla.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\mmdpfjmb.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\mmmqzmwx.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\moeaickv.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\mqpoqtmo.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\mredgcbl.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\mznmbnqn.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\nckvlzmu.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\njkboolj.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\nosigajh.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\nsutaoxj.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\nzhrhnmk.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\nzzbtitv.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\oagfvqtn.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\obtwvfaq.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\oemigvml.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\okmlosbl.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\olpchmqf.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\opmdtloe.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\oswmuwou.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\otkocymj.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ouviiety.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\pavknvbs.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\pfcisuvl.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\pkexiifh.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\popdkcum.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ppowzuex.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ptckezth.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\pwktjuii.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\qnmefdnh.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\qnyoxbmb.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\qopenugi.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\qpmgnfkg.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\rdpfdblc.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\rglemhzt.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\rnihfwjo.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\rvwpzagr.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\sdwxgdkj.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\senesohf.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\snvpccco.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\srvurgvr.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\stdcelsx.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\sufmfzmh.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\svkukwdw.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\svkwmcxr.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\syiewnos.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\tbidcvee.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\tbxueqwu.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\tcpunwbd.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\tgbjjiof.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\tiimcqzd.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\trygsqru.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ttokusdx.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\txlnlqwt.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\tynxktoc.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\udwcqbvb.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ugfcauas.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\uokjcsfx.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\usfqqekp.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\vdqbdcge.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\vepavssr.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\vfuhljvx.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\vhrkbnge.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\vjewhsqo.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\vjofspep.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\vonabtem.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\wchbfcvg.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\wjjjxaak.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\woqlllnl.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\wrqxzeki.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\xbqilthe.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\xcdyhewl.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\xdpqcrgb.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\xfwafoiv.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\xhuypqhb.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\xmgfwyrx.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\xregrtyq.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\xvxkvpum.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\xwcohrwt.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\xwfwylpl.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\xxetkspg.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ybqntemi.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ygnwwlpv.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ymnftsot.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ymslqrmm.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ynpbigel.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ypcftixa.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\ypwqsjnu.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\yrvoamoa.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\yuasplar.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\yxoranjd.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\zbfkvnvu.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\G\Recycler\s-5-3-87-7677524027-0785688512-381707861-2624\zyralftu.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\laura - remy\AppData\Local\Temp\rkamtsatsuepoohj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\laura - remy\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\afcortxk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\BwLcbhOs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\tVspxljq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\qFeHuYkI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\TZKQNobA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\DYvcxWGt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\JuLecvBf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\KjpmgVRS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\QLiDLWOV.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\pfESvagc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\oGBWLtjL.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\KKLwAqrc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\rYSPVmxl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\dTyVAHjd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\MGWSjbCG.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\tGDCJnbp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\kDMxaqvt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\shSaoejr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\kVABBcNL.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\duBpKjiA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\KVgdyhDH.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\oiwWVAfy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\ROarsZhf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\okVZijrE.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\fBOJCCei.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\liPwEmVl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\oVkTyyYW.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\QFGLdyFo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\TfTrtuWT.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\XEeBYpdW.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\WnPaQuqX.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\SJVXdLLI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\gNhYFAbS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\GYlXZApk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\KnJvhiGq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\ZdBeSjWq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\MhofaEKq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\lQkNnCZo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\cPgPHlEF.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\jYiPgRSl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\duyGbhJI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\xOMFhcjB.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\XOnJTNfE.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\miySCPGI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\KFcHmNTl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\aDftNCGi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\spyBDXox.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\cykFLNpy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\jeUMtqfj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\YwwHmUug.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\gXbAuNjV.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\QxlgaAyB.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\gFVlDryw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\wQQmgLFj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\NODThMEd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\ZxegjXls.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\mJkXTTqb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\DCkwuvJT.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\giwQimxb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\DndyIUcM.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\YjWYaWpf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\LTEZKiAq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\TZiJYgiD.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\oxwqMfBq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\sPdrraBe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\NIgBYPSQ.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\BbJyXvbv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\gLneupHb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\LTFdDhut.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\nVkQdqGf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\MSqbJwfq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\XhqiaCqP.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\bTtZQQce.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\uwHLUStm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\nFmFymsF.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\VKwvUMIo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\OLnAKIFy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\UionAkIk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\AVPaOpTA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\IPwtKDoL.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\WyKHgvGc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\yKhUyISC.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\jNZUkOhm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\NclLwuvg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\hlinGHGH.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\qmetnKbn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\pkpkilPM.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\AgHCoVKZ.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\xqOTFPli.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\mDdQSUBs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\vttryPAb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\YLCfxkuZ.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\CZGsxVyD.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\UKcKobmg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\LNoMFaSf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\eLLcMFZS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\KIZbXUXy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\JCfpXQLe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\rwyjuNKc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\IGiqMuvI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\AVkdPQcE.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\PSRdpkeb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\sGPdLDol.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\XrqrbuyX.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\oqoyXrfy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\cXJMVkch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\LQbDooRq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\OWTyDfbG.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\HcNLGGyK.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\XlFqpGQJ.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\QMXIhqHq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\xLScgrAI.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\adqnoHJA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\dJPHBlZj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\tlCTthnA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\IIxJwoGP.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\FWNTZUTf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\oNbYPfkt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\NcjyogFg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\hSWBSPoS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\HorYjnrG.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\ytAIfHgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\uxcKXqpZ.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\JHgsuSqA.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\AuOydUNv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\wXYEWBqc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\DCoWSiEe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\ChwKtwWe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\iZjDsIeR.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\UQwSkLgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\fhyJwvny.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\irRbijHk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\RlvCHNOx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\lKnelWKd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\fsVKgCMF.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\ANdGlgjR.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\rPvPFfHS.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\aoPQHFhM.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\hJqNVLwi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\MQKVGvcy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\mAAvTfqU.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\QrILOOLE.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\BFPBtujJ.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\NPuGffac.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\DRhbOgDt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\MgcATfeX.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\uihrNOJv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\auSxRiKw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\HANWjynu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\dgHBQXqn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
g:\RECYCLER\s-6-1-82-6413550372-4548048683-685656555-3184\iiqCfvSs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
1 Septembre 2011 14:03:25

rem59 a dit :
Pour info, il ne fallait pas faire toutes ces demarche avec la clef USB branché au pc ?
car tu ne m'a pas dit si il fallait brancher ma clef usb ou non!
merci de ta réponsse


Jusqu'à maintenant, pas trop d'importance.

Transmet le rapport :
Par contre, le premier rapport d'OTL n'est pas complet.
• Clique sur ce lien : http://www.cijoint.fr/
• Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
• Clique sur Ouvrir.
• Clique sur Cliquez ici pour déposer le fichier.
• Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
• Copie-colle ce lien dans ta réponse.

USBFix - Analyse
• Télécharge USBFix de El Desaparecido sur ton Bureau.
• Lance l'installation avec les paramètres par défaut.
• Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
• Double-clique sur le raccourci UsbFix sur ton Bureau.
• Le PC va redémarrer.
• Après redémarrage, poste le rapport UsbFix.txt
• Le rapport UsbFix.txt est sauvegardé à la racine du disque C:\ UsbFix.txt

• (Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
1 Septembre 2011 14:14:25

la il y a des logiciels indesirable qui veulent s installer sur mon pc : setep2897485248.exe , et windows me demande mon autorisation , je clique NON, et le message reviend!
1 Septembre 2011 14:19:25

voila le RAPPORT d'UsbFix

############################## | UsbFix 7.058 | [Recherche]

Utilisateur: LAURA - REMY (Administrateur) # LAURA-REMY-PC [Hewlett-Packard HP Pavilion dv6 Notebook PC]
Mis à jour le 24/08/2011 par El Desaparecido
Lancé à 14:16:22 | 01/09/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 8.0.7601.17514

Pare-feu Windows: Désactivé /!\
RAM -> 4063 Mo
C:\ (%systemdrive%) -> Disque fixe # 285 Go (230 Go libre(s) - 81%) [] # NTFS
D:\ -> Disque fixe # 13 Go (2 Go libre(s) - 17%) [RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> Disque amovible # 8 Go (8 Go libre(s) - 100%) [HP V210W] # FAT32

################## | Éléments infectieux |

Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup1168890592.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup1729342464.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup255952176.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup2642370608.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup2897485248.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup3909275360.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup401508096.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup4230680576.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup1168890592.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup1729342464.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup255952176.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup2642370608.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup2897485248.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup3909275360.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup401508096.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup4230680576.exe.manifest
Présent! G:\autorun.inf
Présent! G:\RECYCLER\S-6-1-82-6413550372-4548048683-685656555-3184
Présent! G:\RECYCLER\S-0-3-26-1756088850-1340671115-860537044-0174

################## | Registre |


################## | Mountpoints2 |


################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)
G:\Autorun.inf -> Vaccin créé par Panda USB Vaccine

################## | E.O.F |
1 Septembre 2011 14:42:37

USBFix - Nettoyage
• Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
• Double-clique sur le raccourci UsbFix sur ton Bureau.
• Sélectionne Suppression
• Après redémarrage, poste le rapport UsbFix.txt
• Le rapport UsbFix.txt est sauvegardé à la racine du disque C:\ UsbFix.txt

• (Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

Arrives tu à localiser ce fichier setep2897485248.exe
En fait, ce fichier SETUPxxx a, et non pas SETEP que je recherchais ;)  , il été supprimé par USBFix.
1 Septembre 2011 15:01:23

############################## | UsbFix 7.058 | [Suppression]

Utilisateur: LAURA - REMY (Administrateur) # LAURA-REMY-PC [Hewlett-Packard HP Pavilion dv6 Notebook PC]
Mis à jour le 24/08/2011 par El Desaparecido
Lancé à 14:48:12 | 01/09/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 8.0.7601.17514

Pare-feu Windows: Désactivé /!\
RAM -> 4063 Mo
C:\ (%systemdrive%) -> Disque fixe # 285 Go (230 Go libre(s) - 81%) [] # NTFS
D:\ -> Disque fixe # 13 Go (2 Go libre(s) - 17%) [RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> Disque amovible # 8 Go (7 Go libre(s) - 100%) [HP V210W] # FAT32

################## | Éléments infectieux |

Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup1168890592.exe
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup1541127272.exe
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup1729342464.exe
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup255952176.exe
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup2642370608.exe
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup2897485248.exe
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup3909275360.exe
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup401508096.exe
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup4230680576.exe
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup712848112.exe
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup737132592.exe
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup1168890592.exe.manifest
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup1541127272.exe.manifest
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup1729342464.exe.manifest
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup255952176.exe.manifest
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup2642370608.exe.manifest
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup2897485248.exe.manifest
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup3909275360.exe.manifest
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup401508096.exe.manifest
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup4230680576.exe.manifest
Supprimé! C:\Users\LAURA-~1\AppData\Local\Temp\setup737132592.exe.manifest
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3301899893-2849603091-1553462813-1001
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3301899893-2849603091-1553462813-1001
Supprimé! G:\Recycler\S-6-1-82-6413550372-4548048683-685656555-3184
Supprimé! G:\Recycler\S-0-3-26-1756088850-1340671115-860537044-0174
Supprimé! G:\Recycler\S-3-0-21-1606754634-2466370718-415541806-2057
Non supprimé ! G:\autorun.inf

################## | Registre |


################## | Mountpoints2 |


################## | Listing |

[01/09/2011 - 14:51:16 | SHD ] C:\$Recycle.Bin
[11/08/2011 - 10:37:11 | D ] C:\02cb8ffb5e650d34f11942
[01/09/2011 - 12:17:50 | N | 3535] C:\Ad-Report-SCAN[3].txt
[01/09/2011 - 12:23:43 | N | 3599] C:\Ad-Report-SCAN[4].txt
[01/09/2011 - 12:52:04 | N | 994] C:\AdwCleaner[R1].txt
[01/09/2011 - 01:54:12 | RASHD ] C:\Autorun.inf
[29/08/2011 - 11:56:20 | D ] C:\boot
[14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr
[31/08/2011 - 13:24:39 | D ] C:\Config.Msi
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[01/09/2011 - 14:21:19 | ASH | 3195420672] C:\hiberfil.sys
[30/06/2011 - 11:58:38 | D ] C:\HP
[22/08/2009 - 00:10:55 | RHD ] C:\MSOCache
[01/09/2011 - 14:21:24 | ASH | 4260560896] C:\pagefile.sys
[13/08/2011 - 11:29:07 | D ] C:\preload
[03/08/2011 - 15:59:34 | D ] C:\Program Files
[01/09/2011 - 01:37:02 | D ] C:\Program Files (x86)
[01/09/2011 - 14:22:00 | HD ] C:\ProgramData
[30/06/2011 - 12:27:45 | SHD ] C:\Recovery
[30/06/2011 - 12:32:24 | D ] C:\SwSetup
[01/09/2011 - 14:11:38 | SHD ] C:\System Volume Information
[30/06/2011 - 12:27:54 | D ] C:\SYSTEM.SAV
[01/09/2011 - 14:51:17 | D ] C:\UsbFix
[01/09/2011 - 14:48:13 | A | 4121] C:\UsbFix.txt
[30/06/2011 - 12:26:13 | D ] C:\Users
[31/08/2011 - 13:24:39 | D ] C:\Windows
[01/09/2011 - 14:51:17 | SHD ] D:\$RECYCLE.BIN
[01/09/2011 - 01:54:12 | RASHD ] D:\Autorun.inf
[29/08/2011 - 11:56:20 | D ] D:\boot
[14/07/2009 - 20:39:00 | ASH | 383562] D:\bootmgr
[30/06/2011 - 12:32:25 | N | 0] D:\BT_HP.FLG
[23/08/2009 - 02:02:32 | N | 432] D:\CSP.DAT
[23/08/2009 - 02:10:06 | N | 11403] D:\DeployRp.log
[31/10/2009 - 22:47:44 | D ] D:\hp
[29/06/2011 - 14:02:34 | N | 20] D:\HPSF_Rep.txt
[31/10/2009 - 22:47:36 | N | 8] D:\HP_WSD.dat
[30/06/2011 - 12:32:25 | N | 22] D:\language.ini
[31/10/2009 - 22:47:44 | D ] D:\preload
[30/06/2011 - 12:27:54 | SD ] D:\Recovery
[23/08/2009 - 02:09:56 | N | 0] D:\RPCONFIG.LOG
[02/01/2010 - 14:43:28 | SHD ] D:\System Volume Information
[31/10/2009 - 22:47:44 | D ] D:\system.sav
[31/08/2011 - 23:29:06 | D ] G:\RECYCLER
[01/09/2011 - 14:52:04 | RASH | 0] G:\autorun.inf
[01/09/2011 - 14:52:04 | A | 693] G:\Copy of Shortcut to (1).lnk
[01/09/2011 - 14:52:04 | A | 678] G:\Copy of Shortcut to (2).lnk
[01/09/2011 - 14:52:04 | A | 823] G:\Copy of Shortcut to (3).lnk
[01/09/2011 - 14:52:06 | A | 797] G:\Copy of Shortcut to (4).lnk

################## | Vaccin |

G:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_LAURA-REMY-PC.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |
1 Septembre 2011 15:01:54

Ensuite?
1 Septembre 2011 16:42:35

quand je supprime les dossiers de ma clef usb, ils reviennent :S
1 Septembre 2011 20:07:52

Ton Anti-virus est bien Avira ?



On retrouve des anciennes traces de McAfee que je te propose de supprimer en lançant l'outil MCPR.exe

+ d'info



Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le relancer.
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

• Copie/colle ce qui suit dans le cadre Personnalisation en bas à gauche.


:OTL
SRV - [2010/01/15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
PRC - [2011/08/31 20:28:16 | 000,115,930 | --S- | M] () -- C:\Users\LAURA - REMY\AppData\Local\rynchqow\afcortxk.exe
O4 - HKU\S-1-5-21-3301899893-2849603091-1553462813-1001..\Run: [AfcOrtxk] C:\Users\LAURA - REMY\AppData\Local\rynchqow\afcortxk.exe ()
O4 - HKU\S-1-5-21-3301899893-2849603091-1553462813-1001..\Run: [RESTART_STICKY_NOTES] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\afcortxk.exe ()
O32 - AutoRun File - [2011/09/01 01:54:12 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/09/01 01:54:12 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
[2011/09/01 01:54:12 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
[2011/09/01 12:17:50 | 000,003,535 | ---- | M] () -- C:\Ad-Report-SCAN[3].txt
[2011/09/01 12:23:43 | 000,003,599 | ---- | M] () -- C:\Ad-Report-SCAN[4].txt
[2011/09/01 12:52:04 | 000,000,994 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2011/08/31 20:28:17 | 000,000,000 | ---D | C] -- C:\Users\LAURA - REMY\AppData\Local\rynchqow
[2011/08/31 20:28:16 | 000,115,930 | --S- | M] () -- C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\afcortxk.exe

:Commands
[emptytemp]
[emptyflash]


• Puis clique sur le bouton Correction en haut à gauche
• Si le pc demande à redémarrer accepte.


Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.

Relance USBFix - Nettoyage comme dans ce post

Et, poste les rapports de suppression.
1 Septembre 2011 20:27:23

oui c'est bien avira antivir mon antivirus!
je poste sa dans 5min
1 Septembre 2011 20:37:20

All processes killed
========== OTL ==========
Service McComponentHostService stopped successfully!
Service McComponentHostService deleted successfully!
C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe moved successfully.
No active process named afcortxk.exe was found!
Registry value HKEY_USERS\S-1-5-21-3301899893-2849603091-1553462813-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AfcOrtxk deleted successfully.
C:\Users\LAURA - REMY\AppData\Local\rynchqow\afcortxk.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3301899893-2849603091-1553462813-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\afcortxk.exe scheduled to be moved on reboot.
File not found.
File not found.
C:\Autorun.inf folder moved successfully.
C:\Ad-Report-SCAN[3].txt moved successfully.
C:\Ad-Report-SCAN[4].txt moved successfully.
C:\AdwCleaner[R1].txt moved successfully.
C:\Users\LAURA - REMY\AppData\Local\rynchqow folder moved successfully.
File move failed. C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\afcortxk.exe scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: LAURA - REMY
->Temp folder emptied: 10810656 bytes
->Temporary Internet Files folder emptied: 163522927 bytes
->Java cache emptied: 124527 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2862 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4874 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67843 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 166,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: LAURA - REMY
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 09012011_203117

Files\Folders moved on Reboot...
C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\afcortxk.exe moved successfully.
C:\Users\LAURA - REMY\AppData\Local\Temp\27F.tmp moved successfully.
C:\Users\LAURA - REMY\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\LAURA - REMY\AppData\Local\Temp\~DF290B19795F3D1551.TMP not found!
File\Folder C:\Users\LAURA - REMY\AppData\Local\Temp\~DF399FF96CDE32CE3D.TMP not found!
File\Folder C:\Users\LAURA - REMY\AppData\Local\Temp\~DF3B2D3D43DC397E4E.TMP not found!
File\Folder C:\Users\LAURA - REMY\AppData\Local\Temp\~DFA83783B7DD87ED19.TMP not found!
File\Folder C:\Users\LAURA - REMY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VWQ75AJQ\like[2].htm not found!
File\Folder C:\Users\LAURA - REMY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CMY2JJIO\aff_frame[1].htm not found!

Registry entries deleted on Reboot...
1 Septembre 2011 20:45:56

############################## | UsbFix 7.058 | [Suppression]

Utilisateur: LAURA - REMY (Administrateur) # LAURA-REMY-PC [Hewlett-Packard HP Pavilion dv6 Notebook PC]
Mis à jour le 24/08/2011 par El Desaparecido
Lancé à 20:39:45 | 01/09/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 8.0.7601.17514

Pare-feu Windows: Désactivé /!\
RAM -> 4063 Mo
C:\ (%systemdrive%) -> Disque fixe # 285 Go (227 Go libre(s) - 80%) [] # NTFS
D:\ -> Disque fixe # 13 Go (2 Go libre(s) - 17%) [RECOVERY] # NTFS
E:\ -> CD-ROM
G:\ -> Disque amovible # 8 Go (8 Go libre(s) - 100%) [HP V210W] # FAT32

################## | Éléments infectieux |

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-3301899893-2849603091-1553462813-1001
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-3301899893-2849603091-1553462813-1001

################## | Registre |


################## | Mountpoints2 |


################## | Listing |

[01/09/2011 - 20:40:58 | SHD ] C:\$Recycle.Bin
[11/08/2011 - 10:37:11 | D ] C:\02cb8ffb5e650d34f11942
[29/08/2011 - 11:56:20 | D ] C:\boot
[14/07/2009 - 03:38:58 | RASH | 383562] C:\bootmgr
[01/09/2011 - 18:30:17 | D ] C:\Config.Msi
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[01/09/2011 - 20:33:50 | ASH | 3195420672] C:\hiberfil.sys
[30/06/2011 - 11:58:38 | D ] C:\HP
[22/08/2009 - 00:10:55 | RHD ] C:\MSOCache
[01/09/2011 - 20:33:53 | ASH | 4260560896] C:\pagefile.sys
[13/08/2011 - 11:29:07 | D ] C:\preload
[03/08/2011 - 15:59:34 | D ] C:\Program Files
[01/09/2011 - 01:37:02 | D ] C:\Program Files (x86)
[01/09/2011 - 20:35:40 | HD ] C:\ProgramData
[30/06/2011 - 12:27:45 | SHD ] C:\Recovery
[30/06/2011 - 12:32:24 | D ] C:\SwSetup
[01/09/2011 - 19:08:05 | SHD ] C:\System Volume Information
[30/06/2011 - 12:27:54 | D ] C:\SYSTEM.SAV
[01/09/2011 - 20:40:58 | D ] C:\UsbFix
[01/09/2011 - 20:39:46 | A | 2140] C:\UsbFix.txt
[01/09/2011 - 14:52:15 | N | 13521529] C:\UsbFix_Upload_Me_LAURA-REMY-PC.zip
[30/06/2011 - 12:26:13 | D ] C:\Users
[31/08/2011 - 13:24:39 | D ] C:\Windows
[01/09/2011 - 20:31:17 | D ] C:\_OTL
[01/09/2011 - 20:40:58 | SHD ] D:\$RECYCLE.BIN
[01/09/2011 - 14:52:12 | D ] D:\Autorun.inf
[29/08/2011 - 11:56:20 | D ] D:\boot
[14/07/2009 - 20:39:00 | ASH | 383562] D:\bootmgr
[30/06/2011 - 12:32:25 | N | 0] D:\BT_HP.FLG
[23/08/2009 - 02:02:32 | N | 432] D:\CSP.DAT
[23/08/2009 - 02:10:06 | N | 11403] D:\DeployRp.log
[31/10/2009 - 22:47:44 | D ] D:\hp
[29/06/2011 - 14:02:34 | N | 20] D:\HPSF_Rep.txt
[31/10/2009 - 22:47:36 | N | 8] D:\HP_WSD.dat
[30/06/2011 - 12:32:25 | N | 22] D:\language.ini
[31/10/2009 - 22:47:44 | D ] D:\preload
[30/06/2011 - 12:27:54 | SD ] D:\Recovery
[23/08/2009 - 02:09:56 | N | 0] D:\RPCONFIG.LOG
[02/01/2010 - 14:43:28 | SHD ] D:\System Volume Information
[31/10/2009 - 22:47:44 | D ] D:\system.sav

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_LAURA-REMY-PC.zip
http://www.teamxscript.org/Upload.php
Merci de votre contribution.

################## | E.O.F |
1 Septembre 2011 20:56:26

Et aprés?
Aufaite a quoi sert MCPR ?
1 Septembre 2011 23:20:07

rem59 a dit :
Et aprés?
Aufaite a quoi sert MCPR ?


MCPR est utilisé pour supprimer toutes traces de McAfee. (version souvent installé avec le PC et sous licence temporaire.

Comment se comporte le PC maintenant ?
2 Septembre 2011 10:32:46

le pc va mieu
je peux formaté ma clef usb maintenant?
2 Septembre 2011 10:44:07

car manuelement je ne peux pas supprimer le dossier RECYCLER et Autorun.inf
a mon avis c'est parce qu il si trouve le vaccin d'UsbFix
2 Septembre 2011 14:28:26

:hello: 

rem59 a dit :
car manuelement je ne peux pas supprimer le dossier RECYCLER et Autorun.inf
a mon avis c'est parce qu il si trouve le vaccin d'UsbFix

RECYCLER est la corbeille. Tu peux la vider en cliquant-droit sur la corbeille de ton bureau pour la vider. Mais tu ne peux pas la supprimer.
Autorun.inf est, effectivement le "vaccin" de ta clé. Il est protégé pour limiter l'accès d'une autre infection.


on passe au ménage ;)  :

Purge points de restauration

• Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le relancer.
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

• Copie/colle ce qui suit dans le cadre Personnalisation en bas à gauche.
:Commands
[CLEARALLRESTOREPOINTS]

• Puis clique sur le bouton Correction en haut à gauche
• Si le pc demande à redémarrer accepte.


Désinstallation des outils utilisés

• Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le relancer.
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

• Clique sur le bouton Purge d'outils
• Valide l'avertissement par OK et laisse le pc redémarrer


Pour aller plus loin dans ta protection et éviter de te faire réinfecter voici quelques conseils supplémentaires :

Attention lors de l'installation de logiciel :
Veiller à toujours lire les conditions d'utilisation (CLUF), afin de déceler la gestion des données personnelles, l'installation de sponsors publicitaires ou toutes autres atteintes à la vie privée. Refuser les toolbars et autres addons proposés.

Utiliser un navigateur alternatif pour surfer de manière plus sécurisée :
Firefox offre une meilleure sécurité par rapport à Internet Explorer, surtout si on le complète de quelques plugins très intéressant : Noscript et WOT par exemple.

Surfer sans les droits d'administration : En session limitée ou avec DropMyRight
Cela diminue considérablement les risques d'infections, car certaines infections ne peuvent alors plus s'installer.

Maintenir ses logiciels et son système à jour :
De nombreuses infections sont dues à des failles de windows, mais aussi de logiciel tiers, comme Sun Java, Adobe Acrobat Reader, etc
Tu peux faire un scan de vulnérabilité pour connaître tes logiciels présentant des failles non corrigées ou à mettre à jour.

Enfin, le plus important reste ton comportement sur ton PC, tu restes la plus importante protection. Évites les comportement à risque : P2P, cracks, téléchargements et installations douteux via des pubs, les messageries instantanées, ou des sites inconnu, sites pornographiques ...
A lire !


Si tu estimes ton sujet résolu :
• Ajoute maintenant [Résolu] au titre. Pour cela :
• Clique, dans ton premier message, sur le bouton "Editer" ; rajoute la mention [Résolu] au titre ; clique ensuite sur "Valider votre message"
2 Septembre 2011 17:51:38

OK tous est fait! merci de ton aide trés professionel ;) 
bonne continuation
2 Septembre 2011 18:31:26

je crois bien qu'il est de retour!
setup2880405752.exe etc...
2 Septembre 2011 18:36:59

voila la recherche

############################## | UsbFix 7.058 | [Recherche]

Utilisateur: LAURA - REMY (Administrateur) # LAURA-REMY-PC [Hewlett-Packard HP Pavilion dv6 Notebook PC]
Mis à jour le 24/08/2011 par El Desaparecido
Lancé à 18:33:04 | 02/09/2011
Site Web: http://www.teamxscript.org
Submit your sample: http://www.teamxscript.org/Upload.php
Contact: TeamXscript.ElDesaparecido@gmail.com

CPU: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
Internet Explorer 8.0.7601.17514

Pare-feu Windows: Désactivé /!\
RAM -> 4063 Mo
C:\ (%systemdrive%) -> Disque fixe # 285 Go (224 Go libre(s) - 78%) [] # NTFS
D:\ -> Disque fixe # 13 Go (2 Go libre(s) - 17%) [RECOVERY] # NTFS
E:\ -> CD-ROM

################## | Éléments infectieux |

Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup1326898380.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup1407106464.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup1730683072.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup2312339456.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup2479821184.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup2523159712.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup2880405752.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup3085762240.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup369882012.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup3850381904.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup929786580.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup938995712.exe
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup1326898380.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup1407106464.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup1730683072.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup2312339456.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup2479821184.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup2523159712.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup2880405752.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup3085762240.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup369882012.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup3850381904.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup929786580.exe.manifest
Présent! C:\Users\LAURA-~1\AppData\Local\Temp\setup938995712.exe.manifest

################## | Registre |


################## | Mountpoints2 |


################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (TeamXscript)

################## | E.O.F |
3 Septembre 2011 00:33:55

Bonsoir.

Si tu n'as pas connecté de clé USB que l'on avait pas traité, c'est que j'ai loupé quelque chose lors de mes analyses.

On va reprendre avec 2 autres outils : [EDIT] Voir message suivant..

Télécharge ZHPDiag de Nicolas Coolman et sauvegarde-le sur le Bureau.

• Dézippe le fichier ZHPDiag.zip sur ton bureau.
• Double-clique sur ZHPDiag.exe afin de lancer ZHPDiag.
• Coche les options Choix défini par le helper] et clique sur le bouton Lancer le diagnostic.
• Lorsque l'analyse sera terminée, un fichier au format texte s'affiche dans la zone résultat de droite.
• Clique sur le bouton Sauvegarder le fichier sous et valide ZHPDiag.Txt.
Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
3 Septembre 2011 10:17:56

Bonjour.

Je viens d'avoir une information interessante.
Laisse tomber, pour le moment ZHPDiag et lance ceci à la place :


Traitement avec TDSSKiller
• Telecharge sur ton bureau TDSSkiller
• Dezippe le , execute le fichier, La fenêtre suivante va s'ouvrir


• Clique sur Start scan et laisse l'outil scanner ton disque dur sans l'interrompre et sans utiliser le PC.
• Si des fichiers infectés sont trouvées, une nouvelle fenêtre va s'ouvrir:


• Si TDSS.tdl2 est détecté, l'option delete sera cochée par défaut.
• Si TDSS.tdl3 est détecté, assure toi que Cure est bien cochée.
• Si TDSS.tdl4 (mbr) est détecté assure toi que Cure est bien coché.
• Si Suspicious file est indiqué, laisse l'option cochée sur Skip
• Clique sur Continue puis sur Reboot now pour redémarrer le PC.

• Poste le rapport dans ta prochaine réponse. Il est sauvegardé à la racine de ta partition système sous le nom C:\ TDSSKiller.x.x.x.x_date_heure_log.txt

Info : http://support.kaspersky.com/fr/faq/?qid=208280685

3 Septembre 2011 12:25:38

bonjour, TDSSkiller n'a rien trouvé
bisard quand meme j'ai refais toutes les etapes par moi meme
peux etre que la maintenant c'est bon !!??

dit moi quel outils utiliser pour tous verifier si je n'ai plus d'infection sur mon pc et sur ma clef usb, merci
3 Septembre 2011 12:36:04

Rapport de ZHPDiag v1.28.1346 par Nicolas Coolman, Update du 29/08/2011
Run by LAURA - REMY at 03/09/2011 12:32:05
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.h...


---\\ Web Browser
MSIE: Internet Explorer v8.0.7601.17514 (Defaut)

---\\ Windows Product Information
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4063 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 223 GB (78%) free of 285 GB

---\\ Logged in mode
~ Computer Name: LAURA-REMY-PC
~ User Name: LAURA - REMY
~ All Users Names: LAURA - REMY, HomeGroupUser$, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\LAURA - REMY\AppData\Roaming\
~ %Desktop% : C:\Users\LAURA - REMY\Desktop\
~ %Favorites% : C:\Users\LAURA - REMY\Favorites\
~ %LocalAppData% : C:\Users\LAURA - REMY\AppData\Local\
~ %StartMenu% : C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 223 Go of 285 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Free 8 Go of 8 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoDispScrSavPage: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.30/06/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.DD81D91FF3B0763C392422865C9AC12E] - (....) (.14/07/2009 - 02:39:31.) -- C:\Windows\system32\rundll32.exe [45568]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\system32\Wininit.exe [129024]
[MD5.1A36497983C867FB85FF1DCD4933015F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.11/08/2011 - 07:20:53.) -- C:\Windows\system32\wininet.dll [1188864]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.02/07/2011 - 14:25:30.) -- C:\Windows\system32\Winlogon.exe [390656]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\drivers\atapi.sys [24128]
[MD5.A2F74975097F52A00745F9637451FDD8] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.13/07/2011 - 07:41:34.) -- C:\Windows\system32\drivers\ntfs.sys [1659776]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.02/07/2011 - 14:27:26.) -- C:\Windows\system32\sppcomapi.dll [232448]
[MD5.0D57D091E06BB1E58E72E5D08479FDDF] - (....) (.02/07/2011 - 14:07:20.) -- C:\Windows\system32\fr-FR\user32.dll.mui [20480]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 51/1417
~ Mes musiques (My Musics) : 93/312
~ Mes Favoris (My Favorites) : 3/30
~ Mes Documents (My Documents) : 1/177
~ Mon Bureau (My Desktop) : 1/20
~ Menu demarrer (Programs) : 7/36
~ Scan Hidden Files in 00mn 01s



---\\ Processus lancés
[MD5.60FF7E28B7BADD7235874831AD2369C8] - (.Symantec Corporation - Norton Disk Doctor Service Proxy.) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe [406888] [PID.3036]
[MD5.9DE48BB2355B92E825DF33B5E64BC01B] - (.Symantec Corporation - Norton SpeedDisk Service Proxy.) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe [406888] [PID.2620]
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.3108]
[MD5.0771A5C3B78967F9F83C1C429334AD2A] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [320056] [PID.3280]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576] [PID.3308]
[MD5.79C37AE932A4EECF92DD96ACE8D5EFDE] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768] [PID.3336]
[MD5.13E7CFE8E269ED15E7FC9C3EBBCB7E2B] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696] [PID.3092]
[MD5.4EB0C6C3EF4D8885CF2B5D0062F31E44] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376] [PID.3520]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe [632888] [PID.4564]
[MD5.C65B115A03DB0260895DE96681E88221] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [128296] [PID.5072]
[MD5.FCB358973491095D026BB289EA5CC75A] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe [115712] [PID.4580]
[MD5.745EE2C6FB0B43C9F00E017F5E5D7317] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [307376] [PID.2960]
[MD5.7914370AAC5CDE8DCAE1C674A6C90229] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [669696] [PID.4364]
[MD5.DEE9A1F74FE79AC6750A8F6A646E8E09] - (.Avira GmbH - Antivirus Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [136360] [PID.]
[MD5.11A52CF7B265631DEEB24C6149309EFF] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64952] [PID.]
[MD5.5F155082B0231D819AD818DFA3E97837] - (.Avira GmbH - Firewall NT service process.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [567464] [PID.]
[MD5.A955FE9CB5BEB4C84E0AD698166C428F] - (.Avira GmbH - Antivirus On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [269480] [PID.]
[MD5.7C85CC5570BF718D2B9AD9F53B1B5B55] - (.Symantec Corporation - Norton Disk Doctor Service.) -- C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [1029480] [PID.]
[MD5.83D8BE94E1CBCBE2EA8372DB1A95A159] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.]
[MD5.498EB62A160674E793FA40FD65390625] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152] [PID.]
[MD5.A8493E43F9D4B22BBED2D424D03ED273] - (.Symantec Corporation - Norton SpeedDisk Service.) -- C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [1037672] [PID.]
[MD5.41C7C09236F2E7FEDFD51A63CD278195] - (.Avira GmbH - Antivirus MailScanner Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [340136] [PID.]
[MD5.B0915871C47A1042F2A84575949FFB8F] - (.Avira GmbH - AntiVir WebGuard Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [428200] [PID.]
[MD5.37036C07983EF1024B2FF3C28AAE5700] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [366640] [PID.]
[MD5.FDF273A845F1FFCCEADF363AAF47582F] - (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [229944] [PID.]
[MD5.F9A79C5B27037821112C50A9C8FB367A] - (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [228408] [PID.]
~ Scan Processes Running in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\LAURA - REMY\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.fr
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@divx.com/DivX VOD Helper,version=1.0.0] - (.DivX, LLC. - DivX VOD Helper Plug-in.) -- C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com
R0 - HKUS\S-1-5-21-3301899893-2849603091-1553462813-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKUS\S-1-5-21-3301899893-2849603091-1553462813-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Scan Hosts File in 00mn 00s



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O2 - BHO: Google Toolbar Notifier BHO [64Bits] - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> [64Bits] - {326E768D-4182-46FD-9C16-1449A49795F4} . (.DivX, LLC - DivX Plus Web Player HTML5 <video> version.) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHT
O2 - BHO: Search Helper [64Bits] - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation - Search Helper for Internet Explorer.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO [64Bits] - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: URLRedirectionBHO [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar BHO [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (.Microsoft Corporation - Bing Bar.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
~ Scan BHO in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propriétaire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Vsibexin]
O4 - HKCU\..\Run: [AfcOrtxk] C:\Users\LAURA - REMY\AppData\Local\rynchqow\afcortxk.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [HPCam_Menu] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePRCShortCut] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Wow6432Node\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [FLxHCIm] . (.Windows (R) Win 7 DDK provider - Fresco Logic.) -- C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-3301899893-2849603091-1553462813-1001\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-3301899893-2849603091-1553462813-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-3301899893-2849603091-1553462813-1001\..\Run: [Vsibexin]
O4 - HKUS\S-1-5-21-3301899893-2849603091-1553462813-1001\..\Run: [AfcOrtxk] C:\Users\LAURA - REMY\AppData\Local\rynchqow\afcortxk.exe (.not file.)
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\LAURA - REMY\Desktop\AVS Audio Converter.lnk . (.Online Media Technologies Ltd..) -- C:\Program Files (x86)\AVS4YOU\AVSAudioConverter\AVSAudioConverter.exe
O4 - Global Startup: C:\Users\LAURA - REMY\Desktop\AVS Video Converter.lnk . (.Online Media Technologies Ltd..) -- C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe
O4 - Global Startup: C:\Users\LAURA - REMY\Desktop\dfrgui.lnk . (.Microsoft Corporation.) -- C:\Windows\system32\dfrgui.exe
O4 - Global Startup: C:\Users\LAURA - REMY\Desktop\Disk Cleanup.lnk . (.Microsoft Corporation.) -- C:\Windows\system32\cleanmgr.exe
O4 - Global Startup: C:\Users\LAURA - REMY\Desktop\Glary Utilities.lnk . (.Glarysoft Ltd.) -- C:\Program Files (x86)\Glary Utilities\Glary Utilities\Integrator.exe
O4 - Global Startup: C:\Users\LAURA - REMY\Desktop\internet.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\LAURA - REMY\Desktop\LAURA - REMY - Raccourci.lnk . (...) -- C:\Users\LAURA - REMY
O4 - Global Startup: C:\Users\LAURA - REMY\Desktop\Windows Defender - Raccourci.lnk - Clé orpheline
O4 - Global Startup: C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities.lnk . (.Glarysoft Ltd.) -- C:\Program Files (x86)\Glary Utilities\Glary Utilities\Integrator.exe
O4 - Global Startup: C:\Users\LAURA - REMY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Scan Global Startup in 00mn 00s



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Envoyer à OneNote . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll
O8 - Extra context menu item: Add to Google Photos Screensa&ver - (.not file.) - C:\Windows\system32\GPhotos.scr
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Excel.) -- C:\PROGRA~2\MICROS~4\Office14\EXCEL.exe
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\PROGRA~1\MICROS~2\Office14\ONBTTN~1.dll
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Scan Winsock in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
~ Scan Objets ActiveX in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DAC4397-34F6-4172-AA18-BD5BECBB22A5}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DAC4397-34F6-4172-AA18-BD5BECBB22A5}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DAC4397-34F6-4172-AA18-BD5BECBB22A5}: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: ms-itss [64Bits] - {0A9007C0-4076-11D3-8789-0000F8105754} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\system32\mscoree.dll
O18 - Filter: deflate [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Filter: gzip [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
~ Scan Protocole Additionnel in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira FireWall (AntiVirFirewallService) . (.Avira GmbH - Firewall NT service process.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) . (.Avira GmbH - Antivirus MailScanner Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) . (.Avira GmbH - AntiVir WebGuard Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
O23 - Service: Norton Disk Doctor Service (DiskDoctorService) . (.Symantec Corporation - Norton Disk Doctor Service.) - C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service (HP Health Check Service) . (.Hewlett-Packard - HP Health Check Service.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Service (hpsrv) . (.Hewlett-Packard Company - HpService.) - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Norton SpeedDisk Service (SpeedDiskService) . (.Symantec Corporation - Norton SpeedDisk Service.) - C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
O23 - Service: Audio Service (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\NUSchedule.job
[MD5.00000000000000000000000000000000] [APT] [4774] (...) -- C:\Users\LAURA - REMY\AppData\Local\Temp\launchie.vbs \\B (.not file.)
[MD5.00000000000000000000000000000000] [APT] [712804f0] (...) -- C:\Users\LAURA - REMY\AppData\Local\Temp\setup712848112.exe (.not file.)
[MD5.C65B115A03DB0260895DE96681E88221] [APT] [DVDAgent] (.CyberLink Corp..) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
[MD5.FEB7877FE918FB9549601666E6BC59EF] [APT] [GlaryInitialize] (.Glarysoft Ltd.) -- C:\Program Files (x86)\Glary Utilities\Glary Utilities\initialize.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.3EE1D9A49A7955042CB48145D173DCF9] [APT] [NUSchedule] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Utilities 15\nu.exe
[MD5.28B01A58758B08F9B2086DBAAEAE791E] [APT] [RecoveryCDWin7] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe
[MD5.52B80E0B6416AC768C70DDA3418A5045] [APT] [RMCreator] (.CyberLink.) -- C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe
[MD5.ACB856FE8856E8091F5EF0ADB6450A55] [APT] [PC Health Analysis] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
[MD5.ACB856FE8856E8091F5EF0ADB6450A55] [APT] [PC Tuneup] (.Hewlett-Packard.) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
~ Scan Scheduled Task in 00mn 03s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avfwot) . (.Avira GmbH - TDI filtering kernel driver.) - C:\Windows\system32\DRIVERS\avfwot.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\system32\DRIVERS\avipbb.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\system32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\system32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\system32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\system32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\system32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\system32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\system32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\system32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\system32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\system32\drivers\rdprefmp.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\Windows\system32\DRIVERS\serial.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\system32\DRIVERS\wfplwf.sys
O41 - Driver: Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0 (ws2ifsl) . (.Microsoft Corporation - Couche IFS Winsock2.) - C:\Windows\system32\drivers\ws2ifsl.sys
~ Scan Drivers in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: AVS Audio Converter version 7 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Audio Converter_is1
O42 - Logiciel: AVS Update Manager 1.0 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Update Manager_is1
O42 - Logiciel: AVS Video Converter 8 - (.Online Media Technologies Ltd..) [HKLM] -- AVS4YOU Video Converter 7_is1
O42 - Logiciel: AVS4YOU Software Navigator 1.4 - (.Online Media Technologies Ltd..) [HKLM] -- AVS4YOU Software Navigator_is1
O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 ActiveX 64-bit - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX 64
O42 - Logiciel: Advanced Archive Password Recovery - (.ElcomSoft Co. Ltd..) [HKCU] -- Advanced Archive Password Recovery
O42 - Logiciel: Avira Premium Security Suite - (.Avira GmbH.) [HKLM] -- Avira AntiVir Desktop
O42 - Logiciel: Broadcom 802.11 Wireless LAN Adapter - (.Broadcom Corporation.) [HKLM] -- Broadcom 802.11 Wireless LAN Adapter
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Configuration DivX - (.DivX, LLC.) [HKLM] -- DivX Setup
O42 - Logiciel: CyberLink DVD Suite - (.CyberLink Corp..) [HKLM] -- InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: CyberLink DVD Suite - (.CyberLink Corp..) [HKLM] -- {1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}
O42 - Logiciel: Definition update for Microsoft Office 2010 (KB982726) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{06C723B9-ADF5-42BC-B949-D14D6C6628B9}
O42 - Logiciel: ENE CIR Receiver Driver - (.ENE.) [HKLM] -- FFE7D41DF3C645075BB149E21988B63996C34187
O42 - Logiciel: Glary Utilities Pro 2.36.0.1232 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {5B295588-59C1-4386-9F85-BB4BEDCB0D22}
O42 - Logiciel: HP Games - (.WildTangent.) [HKLM] -- WildTangent hp Master Uninstall
O42 - Logiciel: HP MediaSmart DVD - (.Hewlett-Packard.) [HKLM] -- InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}
O42 - Logiciel: HP MediaSmart DVD - (.Hewlett-Packard.) [HKLM] -- {DCCAD079-F92C-44DA-B258-624FC6517A5A}
O42 - Logiciel: HP MediaSmart Webcam - (.Hewlett-Packard.) [HKLM] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: HP MediaSmart Webcam - (.Hewlett-Packard.) [HKLM] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: HP Quick Launch Buttons - (.Hewlett-Packard.) [HKLM] -- {34D2AB40-150D-475D-AE32-BD23FB5EE355}
O42 - Logiciel: HP Setup - (.Hewlett-Packard.) [HKLM] -- {F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}
O42 - Logiciel: HP Support Assistant - (.Hewlett-Packard.) [HKLM] -- {4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}
O42 - Logiciel: IDT Audio - (.IDT.) [HKLM] -- {E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
O42 - Logiciel: LabelPrint - (.CyberLink Corp..) [HKLM] -- InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: LabelPrint - (.CyberLink Corp..) [HKLM] -- {C59C179C-668D-49A9-B6EA-0121CCFC1243}
O42 - Logiciel: Malwarebytes' Anti-Malware version 1.51.1.1800 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-0015-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-0016-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-0018-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-0019-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-001A-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-001B-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-001F-0401-0000-0000000FF1CE}_Office14.PROPLUS_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUS_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-002A-040C-1000-0000000FF1CE}_Office14.PROPLUS_{0CCCD9C7-637C-41CA-A293-6E9992109B09}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-002C-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C8E4AA87-3E5A-4C70-8CB7-43FE25C99B74}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-0044-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-006E-040C-0000-0000000FF1CE}_Office14.PROPLUS_{7C5C7E8C-F6D2-43AC-93A4-89E4FF7367E6}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-00A1-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}
O42 - Logiciel: Microsoft Office 2010 Service Pack 1 (SP1) - (.Microsoft.) [HKLM] -- {90140000-00BA-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}
O42 - Logiciel: Microsoft Office Professionnel Plus 2010 - (.Microsoft Corporation.) [HKLM] -- Office14.PROPLUS
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Norton Utilities 15 - (.Symantec Corporation.) [HKLM] -- Norton Utilities 15_is1
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3
O42 - Logiciel: Power2Go - (.CyberLink Corp..) [HKLM] -- InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: Power2Go - (.CyberLink Corp..) [HKLM] -- {40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: PowerDirector - (.CyberLink Corp..) [HKLM] -- InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: PowerDirector - (.CyberLink Corp..) [HKLM] -- {CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: PowerRecover - (.CyberLink Corp..) [HKLM] -- {44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}
O42 - Logiciel: Realtek 8136 8168 8169 Ethernet Driver - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2539636
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2478663
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2518870
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2468871) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871
O42 - Logiciel: Update for Microsoft .NET Framework 4 Client Profile (KB2533523) - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523
O42 - Logiciel: Update for Microsoft Office 2010 (KB2494150) - (.Microsoft.) [HKLM] -- {90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}
O42 - Logiciel: VLC media player 1.1.10 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: WinRAR 4.01 (64-bit) - (.win.rar GmbH.) [HKLM] -- WinRAR archiver

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATI]
[HKCU\Software\AVS4YOU]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\DivX]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avira]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\DivXNetworks]
[HKCU\Software\DivX]
[HKCU\Software\Ease-Soft]
[HKCU\Software\ElcomSoft]
[HKCU\Software\GNU]
[HKCU\Software\GlarySoft]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\JavaSoft]
[HKCU\Software\LightScribe]
[HKCU\Software\Macromedia]
[HKCU\Software\Mainconcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\PC Speed Maximizer]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\Softonic]
[HKCU\Software\Symantec]
[HKCU\Software\Synaptics]
[HKCU\Software\Trolltech]
[HKCU\Software\Usbfix]
[HKCU\Software\WinRAR SFX]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\YahooPartnerToolbar]
[HKLM\Software\AMD]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\Agere]
[HKLM\Software\Avira]
[HKLM\Software\BcmSetup]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CXT]
[HKLM\Software\Caphyon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Cyberlink]
[HKLM\Software\Dell Computer Corporation]
[HKLM\Software\Digital River]
[HKLM\Software\DivXNetworks]
[HKLM\Software\DivX]
[HKLM\Software\EasyBits]
[HKLM\Software\ElcomSoft]
[HKLM\Software\GlarySoft]
[HKLM\Software\Google]
[HKLM\Software\HPQLOG]
[HKLM\Software\HPQ]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IDT]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\LSI]
[HKLM\Software\LabelPrint_Upgrade]
[HKLM\Software\Licenses]
[HKLM\Software\LightScribe]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\P2G_Upgrade]
[HKLM\Software\PDR_Upgrade]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Product_Upgrade]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\S3R521]
[HKLM\Software\Sonic]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\VideoLAN]
[HKLM\Software\Volatile]
[HKLM\Software\WildTangent]
[HKLM\Software\WinRAR]
[HKLM\Software\Wow6432Node]
[HKLM\Software\X-AVCSD]
~ Scan Softwares in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 30/06/2011 - 11:38:16 - [19025426] ----D- C:\Program Files\ATI
O43 - CFD: 30/06/2011 - 11:42:14 - [12238130] ----D- C:\Program Files\Broadcom
O43 - CFD: 03/07/2011 - 01:14:58 - [7422296] ----D- C:\Program Files\CCleaner
O43 - CFD: 14/07/2009 - 05:20:10 - [62592701] ----D- C:\Program Files\Common Files
O43 - CFD: 30/06/2011 - 11:40:30 - [930576] ----D- C:\Program Files\DIFX
O43 - CFD: 22/08/2011 - 23:25:50 - [7727936] ----D- C:\Program Files\DivX
O43 - CFD: 02/07/2011 - 12:42:08 - [90256916] ----D- C:\Program Files\DVD Maker
O43 - CFD: 30/06/2011 - 12:26:02 - [0] -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 20/07/2011 - 12:19:38 - [3772580] ----D- C:\Program Files\Fresco Logic Inc
O43 - CFD: 30/06/2011 - 13:21:14 - [341048] ----D- C:\Program Files\Google
O43 - CFD: 30/06/2011 - 11:56:38 - [4452984] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 30/06/2011 - 11:41:34 - [41662676] ----D- C:\Program Files\IDT
O43 - CFD: 11/08/2011 - 19:08:08 - [5184519] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 22/08/2009 - 01:19:40 - [79489704] ----D- C:\Program Files\Java
O43 - CFD: 30/06/2011 - 21:31:18 - [149237810] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 30/08/2011 - 01:17:02 - [24047239] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 07/07/2011 - 03:18:30 - [4366667] ----D- C:\Program Files\Microsoft Security Client
O43 - CFD: 14/07/2009 - 07:32:40 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 30/06/2011 - 12:28:28 - [126093] R---D- C:\Program Files\Online Services
O43 - CFD: 14/07/2009 - 07:32:40 - [36813993] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 30/06/2011 - 11:40:02 - [35901467] ----D- C:\Program Files\Synaptics
O43 - CFD: 14/07/2009 - 07:09:28 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 07/07/2011 - 03:18:40 - [4039680] ----D- C:\Program Files\Windows Defender
O43 - CFD: 02/07/2011 - 12:42:08 - [6667776] ----D- C:\Program Files\Windows Mail
O43 - CFD: 03/08/2011 - 15:34:18 - [7687085] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 30/06/2011 - 12:26:02 - [12627636] ----D- C:\Program Files\Windows NT
O43 - CFD: 02/07/2011 - 12:42:08 - [5516056] ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 02/07/2011 - 12:42:08 - [244736] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 03/08/2011 - 15:34:18 - [11374636] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 13/08/2011 - 09:52:02 - [4728633] ----D- C:\Program Files\WinRAR
O43 - CFD: 30/08/2011 - 01:17:48 - [49786940] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 14/07/2009 - 05:20:10 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 14/07/2009 - 05:20:10 - [608768] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 22/08/2009 - 08:49:40 - [12194291] ----D- C:\Program Files\Common Files\System
O43 - CFD: 19/08/2011 - 18:05:30 - [189358546] ----D- C:\ProgramData\Adobe
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 30/06/2011 - 11:39:40 - [188] ----D- C:\ProgramData\ATI
O43 - CFD: 07/07/2011 - 18:34:14 - [230112301] ----D- C:\ProgramData\Avira
O43 - CFD: 22/08/2011 - 23:51:12 - [0] ----D- C:\ProgramData\AVS4YOU
O43 - CFD: 30/06/2011 - 12:26:02 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 23/08/2011 - 15:28:48 - [40600] ----D- C:\ProgramData\CyberLink
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Desktop
O43 - CFD: 22/08/2011 - 23:26:04 - [4894048] ----D- C:\ProgramData\DivX
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 30/06/2011 - 12:26:02 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Favorites
O43 - CFD: 30/06/2011 - 13:21:30 - [539746] ----D- C:\ProgramData\Google
O43 - CFD: 17/08/2011 - 15:00:32 - [7160229] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 28/07/2011 - 08:50:58 - [7336473] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 30/06/2011 - 12:26:02 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 30/08/2011 - 01:19:52 - [304835649] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 01/09/2011 - 17:39:42 - [66576] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 30/06/2011 - 12:26:02 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 30/06/2011 - 23:18:28 - [276] ----D- C:\ProgramData\Norton
O43 - CFD: 29/08/2011 - 10:47:46 - [150] ----D- C:\ProgramData\Norton Installer
O43 - CFD: 21/08/2009 - 23:14:12 - [10337367] ----D- C:\ProgramData\NortonInstaller
O43 - CFD: 13/08/2011 - 21:42:06 - [62083] ----D- C:\ProgramData\Recovery
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 30/06/2011 - 12:47:44 - [155] ----D- C:\ProgramData\Sun
O43 - CFD: 29/08/2011 - 10:47:18 - [693615] ----D- C:\ProgramData\Symantec
O43 - CFD: 02/09/2011 - 19:00:04 - [708963] ---AD- C:\ProgramData\Temp
O43 - CFD: 14/07/2009 - 07:08:58 - [0] -SH-D- C:\ProgramData\Templates
O43 - CFD: 17/08/2011 - 13:20:10 - [38088700] ----D- C:\ProgramData\WildTangent
O43 - CFD: 05/07/2011 - 09:01:44 - [3381653] ----D- C:\Users\LAURA - REMY\AppData\Roaming\Adobe
O43 - CFD: 30/06/2011 - 12:32:54 - [0] ----D- C:\Users\LAURA - REMY\AppData\Roaming\ATI
O43 - CFD: 01/07/2011 - 11:39:56 - [13312] ----D- C:\Users\LAURA - REMY\AppData\Roaming\Avira
O43 - CFD: 23/08/2011 - 15:23:38 - [249715] ----D- C:\Users\LAURA - REMY\AppData\Roaming\AVS4YOU
O43 - CFD: 23/08/2011 - 15:27:46 - [424652] ----D- C:\Users\LAURA - REMY\AppData\Roaming\CyberLink
O43 - CFD: 03/08/2011 - 18:22:08 - [161792] ----D- C:\Users\LAURA - REMY\AppData\Roaming\DivX
O43 - CFD: 05/07/2011 - 09:18:20 - [48809] ----D- C:\Users\LAURA - REMY\AppData\Roaming\GlarySoft
O43 - CFD: 30/06/2011 - 13:29:32 - [3000] ----D- C:\Users\LAURA - REMY\AppData\Roaming\Google
O43 - CFD: 06/07/2011 - 11:08:56 - [34388] ----D- C:\Users\LAURA - REMY\AppData\Roaming\Hewlett-Packard
O43 - CFD: 31/08/2011 - 10:23:38 - [436] ----D- C:\Users\LAURA - REMY\AppData\Roaming\HP Support Assistant
O43 - CFD: 30/06/2011 - 12:28:32 - [34492] ----D- C:\Users\LAURA - REMY\AppData\Roaming\HP TCS
O43 - CFD: 30/06/2011 - 12:32:20 - [4112] ----D- C:\Users\LAURA - REMY\AppData\Roaming\hpqlog
O43 - CFD: 31/08/2011 - 10:23:38 - [4337] ----D- C:\Users\LAURA - REMY\AppData\Roaming\HpUpdate
O43 - CFD: 30/06/2011 - 12:32:30 - [0] ----D- C:\Users\LAURA - REMY\AppData\Roaming\Identities
O43 - CFD: 02/09/2011 - 18:28:12 - [770] ----D- C:\Users\LAURA - REMY\AppData\Roaming\Macromedia
O43 - CFD: 28/07/2011 - 08:51:26 - [123923] ----D- C:\Users\LAURA - REMY\AppData\Roaming\Malwarebytes
O43 - CFD: 30/06/2011 - 21:31:18 - [0] ----D- C:\Users\LAURA - REMY\AppData\Roaming\Media Center Programs
O43 - CFD: 29/08/2011 - 11:19:16 - [19092279] -S--D- C:\Users\LAURA - REMY\AppData\Roaming\Microsoft
O43 - CFD: 29/08/2011 - 11:21:30 - [4991692] ----D- C:\Users\LAURA - REMY\AppData\Roaming\Norton Utilities
O43 - CFD: 03/07/2011 - 13:54:24 - [1503718] ----D- C:\Users\LAURA - REMY\AppData\Roaming\OpenOffice.org
O43 - CFD: 02/07/2011 - 12:02:10 - [0] ----D- C:\Users\LAURA - REMY\AppData\Roaming\PC Speed Maximizer
O43 - CFD: 02/07/2011 - 12:02:10 - [0] ----D- C:\Users\LAURA - REMY\AppData\Roaming\RegistryKeys
O43 - CFD: 06/07/2011 - 11:42:38 - [13824] ----D- C:\Users\LAURA - REMY\AppData\Roaming\Template
O43 - CFD: 30/07/2011 - 12:01:46 - [83163] ----D- C:\Users\LAURA - REMY\AppData\Roaming\vlc
O43 - CFD: 04/07/2011 - 10:28:26 - [295] ----D- C:\Users\LAURA - REMY\AppData\Roaming\Windows Live Writer
O43 - CFD: 03/07/2011 - 01:13:42 - [12] ----D- C:\Users\LAURA - REMY\AppData\Roaming\WinRAR
O43 - CFD: 05/07/2011 - 09:01:44 - [15502964] ----D- C:\Users\LAURA - REMY\AppData\Local\Adobe
O43 - CFD: 30/06/2011 - 12:26:18 - [0] -SH-D- C:\Users\LAURA - REMY\AppData\Local\Application Data
O43 - CFD: 30/06/2011 - 12:32:54 - [60478] ----D- C:\Users\LAURA - REMY\AppData\Local\ATI
O43 - CFD: 30/06/2011 - 12:40:18 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\CyberLink
O43 - CFD: 02/09/2011 - 15:02:38 - [3206860] ----D- C:\Users\LAURA - REMY\AppData\Local\Diagnostics
O43 - CFD: 02/09/2011 - 15:02:42 - [802714] ----D- C:\Users\LAURA - REMY\AppData\Local\ElevatedDiagnostics
O43 - CFD: 17/08/2011 - 00:49:36 - [72202908] ----D- C:\Users\LAURA - REMY\AppData\Local\Google
O43 - CFD: 28/07/2011 - 21:00:50 - [237381] ----D- C:\Users\LAURA - REMY\AppData\Local\Hewlett-Packard
O43 - CFD: 30/06/2011 - 12:32:22 - [368] ----D- C:\Users\LAURA - REMY\AppData\Local\Hewlett-Packard_Company
O43 - CFD: 30/06/2011 - 12:26:18 - [0] -SH-D- C:\Users\LAURA - REMY\AppData\Local\Historique
O43 - CFD: 31/08/2011 - 21:35:08 - [370137537] ----D- C:\Users\LAURA - REMY\AppData\Local\Microsoft
O43 - CFD: 21/08/2011 - 11:28:06 - [240188] ----D- C:\Users\LAURA - REMY\AppData\Local\Microsoft Games
O43 - CFD: 19/08/2011 - 19:15:52 - [106180] ----D- C:\Users\LAURA - REMY\AppData\Local\Microsoft Help
O43 - CFD: 24/08/2011 - 11:56:10 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\PowerCinema
O43 - CFD: 03/09/2011 - 12:30:56 - [4643436] ----D- C:\Users\LAURA - REMY\AppData\Local\Temp
O43 - CFD: 30/06/2011 - 12:26:18 - [0] -SH-D- C:\Users\LAURA - REMY\AppData\Local\Temporary Internet Files
O43 - CFD: 03/08/2011 - 15:21:58 - [3780] ----D- C:\Users\LAURA - REMY\AppData\Local\VirtualStore
O43 - CFD: 12/07/2011 - 10:22:58 - [86016] ----D- C:\Users\LAURA - REMY\AppData\Local\Windows Live
O43 - CFD: 02/07/2011 - 11:19:52 - [372494] ----D- C:\Users\LAURA - REMY\AppData\Local\Windows Live Writer
O43 - CFD: 11/07/2011 - 09:35:24 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{05C2E548-C186-40ED-8216-5EE20418C6D3}
O43 - CFD: 05/07/2011 - 09:19:32 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{0C741A8E-D09A-4B5E-B706-4BF29EA82885}
O43 - CFD: 04/07/2011 - 21:18:56 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{1C6725EF-82D5-4782-8B7B-A1C2C2B2AB60}
O43 - CFD: 02/07/2011 - 23:18:50 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{2AE9985F-3938-42D3-A53A-3622959A37F5}
O43 - CFD: 09/07/2011 - 09:42:36 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{4EC61976-A89C-4C1F-A6B6-EDD7509206BB}
O43 - CFD: 05/07/2011 - 22:02:06 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{5834C573-FC89-48AA-B89F-B40832D4FD58}
O43 - CFD: 04/07/2011 - 09:08:30 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{58D0CAFD-B369-4137-8B4C-23A7B774DB4D}
O43 - CFD: 06/07/2011 - 10:59:32 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{64934F8F-DA28-4474-AA76-8CC70FE662A3}
O43 - CFD: 07/07/2011 - 17:41:38 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{829CB647-1320-4139-A214-E21AB65A3275}
O43 - CFD: 10/07/2011 - 21:07:16 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{87A1BDB5-E07A-4B0E-854B-AD687B03A202}
O43 - CFD: 12/07/2011 - 10:22:46 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{98B84124-852F-4D98-A871-62058A5C46AF}
O43 - CFD: 03/07/2011 - 11:19:26 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{9CDE983A-2D60-4166-A0CF-4B2F4AFF754F}
O43 - CFD: 10/07/2011 - 09:06:24 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{9E380A84-5AF7-449B-B1CA-513EB7937F43}
O43 - CFD: 04/07/2011 - 09:08:22 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{BFBB83C0-A204-4541-B22C-9336619CD4A7}
O43 - CFD: 08/07/2011 - 09:13:52 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{D332BA8C-FD20-4C5C-BE85-91C508E7D283}
O43 - CFD: 11/07/2011 - 21:36:12 - [0] ----D- C:\Users\LAURA - REMY\AppData\Local\{F4F8880A-358E-4408-83D0-4B6373FB14F5}
O43 - CFD: 01/09/2011 - 12:21:00 - [1555880] ----D- C:\Program Files (x86)\Ad-Remover
O43 - CFD: 04/07/2011 - 21:27:04 - [118365137] ----D- C:\Program Files (x86)\Adobe
O43 - CFD: 30/06/2011 - 11:39:24 - [84645021] ----D- C:\Program Files (x86)\ATI Technologies
O43 - CFD: 07/07/2011 - 19:20:56 - [160228305] ----D- C:\Program Files (x86)\Avira
O43 - CFD: 23/08/2011 - 01:50:22 - [79013485] ----D- C:\Program Files (x86)\AVS4YOU
O43 - CFD: 30/08/2011 - 01:20:10 - [563107402] ----D- C:\Program Files (x86)\Common Files
O43 - CFD: 22/08/2009 - 00:56:16 - [1009069566] ----D- C:\Program Files (x86)\CyberLink
O43 - CFD: 22/08/2011 - 23:26:04 - [102424974] ----D- C:\Program Files (x86)\DivX
O43 - CFD: 03/08/2011 - 09:00:44 - [6174838] ----D- C:\Program Files (x86)\ElcomSoft
O43 - CFD: 17/08/2011 - 12:30:26 - [42788805] ----D- C:\Program Files (x86)\Glary Utilities
O43 - CFD: 17/08/2011 - 13:31:06 - [99034361] ----D- C:\Program Files (x86)\Google
O43 - CFD: 03/08/2011 - 15:34:14 - [465087371] ----D- C:\Program Files (x86)\Hewlett-Packard
O43 - CFD: 22/08/2009 - 01:57:10 - [3116216] ----D- C:\Program Files (x86)\Hp
O43 - CFD: 21/08/2009 - 23:48:06 - [277423697] ----D- C:\Program Files (x86)\HP Games
O43 - CFD: 03/08/2011 - 15:25:18 - [166558309] --H-D- C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 11/08/2011 - 19:08:08 - [4596747] ----D- C:\Program Files (x86)\
3 Septembre 2011 12:45:54

avira me dit:
Guard: Autorun bloqué pour

C:\Autorun.inf
D:\Autorun.inf
G:\Autorun.inf
3 Septembre 2011 16:51:40



Le rapport Malwares Bytes

Lors du scan avec MBAM, tu avais : «Version de la base de données: 7628 »
La version actuelle est «Version de la base de données: 7643 »

• Relance MalwareBytes
• Clique sur l'onglet Mise à jour
• Clique sur le bouton Rechercher des Mises à jour
• Une fois la mise à jour effectuée, reviens sur l'onglet Recherche
• Clique sur Exécuter un examen complet
• Laisse travailler l'outil.
• Enregistre le rapport sur ton bureau.

Le rapport ZHPDiags est incomplet. : (trop grand pour le forum)

Merci de poster les rapports complets de ZHPDiag , TDSSKiller , Malwarebytes en utilisant ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
4 Septembre 2011 01:53:54

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Version de la base de données: 7645

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

03/09/2011 22:47:53
mbam-log-2011-09-03 (22-47-53).txt

Type d'examen: Examen complet (C:\|D:\|G:\|)
Elément(s) analysé(s): 330219
Temps écoulé: 34 minute(s), 26 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 14

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\UsbFix\quarantine\C\Users\LAURA-~1\AppData\Local\Temp\setup1326898380.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\Users\LAURA-~1\AppData\Local\Temp\setup1407106464.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\Users\LAURA-~1\AppData\Local\Temp\setup1730683072.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\Users\LAURA-~1\AppData\Local\Temp\setup2312339456.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\Users\LAURA-~1\AppData\Local\Temp\setup2479821184.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\Users\LAURA-~1\AppData\Local\Temp\setup2523159712.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\Users\LAURA-~1\AppData\Local\Temp\setup2880405752.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\Users\LAURA-~1\AppData\Local\Temp\setup3085762240.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\Users\LAURA-~1\AppData\Local\Temp\setup369882012.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\Users\LAURA-~1\AppData\Local\Temp\setup3850381904.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\Users\LAURA-~1\AppData\Local\Temp\setup929786580.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\UsbFix\quarantine\C\Users\LAURA-~1\AppData\Local\Temp\setup938995712.exe.vir (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\09022011_185229\C_Users\laura - remy\AppData\Local\rynchqow\afcortxk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\_OTL\movedfiles\09022011_185229\C_Users\laura - remy\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\afcortxk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
4 Septembre 2011 11:19:16

bonjour, ce matin avira a fait une alerte:
Guard: logiciel malveillant détecté
dans le fichier C:\Users\LAURA-REMY\AppData\...\rwsamnxeco.exe
un virus ou programme indésirable
TR/Crypt.XPACK.Gen a été trouvé

deplus 8 fenetres setup4218095760.exe demande votre autorisation , s affiche
on dirait bien qu'il persiste...
4 Septembre 2011 12:09:38

Bonjour.

Vu le rapport de MBAM, tu as une infection sévère qui ne veut pas se laisser faire.
Assures-toi d'avoir sauvegardé tous tes documents, photos,etc.

Une fois les sauvegardes effectuées

aswMBR - Recherche
• Télécharge aswMBR.exe, sauvegarde-le sur ton bureau et pas ailleurs!
• Double-clique sur aswMBR.exe situé sur ton Bureau pour le lancer.
(Sous Vista/Seven, il faut cliquer droit sur aswMBR et choisir Exécuter en tant qu'administrateur)

accepte la demande de mise à jour.
• Clique sur le bouton Scan et laisse l'outil travailler.


• Clic sur Save Log ,Enregistre le rapport sur le bureau et poste le rapport dans ta prochaine réponse.


• si tu obtiens, lors de l'analyse des lignes colorées (jaune ou rouge), merci d'en faire une copie-écran et de les joindre dans ta prochaine réponse.
4 Septembre 2011 20:13:34

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-04 20:12:14
-----------------------------
20:12:14.970 OS Version: Windows x64 6.1.7601 Service Pack 1
20:12:14.970 Number of processors: 2 586 0x170A
20:12:14.970 ComputerName: LAURA-REMY-PC UserName: LAURA - REMY
20:12:16.967 Initialize success
20:12:45.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:12:45.968 Disk 0 Vendor: WDC_WD3200BEKT-60F3T1 12.01A12 Size: 305245MB BusType: 11
20:12:48.012 Disk 0 MBR read successfully
20:12:48.012 Disk 0 MBR scan
20:12:48.012 Disk 0 unknown MBR code
20:12:48.012 Service scanning
20:12:49.588 Modules scanning
20:12:49.588 Disk 0 trace - called modules:
20:12:49.588 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:12:49.603 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c82790]
20:12:49.603 3 CLASSPNP.SYS[fffff8800113f43f] -> nt!IofCallDriver -> [0xfffffa8004c815b0]
20:12:49.619 5 hpdskflt.sys[fffff8800239a189] -> nt!IofCallDriver -> [0xfffffa8004ae3520]
20:12:49.619 7 ACPI.sys[fffff88000ee47a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004ad51f0]
20:12:49.619 Scan finished successfully
20:12:57.310 Disk 0 MBR has been saved successfully to "\\LAURA-REMY-PC\Users\LAURA - REMY\Desktop\Autres Outils\MBR.dat"
20:12:57.310 The log file has been saved successfully to "\\LAURA-REMY-PC\Users\LAURA - REMY\Desktop\Autres Outils\aswMBR.txt"


6 Septembre 2011 16:44:44

Bonjour.

L'outil qu'on va utiliser est très puissant. Il faut bien faire attention de suivre à la lettre les recommandations. Au moindre problème, n'hésite pas à poster ici.

Lancement ComboFix
• Télécharge Combofix de sUBs ; sauvegarde le sur ton bureau et pas ailleurs!
Déconnecte-toi, désactive les logiciels de protection (Antivirus, Antispywares) et ferme toutes applications en cours

• Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
• Éventuellement, installe la console de récupération comme cela est conseillé
• Attends que Combofix ait terminé, un rapport sera créé.
• Poste le rapport dans ta prochaine réponse. Il est sauvegardé à la racine de ta partition système sous le nom> C:\ComboFix.txt

Aide : Tuto ComboFix
6 Septembre 2011 19:10:36

ComboFix 11-09-06.03 - LAURA - REMY 06/09/2011 19:02:52.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.4063.2841 [GMT 2:00]
Lancé depuis: c:\users\LAURA - REMY\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-08-06 au 2011-09-06 ))))))))))))))))))))))))))))))))))))
.
.
2011-09-04 09:37 . 2011-09-04 09:37 -------- d-----w- c:\users\LAURA - REMY\AppData\Local\Mozilla
2011-09-03 10:33 . 2011-09-03 10:33 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-09-03 10:31 . 2011-09-03 10:47 -------- d-----w- C:\ZHP
2011-09-03 10:28 . 2011-09-03 10:47 -------- d-----w- c:\program files (x86)\ZHPDiag
2011-09-02 16:52 . 2011-09-02 16:52 -------- d-----w- C:\_OTL
2011-09-02 13:02 . 2011-09-02 13:02 -------- d-----w- c:\users\LAURA - REMY\AppData\Local\ElevatedDiagnostics
2011-09-02 09:29 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{43F4497F-03E0-45C0-A5F1-B7C60746834B}\mpengine.dll
2011-09-01 18:18 . 2011-09-01 18:18 -------- d-s---w- c:\windows\SysWow64\Microsoft
2011-09-01 15:36 . 2011-09-01 15:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-08-31 23:37 . 2011-09-01 10:20 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-08-31 23:31 . 2011-09-02 17:03 -------- d-----w- C:\UsbFix
2011-08-29 23:41 . 2011-08-31 19:41 -------- d-----w- c:\users\LAURA - REMY\pour activé microsoft office 2010
2011-08-29 23:20 . 2011-08-29 23:20 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-08-29 23:19 . 2011-08-29 23:19 -------- d-----w- c:\windows\PCHEALTH
2011-08-29 23:19 . 2011-08-29 23:19 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2011-08-29 23:19 . 2011-08-29 23:19 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-08-29 23:17 . 2011-08-29 23:17 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-08-29 23:16 . 2011-08-29 23:16 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-08-29 09:04 . 2011-08-29 09:21 -------- d-----w- c:\users\LAURA - REMY\AppData\Roaming\Norton Utilities
2011-08-24 15:50 . 2011-08-24 15:50 0 ----a-w- c:\windows\ativpsrm.bin
2011-08-24 07:22 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 07:22 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 13:27 . 2011-08-23 13:27 -------- d-----w- c:\users\Public\CyberLink
2011-08-23 13:14 . 2011-08-30 10:26 -------- d-----w- c:\users\LAURA - REMY\sik a gravé
2011-08-22 21:51 . 2011-08-22 21:51 -------- d-----w- c:\programdata\AVS4YOU
2011-08-22 21:51 . 2011-08-23 13:23 -------- d-----w- c:\users\LAURA - REMY\AppData\Roaming\AVS4YOU
2011-08-22 21:48 . 2011-08-22 23:50 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2011-08-22 21:48 . 2010-11-29 15:21 10833920 ----a-w- c:\windows\SysWow64\libmfxsw32.dll
2011-08-22 21:48 . 2010-11-29 15:21 10915840 ----a-w- c:\windows\SysWow64\libmfxhw32.dll
2011-08-22 21:48 . 2010-11-12 18:18 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2011-08-22 21:48 . 2010-11-12 18:18 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-08-22 21:48 . 2011-08-22 23:50 -------- d-----w- c:\program files (x86)\AVS4YOU
2011-08-17 09:54 . 2011-08-17 09:54 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-17 09:54 . 2011-08-17 09:54 -------- d-----w- c:\program files (x86)\Java
2011-08-15 10:08 . 2011-08-21 09:28 -------- d-----w- c:\users\LAURA - REMY\AppData\Local\Microsoft Games
2011-08-13 09:29 . 2011-08-13 09:29 -------- d-----w- C:\preload
2011-08-11 08:37 . 2011-08-11 08:37 -------- d-----w- C:\02cb8ffb5e650d34f11942
2011-08-11 07:42 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-11 07:42 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-02 17:03 . 2011-09-02 17:03 20385055 ----a-w- C:\UsbFix_Upload_Me_LAURA-REMY-PC.zip
2011-08-31 11:22 . 2011-07-07 16:33 131336 ----a-w- c:\windows\SysWow64\drivers\avfwot.sys
2011-08-31 11:22 . 2011-07-07 16:33 131336 ----a-w- c:\windows\system32\drivers\avfwot.sys
2011-08-31 11:22 . 2011-07-07 16:33 101984 ----a-w- c:\windows\system32\drivers\avfwim.sys
2011-08-31 11:22 . 2011-06-30 11:40 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-31 11:22 . 2011-06-30 11:40 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-17 09:54 . 2011-06-30 10:47 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-13 04:58 . 2011-07-17 07:38 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
2011-07-16 04:26 . 2011-08-11 07:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-06 17:52 . 2011-07-28 06:50 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 17:52 . 2011-07-28 06:50 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-02 09:26 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-02 09:26 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-30 10:25 . 2009-08-21 23:06 588472 ----a-w- c:\windows\SysWow64\ezsvc7x.dll
2011-06-30 09:42 . 2011-06-30 09:42 95472 ----a-w- c:\windows\system32\bcmwlcoi.dll
2011-06-30 09:42 . 2011-06-30 09:42 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2011-06-30 09:42 . 2011-06-30 09:42 3888640 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2011-06-30 09:42 . 2011-06-30 09:42 3553280 ----a-w- c:\windows\system32\bcmihvui64.dll
2011-06-30 09:42 . 2011-06-30 09:42 2769400 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2011-06-11 03:07 . 2011-07-13 09:30 3137536 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-30 136176]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-30 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [x]
R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2010-11-30 163384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-08-31 131336]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2011-08-31 567464]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-08-31 340136]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-08-31 428200]
S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2010-11-30 1029480]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2010-11-30 1037672]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contenu du dossier 'Tâches planifiées'
.
2011-09-06 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\Glary Utilities\initialize.exe [2011-08-17 16:47]
.
2011-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-30 11:20]
.
2011-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-30 11:20]
.
2011-09-06 c:\windows\Tasks\NUSchedule.job
- c:\program files (x86)\Norton Utilities 15\nu.exe [2011-08-31 00:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-21 171520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Envoyer à OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 212.27.40.240 212.27.40.241
FF - ProfilePath - c:\users\LAURA - REMY\AppData\Roaming\Mozilla\Firefox\Profiles\x10mmflz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-09-06 19:09:06
ComboFix-quarantined-files.txt 2011-09-06 17:09
.
Avant-CF: 236 884 811 776 octets libres
Après-CF: 236 694 720 512 octets libres
.
- - End Of File - - 7419A885B4D161B9D96DF3C717D55CDE
a c 614 8 Sécurité
7 Septembre 2011 14:32:04

Bonjour rem,

Calimero a dû s'absenter en urgence, je vais continuer le temps qu'il revienne.


Je voudrais que tu supprimes ta version actuelle de TDSSKiller.zip et le dossier décompressé

Puis :

Télécharge TDSSKiller de Kaspersky sur ton bureau.

  • Décompresse-le en faisant clic-droit dessus -> extraire tout... (clique sur "suivant", "suivant" et "Terminer".)
  • Double clique sur "TDSSKiller.exe" pour lancer l'outil.
    (Utilisateur de Vista/Windows 7 : effectue un clic droit sur TDSSKiller.exe et sélectionne "Exécuter en tant qu'administrateur".)

  • Clique alors sur le bouton "Start Scan".
  • Laisse le scan s'effectuer.

  • Dans la fenêtre de résultat :
  • Si TDSS.tdl2 est détecté l'option Delete sera cochée par défaut.
  • Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
  • Pour la partie "Suspicious object" laisse sur "Skip"
  • /!\ si dans la partie "Suspicious object" le fichier est de type : c:\windows\123456789:987654321.exe (suite aléatoire), met l'option sur Delete
  • Si TDSS.tdl4 (mbr) est détecté assure toi que Cure est bien coché.
  • Clique enfin sur "Continue"

  • Il te sera surement demandé de redémarrer ton pc, fait-le en cliquant sur "Reboot now"

  • Au redémarrage va chercher le rapport de suppression, il se trouve ici :
    C:\ TDSSKiller.x.x.x.x_date_heure_log.txt

    Poste son contenu dans ta prochaine réponse.

    Qu'il y ait ou non une détection, fournis-moi le rapport s'il te plait


    puis :


    2) Télécharge Bootkit Remover (de eSageLab) sur ton bureau.

  • Décompresse Bootkit Remover sur ton bureau.
    (Info : si tu ne possèdes pas de décompresseur, 7zip fera l'affaire)
  • Double-clique sur bootkit_remover.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Le scan est immédiat, et une fenêtre d'invite de commande noire apparait.
  • Dans la fenêtre, fais un clic-droit -> "Sélectionner tout", puis appuie sur la touche "Entrée"
  • Reviens poster ici puis fais un clic-droit "Coller" pour que le contenu apparaisse dans ta réponse.
  • Tu peux appuyer sur une touche pour fermer la fenêtre de bootkit_remover.
    8 Septembre 2011 13:08:10

    ok merci de ton aide egalement: ( ps: je m absente souvent car ma fille est née il y a trois jours :)  )

    2011/09/08 13:04:33.0540 4576 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
    2011/09/08 13:04:34.0664 4576 ================================================================================
    2011/09/08 13:04:34.0664 4576 SystemInfo:
    2011/09/08 13:04:34.0664 4576
    2011/09/08 13:04:34.0664 4576 OS Version: 6.1.7601 ServicePack: 1.0
    2011/09/08 13:04:34.0664 4576 Product type: Workstation
    2011/09/08 13:04:34.0664 4576 ComputerName: LAURA-REMY-PC
    2011/09/08 13:04:34.0664 4576 UserName: LAURA - REMY
    2011/09/08 13:04:34.0664 4576 Windows directory: C:\Windows
    2011/09/08 13:04:34.0664 4576 System windows directory: C:\Windows
    2011/09/08 13:04:34.0664 4576 Running under WOW64
    2011/09/08 13:04:34.0664 4576 Processor architecture: Intel x64
    2011/09/08 13:04:34.0664 4576 Number of processors: 2
    2011/09/08 13:04:34.0664 4576 Page size: 0x1000
    2011/09/08 13:04:34.0664 4576 Boot type: Normal boot
    2011/09/08 13:04:34.0664 4576 ================================================================================
    2011/09/08 13:04:35.0615 4576 Initialize success
    2011/09/08 13:04:42.0354 5680 ================================================================================
    2011/09/08 13:04:42.0354 5680 Scan started
    2011/09/08 13:04:42.0354 5680 Mode: Manual;
    2011/09/08 13:04:42.0354 5680 ================================================================================
    2011/09/08 13:04:44.0632 5680 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/09/08 13:04:44.0679 5680 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
    2011/09/08 13:04:44.0726 5680 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/09/08 13:04:44.0741 5680 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/09/08 13:04:44.0788 5680 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/09/08 13:04:44.0819 5680 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/09/08 13:04:44.0850 5680 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/09/08 13:04:44.0913 5680 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    2011/09/08 13:04:44.0960 5680 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
    2011/09/08 13:04:45.0038 5680 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/09/08 13:04:45.0069 5680 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/09/08 13:04:45.0084 5680 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/09/08 13:04:45.0116 5680 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/09/08 13:04:45.0131 5680 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/09/08 13:04:45.0162 5680 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    2011/09/08 13:04:45.0194 5680 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/09/08 13:04:45.0225 5680 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    2011/09/08 13:04:45.0272 5680 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/09/08 13:04:45.0318 5680 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/09/08 13:04:45.0350 5680 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/09/08 13:04:45.0365 5680 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/08 13:04:45.0396 5680 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/09/08 13:04:45.0428 5680 AtiHdmiService (04a5815df7e8b037df674d3ccacc0c31) C:\Windows\system32\drivers\AtiHdmi.sys
    2011/09/08 13:04:45.0646 5680 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/09/08 13:04:45.0833 5680 avfwim (33eed63ec03eb4f1e32ae98548ef8d82) C:\Windows\system32\DRIVERS\avfwim.sys
    2011/09/08 13:04:45.0880 5680 avfwot (abe753b6883f2ad24654f74718ffd6e9) C:\Windows\system32\DRIVERS\avfwot.sys
    2011/09/08 13:04:45.0927 5680 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/09/08 13:04:45.0974 5680 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/09/08 13:04:46.0020 5680 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/09/08 13:04:46.0067 5680 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/09/08 13:04:46.0192 5680 BCM43XX (f99c7ae4bb91bd1506b3572f944307bb) C:\Windows\system32\DRIVERS\bcmwl664.sys
    2011/09/08 13:04:46.0239 5680 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/09/08 13:04:46.0286 5680 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/09/08 13:04:46.0317 5680 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/08 13:04:46.0348 5680 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/09/08 13:04:46.0364 5680 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/09/08 13:04:46.0410 5680 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/09/08 13:04:46.0442 5680 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/09/08 13:04:46.0457 5680 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/09/08 13:04:46.0473 5680 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/09/08 13:04:46.0504 5680 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/09/08 13:04:46.0535 5680 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/08 13:04:46.0566 5680 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    2011/09/08 13:04:46.0613 5680 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/09/08 13:04:46.0660 5680 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/09/08 13:04:46.0707 5680 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/08 13:04:46.0722 5680 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/09/08 13:04:46.0769 5680 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/09/08 13:04:46.0816 5680 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/08 13:04:46.0832 5680 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/09/08 13:04:46.0863 5680 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/09/08 13:04:46.0925 5680 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/08 13:04:46.0956 5680 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/09/08 13:04:46.0988 5680 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/09/08 13:04:47.0034 5680 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/08 13:04:47.0081 5680 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/08 13:04:47.0206 5680 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/09/08 13:04:47.0346 5680 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/09/08 13:04:47.0409 5680 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
    2011/09/08 13:04:47.0440 5680 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/09/08 13:04:47.0487 5680 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/09/08 13:04:47.0534 5680 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/09/08 13:04:47.0549 5680 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/08 13:04:47.0580 5680 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/08 13:04:47.0612 5680 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/09/08 13:04:47.0643 5680 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/08 13:04:47.0690 5680 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/08 13:04:47.0736 5680 FLxHCIc (d0adbcf2a5316d23ef67dfaa02d5d544) C:\Windows\system32\DRIVERS\FLxHCIc.sys
    2011/09/08 13:04:47.0783 5680 FLxHCIh (f9b6db9727ad2f14ecf84e43eb5279f7) C:\Windows\system32\DRIVERS\FLxHCIh.sys
    2011/09/08 13:04:47.0814 5680 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/09/08 13:04:47.0846 5680 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/08 13:04:47.0877 5680 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/09/08 13:04:48.0173 5680 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/09/08 13:04:48.0220 5680 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/09/08 13:04:48.0267 5680 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/09/08 13:04:48.0298 5680 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/09/08 13:04:48.0329 5680 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/09/08 13:04:48.0345 5680 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/09/08 13:04:48.0376 5680 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/09/08 13:04:48.0392 5680 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    2011/09/08 13:04:48.0454 5680 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
    2011/09/08 13:04:48.0470 5680 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    2011/09/08 13:04:48.0501 5680 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/09/08 13:04:48.0548 5680 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/09/08 13:04:48.0579 5680 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/09/08 13:04:48.0610 5680 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/09/08 13:04:48.0657 5680 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    2011/09/08 13:04:48.0813 5680 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/09/08 13:04:48.0969 5680 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/09/08 13:04:49.0000 5680 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/09/08 13:04:49.0031 5680 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/08 13:04:49.0062 5680 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/08 13:04:49.0094 5680 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/09/08 13:04:49.0125 5680 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/09/08 13:04:49.0140 5680 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/09/08 13:04:49.0172 5680 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/09/08 13:04:49.0187 5680 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/09/08 13:04:49.0250 5680 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
    2011/09/08 13:04:49.0265 5680 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/09/08 13:04:49.0296 5680 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    2011/09/08 13:04:49.0328 5680 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/08 13:04:49.0359 5680 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/09/08 13:04:49.0390 5680 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/09/08 13:04:49.0437 5680 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/08 13:04:49.0468 5680 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/09/08 13:04:49.0499 5680 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/09/08 13:04:49.0515 5680 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/09/08 13:04:49.0530 5680 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/09/08 13:04:49.0562 5680 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/09/08 13:04:49.0608 5680 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
    2011/09/08 13:04:49.0624 5680 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/09/08 13:04:49.0655 5680 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/09/08 13:04:49.0702 5680 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/09/08 13:04:49.0733 5680 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/08 13:04:49.0764 5680 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    2011/09/08 13:04:49.0796 5680 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/08 13:04:49.0827 5680 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/08 13:04:49.0858 5680 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/09/08 13:04:49.0889 5680 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/08 13:04:49.0936 5680 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/08 13:04:49.0983 5680 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/08 13:04:50.0014 5680 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/08 13:04:50.0061 5680 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/08 13:04:50.0076 5680 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/09/08 13:04:50.0108 5680 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/09/08 13:04:50.0154 5680 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/09/08 13:04:50.0186 5680 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/09/08 13:04:50.0201 5680 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/08 13:04:50.0232 5680 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/08 13:04:50.0248 5680 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/08 13:04:50.0264 5680 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/08 13:04:50.0310 5680 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/08 13:04:50.0342 5680 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/09/08 13:04:50.0357 5680 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/08 13:04:50.0388 5680 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/09/08 13:04:50.0404 5680 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/09/08 13:04:50.0435 5680 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/08 13:04:50.0482 5680 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    2011/09/08 13:04:50.0513 5680 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/09/08 13:04:50.0544 5680 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/08 13:04:50.0576 5680 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/08 13:04:50.0622 5680 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/08 13:04:50.0638 5680 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/08 13:04:50.0669 5680 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/08 13:04:50.0700 5680 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/08 13:04:50.0934 5680 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    2011/09/08 13:04:51.0044 5680 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/09/08 13:04:51.0090 5680 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/09/08 13:04:51.0122 5680 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/08 13:04:51.0184 5680 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/08 13:04:51.0278 5680 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/09/08 13:04:51.0309 5680 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    2011/09/08 13:04:51.0340 5680 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    2011/09/08 13:04:51.0371 5680 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/09/08 13:04:51.0418 5680 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/09/08 13:04:51.0480 5680 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/09/08 13:04:51.0512 5680 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/09/08 13:04:51.0543 5680 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/09/08 13:04:51.0574 5680 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/09/08 13:04:51.0590 5680 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/09/08 13:04:51.0621 5680 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/09/08 13:04:51.0652 5680 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/09/08 13:04:51.0761 5680 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/08 13:04:51.0777 5680 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/09/08 13:04:51.0824 5680 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/08 13:04:51.0886 5680 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/09/08 13:04:51.0980 5680 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/09/08 13:04:51.0995 5680 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/08 13:04:52.0026 5680 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/08 13:04:52.0058 5680 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/09/08 13:04:52.0104 5680 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/08 13:04:52.0136 5680 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/08 13:04:52.0167 5680 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/08 13:04:52.0198 5680 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/08 13:04:52.0229 5680 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/09/08 13:04:52.0260 5680 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/08 13:04:52.0276 5680 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/08 13:04:52.0292 5680 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/09/08 13:04:52.0338 5680 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/08 13:04:52.0370 5680 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/09/08 13:04:52.0432 5680 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/08 13:04:52.0463 5680 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/09/08 13:04:52.0510 5680 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/08 13:04:52.0541 5680 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/09/08 13:04:52.0572 5680 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    2011/09/08 13:04:52.0604 5680 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/09/08 13:04:52.0635 5680 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/08 13:04:52.0666 5680 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/08 13:04:52.0682 5680 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/09/08 13:04:52.0728 5680 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/08 13:04:52.0744 5680 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/08 13:04:52.0760 5680 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/08 13:04:52.0791 5680 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/09/08 13:04:52.0822 5680 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/09/08 13:04:52.0838 5680 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/09/08 13:04:52.0853 5680 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/08 13:04:52.0916 5680 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/09/08 13:04:52.0962 5680 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/08 13:04:52.0994 5680 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/08 13:04:53.0040 5680 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    2011/09/08 13:04:53.0103 5680 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    2011/09/08 13:04:53.0196 5680 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    2011/09/08 13:04:53.0259 5680 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/08 13:04:53.0306 5680 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/09/08 13:04:53.0352 5680 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
    2011/09/08 13:04:53.0415 5680 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/09/08 13:04:53.0493 5680 SymDSMon (e7b1bcb70355a84d6dfee12702b588d0) C:\Windows\system32\drivers\SymDSMon.sys
    2011/09/08 13:04:53.0524 5680 SYMSpeedDisk (f0268941519d73658199ecb1bb712be1) C:\Windows\system32\drivers\SymSpeedDisk.sys
    2011/09/08 13:04:53.0555 5680 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/09/08 13:04:53.0649 5680 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
    2011/09/08 13:04:53.0758 5680 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/08 13:04:53.0805 5680 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/08 13:04:53.0836 5680 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/08 13:04:53.0852 5680 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/08 13:04:53.0898 5680 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/08 13:04:53.0930 5680 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/09/08 13:04:53.0992 5680 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/08 13:04:54.0023 5680 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/09/08 13:04:54.0054 5680 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/08 13:04:54.0070 5680 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/09/08 13:04:54.0117 5680 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/08 13:04:54.0148 5680 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/08 13:04:54.0195 5680 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/09/08 13:04:54.0226 5680 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/09/08 13:04:54.0257 5680 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/08 13:04:54.0288 5680 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/09/08 13:04:54.0320 5680 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/09/08 13:04:54.0351 5680 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/08 13:04:54.0382 5680 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    2011/09/08 13:04:54.0413 5680 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/08 13:04:54.0429 5680 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/08 13:04:54.0460 5680 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/09/08 13:04:54.0476 5680 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    2011/09/08 13:04:54.0522 5680 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/09/08 13:04:54.0538 5680 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/08 13:04:54.0569 5680 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/09/08 13:04:54.0585 5680 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/09/08 13:04:54.0616 5680 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/09/08 13:04:54.0647 5680 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/09/08 13:04:54.0694 5680 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/08 13:04:54.0741 5680 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/09/08 13:04:54.0772 5680 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/09/08 13:04:54.0803 5680 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/09/08 13:04:54.0834 5680 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/09/08 13:04:54.0866 5680 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/09/08 13:04:54.0881 5680 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/08 13:04:54.0897 5680 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/08 13:04:54.0944 5680 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/09/08 13:04:54.0975 5680 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/08 13:04:55.0037 5680 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/09/08 13:04:55.0068 5680 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/09/08 13:04:55.0146 5680 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/09/08 13:04:55.0193 5680 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/09/08 13:04:55.0240 5680 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/08 13:04:55.0287 5680 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/09/08 13:04:55.0318 5680 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/08 13:04:55.0349 5680 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    2011/09/08 13:04:55.0396 5680 MBR (0x1B8) (30172c52b127d68518c509cab888d092) \Device\Harddisk0\DR0
    2011/09/08 13:04:55.0396 5680 Boot (0x1200) (cdaf913c1251f8649ab385124513bd14) \Device\Harddisk0\DR0\Partition0
    2011/09/08 13:04:55.0443 5680 Boot (0x1200) (58c3a5cfb847cc20ae6d48246a8ab1b1) \Device\Harddisk0\DR0\Partition1
    2011/09/08 13:04:55.0474 5680 Boot (0x1200) (0b705bdce71c057cbd26502ead5ba72e) \Device\Harddisk0\DR0\Partition2
    2011/09/08 13:04:55.0490 5680 ================================================================================
    2011/09/08 13:04:55.0490 5680 Scan finished
    2011/09/08 13:04:55.0490 5680 ================================================================================
    2011/09/08 13:04:55.0505 3744 Detected object count: 0
    2011/09/08 13:04:55.0505 3744 Actual detected object count: 0
    2011/09/08 13:05:41.0643 5636 ================================================================================
    2011/09/08 13:05:41.0643 5636 Scan started
    2011/09/08 13:05:41.0643 5636 Mode: Manual;
    2011/09/08 13:05:41.0643 5636 ================================================================================
    2011/09/08 13:05:42.0907 5636 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    2011/09/08 13:05:42.0954 5636 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
    2011/09/08 13:05:42.0985 5636 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    2011/09/08 13:05:43.0016 5636 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    2011/09/08 13:05:43.0063 5636 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/09/08 13:05:43.0094 5636 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/09/08 13:05:43.0110 5636 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/09/08 13:05:43.0172 5636 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    2011/09/08 13:05:43.0219 5636 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
    2011/09/08 13:05:43.0250 5636 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2011/09/08 13:05:43.0266 5636 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2011/09/08 13:05:43.0297 5636 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2011/09/08 13:05:43.0328 5636 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/09/08 13:05:43.0344 5636 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/09/08 13:05:43.0375 5636 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    2011/09/08 13:05:43.0406 5636 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/09/08 13:05:43.0422 5636 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    2011/09/08 13:05:43.0469 5636 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    2011/09/08 13:05:43.0515 5636 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/09/08 13:05:43.0531 5636 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/09/08 13:05:43.0562 5636 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/09/08 13:05:43.0578 5636 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    2011/09/08 13:05:43.0609 5636 AtiHdmiService (04a5815df7e8b037df674d3ccacc0c31) C:\Windows\system32\drivers\AtiHdmi.sys
    2011/09/08 13:05:43.0749 5636 atikmdag (c5758bf1dfd762a5b17041ff061b7750) C:\Windows\system32\DRIVERS\atikmdag.sys
    2011/09/08 13:05:43.0859 5636 avfwim (33eed63ec03eb4f1e32ae98548ef8d82) C:\Windows\system32\DRIVERS\avfwim.sys
    2011/09/08 13:05:43.0905 5636 avfwot (abe753b6883f2ad24654f74718ffd6e9) C:\Windows\system32\DRIVERS\avfwot.sys
    2011/09/08 13:05:43.0937 5636 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/09/08 13:05:43.0968 5636 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/09/08 13:05:44.0015 5636 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/09/08 13:05:44.0046 5636 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/09/08 13:05:44.0139 5636 BCM43XX (f99c7ae4bb91bd1506b3572f944307bb) C:\Windows\system32\DRIVERS\bcmwl664.sys
    2011/09/08 13:05:44.0186 5636 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/09/08 13:05:44.0233 5636 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/09/08 13:05:44.0264 5636 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    2011/09/08 13:05:44.0295 5636 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/09/08 13:05:44.0311 5636 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/09/08 13:05:44.0342 5636 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/09/08 13:05:44.0358 5636 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/09/08 13:05:44.0373 5636 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/09/08 13:05:44.0389 5636 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/09/08 13:05:44.0420 5636 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/09/08 13:05:44.0451 5636 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/09/08 13:05:44.0483 5636 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    2011/09/08 13:05:44.0529 5636 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/09/08 13:05:44.0576 5636 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/09/08 13:05:44.0607 5636 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/09/08 13:05:44.0623 5636 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2011/09/08 13:05:44.0670 5636 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    2011/09/08 13:05:44.0701 5636 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/09/08 13:05:44.0732 5636 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    2011/09/08 13:05:44.0763 5636 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/09/08 13:05:44.0826 5636 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    2011/09/08 13:05:44.0841 5636 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/09/08 13:05:44.0873 5636 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/09/08 13:05:44.0919 5636 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/09/08 13:05:44.0951 5636 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/09/08 13:05:45.0075 5636 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/09/08 13:05:45.0138 5636 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/09/08 13:05:45.0185 5636 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
    2011/09/08 13:05:45.0200 5636 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2011/09/08 13:05:45.0247 5636 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/09/08 13:05:45.0278 5636 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/09/08 13:05:45.0309 5636 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/09/08 13:05:45.0341 5636 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/09/08 13:05:45.0372 5636 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/09/08 13:05:45.0387 5636 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/09/08 13:05:45.0434 5636 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    2011/09/08 13:05:45.0481 5636 FLxHCIc (d0adbcf2a5316d23ef67dfaa02d5d544) C:\Windows\system32\DRIVERS\FLxHCIc.sys
    2011/09/08 13:05:45.0512 5636 FLxHCIh (f9b6db9727ad2f14ecf84e43eb5279f7) C:\Windows\system32\DRIVERS\FLxHCIh.sys
    2011/09/08 13:05:45.0559 5636 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/09/08 13:05:45.0575 5636 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/09/08 13:05:45.0606 5636 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/09/08 13:05:45.0637 5636 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/09/08 13:05:45.0684 5636 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/09/08 13:05:45.0715 5636 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    2011/09/08 13:05:45.0746 5636 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    2011/09/08 13:05:45.0762 5636 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/09/08 13:05:45.0777 5636 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/09/08 13:05:45.0809 5636 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/09/08 13:05:45.0824 5636 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    2011/09/08 13:05:45.0887 5636 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
    2011/09/08 13:05:45.0902 5636 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    2011/09/08 13:05:45.0933 5636 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    2011/09/08 13:05:45.0980 5636 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    2011/09/08 13:05:46.0027 5636 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    2011/09/08 13:05:46.0043 5636 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    2011/09/08 13:05:46.0089 5636 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    2011/09/08 13:05:46.0245 5636 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/09/08 13:05:46.0292 5636 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/09/08 13:05:46.0323 5636 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    2011/09/08 13:05:46.0355 5636 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/09/08 13:05:46.0401 5636 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/09/08 13:05:46.0417 5636 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    2011/09/08 13:05:46.0448 5636 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/09/08 13:05:46.0464 5636 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/09/08 13:05:46.0479 5636 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2011/09/08 13:05:46.0511 5636 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    2011/09/08 13:05:46.0557 5636 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
    2011/09/08 13:05:46.0573 5636 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    2011/09/08 13:05:46.0589 5636 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    2011/09/08 13:05:46.0620 5636 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    2011/09/08 13:05:46.0651 5636 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/09/08 13:05:46.0682 5636 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/09/08 13:05:46.0713 5636 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/09/08 13:05:46.0776 5636 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/09/08 13:05:46.0901 5636 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/09/08 13:05:46.0916 5636 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/09/08 13:05:46.0947 5636 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/09/08 13:05:46.0979 5636 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/09/08 13:05:47.0010 5636 MBAMProtector (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
    2011/09/08 13:05:47.0025 5636 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/09/08 13:05:47.0057 5636 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/09/08 13:05:47.0088 5636 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/09/08 13:05:47.0119 5636 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/09/08 13:05:47.0150 5636 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    2011/09/08 13:05:47.0181 5636 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/09/08 13:05:47.0213 5636 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    2011/09/08 13:05:47.0244 5636 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    2011/09/08 13:05:47.0259 5636 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/09/08 13:05:47.0306 5636 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    2011/09/08 13:05:47.0337 5636 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/09/08 13:05:47.0384 5636 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/09/08 13:05:47.0415 5636 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/09/08 13:05:47.0431 5636 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    2011/09/08 13:05:47.0462 5636 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    2011/09/08 13:05:47.0493 5636 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/09/08 13:05:47.0525 5636 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/09/08 13:05:47.0540 5636 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    2011/09/08 13:05:47.0571 5636 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/09/08 13:05:47.0587 5636 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/09/08 13:05:47.0603 5636 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/09/08 13:05:47.0649 5636 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    2011/09/08 13:05:47.0681 5636 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    2011/09/08 13:05:47.0696 5636 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/09/08 13:05:47.0712 5636 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/09/08 13:05:47.0727 5636 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/09/08 13:05:47.0759 5636 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/09/08 13:05:47.0821 5636 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    2011/09/08 13:05:47.0852 5636 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/09/08 13:05:47.0868 5636 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/09/08 13:05:47.0899 5636 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/09/08 13:05:47.0946 5636 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/09/08 13:05:47.0977 5636 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    2011/09/08 13:05:48.0008 5636 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/09/08 13:05:48.0024 5636 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    2011/09/08 13:05:48.0242 5636 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    2011/09/08 13:05:48.0289 5636 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/09/08 13:05:48.0320 5636 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/09/08 13:05:48.0351 5636 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/09/08 13:05:48.0429 5636 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    2011/09/08 13:05:48.0476 5636 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/09/08 13:05:48.0492 5636 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    2011/09/08 13:05:48.0523 5636 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    2011/09/08 13:05:48.0554 5636 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2011/09/08 13:05:48.0585 5636 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2011/09/08 13:05:48.0648 5636 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/09/08 13:05:48.0663 5636 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    2011/09/08 13:05:48.0695 5636 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    2011/09/08 13:05:48.0726 5636 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    2011/09/08 13:05:48.0741 5636 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/09/08 13:05:48.0757 5636 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/09/08 13:05:48.0804 5636 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/09/08 13:05:48.0897 5636 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/09/08 13:05:48.0913 5636 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/09/08 13:05:48.0960 5636 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    2011/09/08 13:05:49.0007 5636 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/09/08 13:05:49.0038 5636 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/09/08 13:05:49.0053 5636 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/09/08 13:05:49.0085 5636 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/09/08 13:05:49.0116 5636 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/09/08 13:05:49.0147 5636 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/09/08 13:05:49.0178 5636 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/09/08 13:05:49.0194 5636 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/09/08 13:05:49.0241 5636 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/09/08 13:05:49.0256 5636 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/09/08 13:05:49.0272 5636 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/09/08 13:05:49.0287 5636 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/09/08 13:05:49.0319 5636 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/09/08 13:05:49.0350 5636 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    2011/09/08 13:05:49.0381 5636 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    2011/09/08 13:05:49.0443 5636 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/09/08 13:05:49.0475 5636 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/09/08 13:05:49.0521 5636 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    2011/09/08 13:05:49.0553 5636 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/09/08 13:05:49.0584 5636 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    2011/09/08 13:05:49.0615 5636 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/09/08 13:05:49.0646 5636 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/09/08 13:05:49.0677 5636 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/09/08 13:05:49.0693 5636 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/09/08 13:05:49.0740 5636 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2011/09/08 13:05:49.0755 5636 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/09/08 13:05:49.0771 5636 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    2011/09/08 13:05:49.0802 5636 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/09/08 13:05:49.0833 5636 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/09/08 13:05:49.0849 5636 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/09/08 13:05:49.0865 5636 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/09/08 13:05:49.0911 5636 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/09/08 13:05:49.0958 5636 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    2011/09/08 13:05:49.0989 5636 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    2011/09/08 13:05:50.0021 5636 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    2011/09/08 13:05:50.0067 5636 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    2011/09/08 13:05:50.0114 5636 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    2011/09/08 13:05:50.0145 5636 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/09/08 13:05:50.0177 5636 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/09/08 13:05:50.0208 5636 STHDA (dffbc024dfc7bb05b2129e05cbc7a201) C:\Windows\system32\DRIVERS\stwrt64.sys
    2011/09/08 13:05:50.0239 5636 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    2011/09/08 13:05:50.0286 5636 SymDSMon (e7b1bcb70355a84d6dfee12702b588d0) C:\Windows\system32\drivers\SymDSMon.sys
    2011/09/08 13:05:50.0333 5636 SYMSpeedDisk (f0268941519d73658199ecb1bb712be1) C:\Windows\system32\drivers\SymSpeedDisk.sys
    2011/09/08 13:05:50.0348 5636 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/09/08 13:05:50.0442 5636 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
    2011/09/08 13:05:50.0520 5636 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/09/08 13:05:50.0567 5636 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    2011/09/08 13:05:50.0598 5636 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/09/08 13:05:50.0613 5636 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/09/08 13:05:50.0645 5636 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    2011/09/08 13:05:50.0676 5636 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    2011/09/08 13:05:50.0738 5636 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/09/08 13:05:50.0769 5636 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    2011/09/08 13:05:50.0801 5636 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/09/08 13:05:50.0816 5636 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/09/08 13:05:50.0847 5636 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    2011/09/08 13:05:50.0894 5636 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2011/09/08 13:05:50.0925 5636 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    2011/09/08 13:05:50.0941 5636 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/09/08 13:05:50.0988 5636 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/09/08 13:05:51.0019 5636 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2011/09/08 13:05:51.0050 5636 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/09/08 13:05:51.0081 5636 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/09/08 13:05:51.0097 5636 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    2011/09/08 13:05:51.0113 5636 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/09/08 13:05:51.0144 5636 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/09/08 13:05:51.0159 5636 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/09/08 13:05:51.0191 5636 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    2011/09/08 13:05:51.0222 5636 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2011/09/08 13:05:51.0237 5636 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/09/08 13:05:51.0269 5636 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/09/08 13:05:51.0300 5636 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    2011/09/08 13:05:51.0315 5636 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2011/09/08 13:05:51.0331 5636 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    2011/09/08 13:05:51.0378 5636 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    2011/09/08 13:05:51.0425 5636 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    2011/09/08 13:05:51.0440 5636 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/09/08 13:05:51.0471 5636 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/09/08 13:05:51.0503 5636 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/09/08 13:05:51.0534 5636 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/09/08 13:05:51.0549 5636 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/08 13:05:51.0565 5636 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/09/08 13:05:51.0612 5636 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/09/08 13:05:51.0659 5636 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/09/08 13:05:51.0705 5636 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/09/08 13:05:51.0737 5636 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/09/08 13:05:51.0799 5636 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    2011/09/08 13:05:51.0846 5636 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    2011/09/08 13:05:51.0893 5636 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/09/08 13:05:51.0955 5636 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    2011/09/08 13:05:51.0971 5636 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/09/08 13:05:52.0017 5636 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    2011/09/08 13:05:52.0049 5636 MBR (0x1B8) (30172c52b127d68518c509cab888d092) \Device\Harddisk0\DR0
    2011/09/08 13:05:52.0064 5636 Boot (0x1200) (cdaf913c1251f8649ab385124513bd14) \Device\Harddisk0\DR0\Partition0
    2011/09/08 13:05:52.0095 5636 Boot (0x1200) (58c3a5cfb847cc20ae6d48246a8ab1b1) \Device\Harddisk0\DR0\Partition1
    2011/09/08 13:05:52.0127 5636 Boot (0x1200) (0b705bdce71c057cbd26502ead5ba72e) \Device\Harddisk0\DR0\P
    8 Septembre 2011 13:11:33

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    main(): CreateFile() ERROR 5
    ERROR: Can't open volume device \\.\C:

    Done;
    Press any key to quit...
    a c 614 8 Sécurité
    8 Septembre 2011 14:35:20

    Re,

    :)  tous mes voeux pour la nouvelle venue ;) 


    Oui c'est bon pour le rapport, j'ai vu ce que je voulais.

    Tout montre que quelque chose empêche de scanner et lire la MBR, un espace spécifique du disque dur qui gère le démarrage du système, et qui est visé par les malwares actuels.
    Malheureusement, aucun outil n'arrive à la lire pour le moment, donc difficile de dire si elle est infectée ou non.

    Donc 2 choses :

    1) Est-ce que ton pc est un PC de marque ? (HP, Acer, etc ...)

    2) Je vais te soumettre une procédure un peu complexe (via un livecd comme on dit), mais qui devrait nous permettre d'avancer, lis bien la procédure, et pose les questions avant si tu en as :


    Télécharge OTLPEnet sur le bureau d'un pc fonctionnel (Taille > 120 Mo)

  • Double-Clique sur OTLPENet.exe et assures-toi d'avoir insérer un CD-R vierge dans ton graveur CD/DVD.
  • Une fenêtre va s'ouvrir pour te demander si tu souhaites graver Le CD, clique sur le bouton Oui.
  • Patiente le temps de la décompression et de la gravure du CD.

  • Passe sur le PC bloqué/infecté
  • Modifie l'ordre de Boot pour démarrer sur le CD
  • Redémarre ton PC en utilisant le LiveCD venant d'être créé.
  • Ton système doit montrer un bureau REATOGO-X-PE

    Note : En fonction de ton type de connexion Internet (Ethernet), tu dois être en mesure d'accéder au Net, si c'est le cas tu peux accéder à ce sujet plus facilement, sinon, tu devras copier les résultats sur un support (clé usb) pour les transférer sur un PC connecté.

  • Double-clique sur l'icône OTLPE
  • Dans la première boite de dialogue (nommée "RunScanner") clique sur Yes
  • Dans la seconde, assures-toi que la case "Automatically Load All Remaining Users" soit cochée et clique le nom de la session de l'utilisateur du PC

  • L'outil OTL doit se lancer maintenant.
  • Copie-colle ceci sous "Custom Scan/Fix"

    netsvcs
    msconfig
    drivers32
    /md5start
    explorer.exe
    lsass.exe
    lsm.exe
    userinit.exe
    winlogon.exe
    wininit.exe
    csrss.exe
    smss.exe
    svchost.exe
    services.exe
    spoolsv.exe
    alg.exe
    ctfmon.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    midimap.dll
    sptd.sys
    spsys.sys
    iaStor.sys
    nvstor.sys
    atapi.sys
    i8042prt.sys
    cdrom.sys
    disk.sys
    ndis.sys
    tcpip.sys
    mountmgr.sys
    aec.sys
    cdaudio.sys
    rasacd.sys
    redbook.sys
    ipsec.sys
    mrxsmb10.sys
    mrxsmb20.sys
    termdd.sys
    mrxsmb.sys
    win32k.sys
    storport.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    usbscan.sys
    usbprint.sys
    sfloppy.sys
    changer.sys
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    SAVEMBR:0


  • Presse Run Scan pour démarrer le scan.
  • Une fois terminé, le rapport est sauvegardé sur ton disque dur C:\OTL.txt
  • Poste la contenu du rapport OTL.txt dans ta prochaine réponse.

    Note : Si tu dois repasser en mode normal, ferme l'environnement comme un windows normal, puis enlève le CD et redémarre normalement.


    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.


    Ensuite avec le rapport, et toujours sous le CDLive OTLPE, copie aussi ce fichier sur ta clé usb pour pouvoir le ramener sur un pc fonctionnel :
    Citation :
    C:\PhysicalMBR.bin


    Puis une fois sur le pc fonctionnel :

    Va sur ce site :
    http://www.virustotal.com/fr/

    Clique sur "Parcourir" puis recherche ce fichier :

    Citation :
    PhysicalMBR.bin

    (celui que tu as recopié sur la clé)

    Une fois sélectionné, clique sur "Send File", l'envoi va commencer.

    S'il te dit que ce fichier a déjà été analysé, redemande une analyse (bouton "Reanalysis"), et/ou laisse faire l'analyse jusqu'à avoir "terminée" en haut, après "current statut"

    Copie alors l'adresse dans la barre d'adresse de ton navigateur, puis donne-la moi dans ta prochaine réponse.
    10 Septembre 2011 14:36:21

    Oui comme tu dit c'est assez complexe!
    ellas je ne possede pas de 2eme PC
    a tu une autre solution?
    je te remerci tous de meme hyunkel30 ;) 
    a c 614 8 Sécurité
    10 Septembre 2011 18:57:45

    Re,

    Pas de soucis, quand je parle de pc fonctionnel, c'est parce qu'on utilise souvent cette procédure sur des pc infecté mais sur lesquels on a plus la main.

    Toi tu as encore la main sur le pc, alors tu peux télécharger et graver sur ce pc, ensuite seulement tu lance le livecd avec la procédure ;) 

    Pour plus de facilité, je te conseille de copier le script OTL sur un fichier du "bloc-note" (démarrer -> tous les programmes -> accessoire -> bloc-note)
    que tu enregistre à la base de ton disque dur C:, comme ça une fois sur le livecd il te sera plus facile de le retrouver et de copier-coller simplement le script.
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS