Programme non desire au demarage + aide pour supprimer log e

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Programme non desire au demarage + aide pour supprimer log e

Messagede tft13 » 05 Mai 2010, 13:50

Bonjour


Cela fait plusieurs semaines qu'à chaque redemarage, j'ai des .exe avec des chiffres pour nom, qui se lancent et qui sont bloqués par Zone Alarm.
de plus, j'ai l'impression que mon pc rame pas mal ....


Je suis sou winXp SP3:
AMD Phenom II X4 965
2.00 Go de ram
1 TO de DD
tft13
 
Messages: 15
Inscription: 05 Mai 2010, 10:26

Messagede tft13 » 05 Mai 2010, 13:50

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4068

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/05/2010 14:36:52
mbam-log-2010-05-05 (14-36-52).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 126106
Temps écoulé: 5 minute(s), 15 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Worm.Allaple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> No action taken.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\RECYCLER\S-1-5-21-6660110630-5249769342-760524933-2291\recycle.exe) Good: (Explorer.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-0324232222-888888379-781133308-1995 (Trojan.Agent.M) -> No action taken.

Fichier(s) infecté(s):
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6392.exe (Trojan.Inject) -> No action taken.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6393.exe (Trojan.Inject) -> No action taken.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6395.exe (Trojan.Inject) -> No action taken.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6399.exe (Trojan.Inject) -> No action taken.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6400.exe (Trojan.Inject) -> No action taken.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6401.exe (Trojan.Inject) -> No action taken.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6402.exe (Trojan.Inject) -> No action taken.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6405.exe (Trojan.Inject) -> No action taken.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6406.exe (Trojan.Inject) -> No action taken.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6408.exe (Trojan.Inject) -> No action taken.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6409.exe (Trojan.Inject) -> No action taken.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6410.exe (Trojan.Inject) -> No action taken.
C:\RECYCLER\S-1-5-21-0324232222-888888379-781133308-1995\recyclebin.exe (Trojan.Agent.M) -> No action taken.
C:\RECYCLER\S-1-5-21-0324232222-888888379-781133308-1995\Desktop.ini (Trojan.Agent.M) -> No action taken.
C:\Documents and Settings\Administrateur\Application Data\wiaserva.log (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\wdm.dll (Trojan.Agent) -> No action taken.
tft13
 
Messages: 15
Inscription: 05 Mai 2010, 10:26

Messagede tft13 » 05 Mai 2010, 13:50

OTL logfile created on: 05/05/2010 14:38:34 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 273.08 Gb Free Space | 58.63% Space Free | Partition Type: NTFS
Drive D: | 485.46 Gb Total Space | 451.36 Gb Free Space | 92.98% Space Free | Partition Type: NTFS
Drive E: | 446.05 Gb Total Space | 445.97 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUREAU
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/05 14:25:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
PRC - [2010/04/16 22:26:24 | 003,438,992 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2010/04/07 23:41:04 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/25 14:42:48 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\system32\UAService7.exe
PRC - [2009/10/19 23:31:00 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/10/19 23:31:00 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/09 12:06:56 | 000,604,416 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/03/30 08:32:40 | 000,032,768 | R--- | M] () -- C:\WINDOWS\DAODx.exe
PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/16 01:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 01:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/17 14:10:30 | 000,888,832 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2008/06/25 19:30:17 | 001,573,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/05/01 22:15:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/15 05:41:52 | 001,040,384 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/09/14 03:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/09/07 16:54:54 | 000,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2007/05/07 16:35:14 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2007/04/13 17:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
PRC - [2004/08/22 17:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 14:25:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
MOD - [2010/04/16 22:26:32 | 000,956,816 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire_toucan_42424.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009/03/06 04:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 15:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 11:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2008/06/25 19:31:11 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/06/25 19:30:53 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2008/06/25 19:30:42 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/05/01 22:15:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2003/02/21 05:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WinVNC4)
SRV - [2010/04/03 10:52:46 | 000,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/11/25 14:42:48 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2009/10/19 23:31:00 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/10/19 23:31:00 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/24 04:59:24 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/08/28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/09 12:06:56 | 000,604,416 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/05/09 12:06:55 | 000,361,216 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/04/27 14:21:36 | 000,028,928 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/02/16 01:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/01/07 18:21:08 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/11/12 16:15:21 | 000,069,120 | ---- | M] (BOONTY) [Disabled | Stopped] -- C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/04/13 17:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/05/03 13:31:35 | 000,137,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/04/03 11:16:34 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/01/26 19:05:17 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/10 23:30:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/19 23:31:00 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/09 03:45:02 | 000,341,504 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/09/16 13:38:38 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/06/26 16:29:34 | 001,656,960 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/16 23:33:02 | 003,597,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/26 13:40:10 | 000,099,856 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/02/16 01:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/11/17 03:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/10/25 10:05:04 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/10/14 02:15:42 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008/10/08 15:12:36 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/10/08 15:12:36 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/08/18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/08/07 19:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/03 10:22:08 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2008/06/25 19:30:19 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/05/06 08:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008/04/13 11:46:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007/12/17 18:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/08/02 18:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2007/06/15 11:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/06/14 14:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2007/06/13 19:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/12 20:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/10/23 12:09:48 | 000,027,776 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\habu.sys -- (HabuFltr)
DRV - [2006/09/27 00:21:10 | 000,021,920 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2006/08/21 12:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006/07/05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006/06/14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006/02/26 17:02:49 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005/08/10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/06/17 17:41:10 | 000,026,496 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiU040B.sys -- (SaiU040B)
DRV - [2005/06/17 17:41:04 | 000,173,568 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH040B.sys -- (SaiH040B)
DRV - [2005/03/03 20:47:42 | 000,031,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CYUSB.sys -- (CyUsb)
DRV - [2005/01/10 19:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 19:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/04/06 14:08:00 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 14:07:00 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 14:07:00 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [1998/10/06 15:36:26 | 000,001,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\papycpu.sys -- (papycpu)
DRV - [1998/10/06 15:36:26 | 000,001,888 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\papyjoy.sys -- (papyjoy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-606747145-1085031214-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
IE - HKU\S-1-5-21-606747145-1085031214-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606747145-1085031214-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..network.proxy.http: "128.195.54.161"
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2008/10/04 15:44:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/13 23:08:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 23:41:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2008/10/04 14:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2010/05/04 16:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions
[2010/04/28 08:32:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/04 07:37:46 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/04/15 14:32:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/08 11:06:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/07 21:37:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/10/11 09:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\extension@openitonline.com
[2010/02/20 12:33:42 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\searchplugins\myiptest---ip-lookup.xml
[2009/06/09 23:41:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010/02/19 16:19:51 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/02/19 16:19:51 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/02/19 16:19:51 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/03/08 15:43:15 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/02/19 16:19:51 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/02/19 16:19:51 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/08/18 21:50:59 | 000,001,397 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 rsgames.hs.llnwd.net
O1 - Hosts: 127.0.0.1 updates.rockstargames.com
O1 - Hosts: 127.0.0.1 socialclub.rockstargames.com
O1 - Hosts: 127.0.0.1 www.gamesforwindows.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-606747145-1085031214-682003330-500\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [RunDAOD] C:\WINDOWS\DAODx.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-18..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-19..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-606747145-1085031214-682003330-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-606747145-1085031214-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKU\S-1-5-21-606747145-1085031214-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-606747145-1085031214-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-606747145-1085031214-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-606747145-1085031214-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-606747145-1085031214-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-606747145-1085031214-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-606747145-1085031214-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: Barre RoboForm - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Enregistrer le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Personnaliser le menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Remplir le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-6660110630-5249769342-760524933-2291\recycle.exe) - C:\RECYCLER\S-1-5-21-6660110630-5249769342-760524933-2291\recycle.exe ()
O20 - HKU\S-1-5-21-606747145-1085031214-682003330-500 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-606747145-1085031214-682003330-500 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6660110630-5249769342-760524933-2291\recycle.exe) - C:\RECYCLER\S-1-5-21-6660110630-5249769342-760524933-2291\recycle.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 14:51:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/28 09:30:06 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/10/04 16:31:37 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/05 14:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/05 14:27:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/05 14:27:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/05 14:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/05 14:25:21 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/05/04 19:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\3DVIA
[2010/04/20 13:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/04/20 13:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\ATI
[2010/04/20 13:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\ATI
[2010/04/20 13:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\ATI Technologies
[2010/04/20 13:48:10 | 000,099,856 | R--- | C] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys
[2010/04/20 13:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/04/20 13:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/04/20 13:23:15 | 000,000,000 | ---D | C] -- C:\ATI
[2010/04/18 22:57:51 | 000,000,000 | ---D | C] -- C:\TeamScripT 4.1
[2010/04/15 08:13:06 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/04/14 10:34:32 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2010/04/14 10:34:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2010/04/12 17:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2010/04/10 19:56:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Spycheck
[2010/04/08 00:31:27 | 000,028,672 | R--- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\PostProc.dll
[2010/04/08 00:31:26 | 001,656,960 | R--- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/04/08 00:31:26 | 000,341,504 | R--- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\ADIHdAud.sys
[2010/04/08 00:31:21 | 001,285,632 | ---- | C] (Analog Devices) -- C:\WINDOWS\System32\SMMedia.dll
[2010/04/08 00:31:21 | 000,053,248 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\wdmioctl.dll
[2010/04/08 00:31:21 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2010/04/07 22:32:26 | 000,033,792 | ---- | C] (Advanced Micro Devices) -- C:\WINDOWS\System32\drivers\AmdPPM.sys
[2010/04/07 21:57:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/07 20:57:26 | 000,962,612 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42d.dll
[2010/04/07 20:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\ASUS
[2010/04/07 13:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2010/04/07 09:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative
[2010/04/07 08:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/04/07 08:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/04/07 08:51:07 | 001,389,056 | R--- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2010/04/07 08:35:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP
[2010/04/06 21:45:17 | 000,111,360 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
[2010/04/06 21:45:17 | 000,009,728 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\RtNicProp32.dll
[2008/10/04 15:37:16 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2008/10/04 15:12:42 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008/10/04 15:12:42 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2002/04/11 10:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 14:28:47 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/05/05 14:28:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/05/05 14:27:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/05/05 14:25:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/05/05 14:00:00 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2010/05/05 11:09:40 | 001,121,724 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/05 11:09:40 | 000,510,654 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/05/05 11:09:40 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/05 11:09:40 | 000,084,730 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/05/05 11:09:40 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/05 11:05:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 11:05:27 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/05 11:04:52 | 000,000,692 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/05 11:04:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/05 11:04:52 | 000,000,224 | RHS- | M] () -- C:\boot.ini
[2010/05/05 11:04:42 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/05 11:04:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/05 11:04:09 | 000,173,776 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/05 11:04:07 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/05 11:03:28 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT
[2010/05/05 11:03:28 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
[2010/05/05 11:03:18 | 008,477,432 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2010/05/03 13:31:35 | 000,137,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/05/03 13:31:22 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 00:14:16 | 000,162,848 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Sans titre.JPG
[2010/04/21 14:07:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/21 14:07:56 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/04/20 13:40:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2010/04/18 23:02:33 | 000,001,386 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\TeamScripT 4.1.lnk
[2010/04/16 22:26:30 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/04/15 13:52:19 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\housecall.guid.cache
[2010/04/15 08:21:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 08:21:49 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/13 15:16:13 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Raccourci vers Pure.exe.lnk
[2010/04/12 17:52:22 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\RegistryBooster.lnk
[2010/04/10 21:58:06 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\TeamSpeak 3 Client.lnk
[2010/04/08 14:54:54 | 000,040,930 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/04/07 21:40:12 | 000,000,132 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2010/04/07 20:54:39 | 000,001,769 | ---- | M] () -- C:\WINDOWS\Language_trs.ini
[2010/04/07 09:29:00 | 000,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/04/07 09:29:00 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/05 14:28:47 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/05/05 14:28:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/05/05 14:27:19 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/23 23:53:19 | 000,162,848 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Sans titre.JPG
[2010/04/20 13:53:12 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/20 13:47:41 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/04/20 13:47:33 | 000,007,167 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/04/20 13:40:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/04/18 22:58:07 | 000,001,386 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\TeamScripT 4.1.lnk
[2010/04/16 22:26:30 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/04/15 13:52:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\housecall.guid.cache
[2010/04/15 08:21:49 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/12 17:49:52 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\RegistryBooster.lnk
[2010/04/10 21:58:06 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\TeamSpeak 3 Client.lnk
[2010/04/08 14:54:43 | 000,032,768 | R--- | C] () -- C:\WINDOWS\DAODx.exe
[2010/04/07 22:34:00 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/04/07 22:34:00 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/04/07 20:54:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/04/07 20:54:57 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/04/07 08:53:53 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/04/07 08:50:42 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/03/06 13:59:08 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/10 23:28:53 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2009/03/25 11:32:04 | 000,000,119 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/11/29 23:53:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2008/11/29 23:37:48 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2008/11/29 23:37:48 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/10/29 11:27:22 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu.sys
[2008/10/29 11:27:22 | 000,001,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2008/10/29 11:27:13 | 000,000,132 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/10/25 10:00:50 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/21 19:12:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2008/10/11 09:19:34 | 000,000,191 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/10 07:29:31 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/10/08 15:12:36 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/08 15:12:36 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/10/05 16:57:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/05 16:29:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/10/05 16:28:54 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2008/10/05 16:28:54 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2008/10/05 16:28:54 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2008/10/04 17:58:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/10/04 17:58:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/10/04 17:58:20 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/10/04 16:35:18 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/10/04 16:26:46 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/10/04 16:16:34 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/10/04 15:39:07 | 000,000,507 | ---- | C] () -- C:\WINDOWS\LMABB2DD.ini
[2008/10/04 15:19:44 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/10/04 15:19:44 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/10/04 15:17:47 | 000,040,930 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/10/04 15:17:31 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/04 14:48:22 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2008/10/04 14:48:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008/06/25 19:29:59 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/01/26 03:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 03:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/08/22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/10/02 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== LOP Check ==========

[2008/10/15 09:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ACD Systems
[2008/10/27 17:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Big Fish Games
[2009/01/24 22:33:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Canon
[2009/12/04 12:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Capcom
[2009/06/28 14:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Carnival Software
[2009/10/18 18:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DarkBls
[2008/10/06 22:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Disney Interactive Studios
[2008/10/04 15:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\EliasAE
[2009/03/04 16:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\EPSON
[2008/10/04 15:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ESET
[2008/10/05 16:46:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FileZilla
[2008/12/18 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Flood Light Games
[2008/10/07 13:55:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\FMZilla
[2009/07/29 23:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\HouseCall 6.6
[2009/07/07 22:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ImgBurn
[2008/10/17 21:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Leadertech
[2008/10/10 07:29:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Megaupload
[2009/07/08 20:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\NewsLeecher
[2010/04/13 06:19:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Notepad++
[2009/10/26 11:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PlayFirst
[2008/10/29 15:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Pro Cycling Manager 2008 - Demo
[2009/12/04 13:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ProtectDisc
[2009/04/23 21:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Radmin
[2009/12/13 12:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Razer
[2010/04/07 21:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Samsung
[2008/12/13 15:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Screaming Bee
[2008/10/04 22:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SystemRequirementsLab
[2009/12/21 23:19:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TS3Client
[2009/05/09 12:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\TuneUp Software
[2010/04/12 17:40:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Uniblue
[2009/10/26 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Zylom
[2009/10/22 18:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3DVIA
[2008/10/04 15:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2008/11/12 16:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2010/01/19 22:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2009/01/24 20:28:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/19 20:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/04/15 17:35:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/10/04 15:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/10/04 15:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
[2008/12/18 22:05:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/10/26 13:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2009/10/26 11:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2008/10/08 20:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/07/19 18:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jeu_Oie
[2008/12/19 18:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/11/01 15:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2010/04/07 13:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2009/09/03 16:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/01/18 16:05:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2009/10/26 11:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/07/18 11:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2008/10/08 15:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RTL Winter Sports 2008
[2009/10/26 11:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/12/13 15:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2010/04/07 20:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Synetic
[2009/09/09 16:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/14 16:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009/05/09 12:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2009/01/17 23:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VideoSpin
[2009/03/25 16:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/05/09 12:06:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/11/12 22:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/19 23:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Notepad++
[2009/12/11 09:06:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Notepad++
[2010/05/05 14:00:00 | 000,000,526 | ---- | M] () -- C:\WINDOWS\Tasks\Maintenance en 1 clic.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2007/03/07 12:47:30 | 000,119,808 | ---- | M] (ATI Technologies Inc.) MD5=F1B9E3A223CA684D98BB91FD82157601 -- C:\D\M\AT\ahcix86.sys

<MD5>
[2008/06/25 19:29:55 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/06/25 19:29:55 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

<MD5>
[2008/06/25 19:30:16 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2008/05/07 23:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\D\M\I4\IASTOR.SYS
[2007/09/29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\D\M\I3\IASTOR.SYS

<MD5>
[2008/06/25 19:30:43 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

<MD5>
[2006/08/21 12:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\drivers\nvata.sys
[2006/08/21 12:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvata.sys

<MD5>
[2006/02/26 17:21:18 | 000,089,856 | ---- | M] (NVIDIA Corporation) MD5=83F0275A21D9772B51CEF57E35AFAE61 -- C:\D\M\N\123\NVATABUS.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\D\M\N\TM\NVATABUS.sys
[2008/07/03 10:22:08 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvatabus.sys

<MD5>
[2007/07/27 22:16:02 | 000,105,984 | ---- | M] (NVIDIA Corporation) MD5=4BC4BAAED05161E0D331627E90A10745 -- C:\D\M\N\6\nvgts.sys
[2008/08/18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\WINDOWS\system32\drivers\nvgts.sys

<MD5>
[2007/07/27 22:15:56 | 000,116,736 | ---- | M] (NVIDIA Corporation) MD5=77AC69AC4F07BD9D29528B8FCC71FB49 -- C:\D\M\N\6\nvrd32.sys

<MD5>
[2008/06/25 19:30:54 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<MD5>
[2008/01/22 20:02:24 | 000,117,248 | ---- | M] (VIA Technologies inc,.ltd) MD5=3A82A61E312ADDB3BE8F1FE3481842B1 -- C:\D\M\V\viamraid.sys

<MD5>
[2008/04/03 21:42:34 | 000,053,248 | ---- | M] (VIA Technologies, Inc.) MD5=682D704CA5B1FEDE6C4BEF0E2188745C -- C:\D\M\V4\VIPRT.SYS

<systemroot>

<systemroot>
[2009/03/16 22:27:14 | 000,442,368 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
<End>
tft13
 
Messages: 15
Inscription: 05 Mai 2010, 10:26

Messagede tft13 » 05 Mai 2010, 13:51

OTL Extras logfile created on: 05/05/2010 14:38:34 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 66.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 273.08 Gb Free Space | 58.63% Space Free | Partition Type: NTFS
Drive D: | 485.46 Gb Total Space | 451.36 Gb Free Space | 92.98% Space Free | Partition Type: NTFS
Drive E: | 446.05 Gb Total Space | 445.97 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUREAU
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE ()

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-606747145-1085031214-682003330-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 ()
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 ()
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 ()
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 ()
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" ()
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 ()
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 ()
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3689:TCP" = 3689:TCP:*:Enabled:itunes1
"5353:UDP" = 5353:UDP:*:Enabled:itunes2
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- (Pinnacle Systems)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Program Files\TmNationsForever\TmForever.exe" = C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe" = C:\Program Files\KONAMI\Pro Evolution Soccer 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:FlashGet -- (FlashGet.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\sopvod.exe" = C:\Program Files\SopCast\sopvod.exe:*:Enabled:sopvod -- ()
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Call of Duty\Modern Warfare 2\iw4mp.exe" = C:\Program Files\Call of Duty\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp -- ()
"C:\Documents and Settings\Administrateur\Bureau\fo2\FlatOut2\FlatOut2\FlatOut2.exe" = C:\Documents and Settings\Administrateur\Bureau\fo2\FlatOut2\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2 -- ()
"C:\Program Files\Java\jre1.6.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_06\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\TmUnitedForever\TmForever.exe" = C:\Program Files\TmUnitedForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Program Files\LucasArts\Star Wars Battlefront II\Star Wars Battlefront II\GameData\battlefrontii.exe" = C:\Program Files\LucasArts\Star Wars Battlefront II\Star Wars Battlefront II\GameData\battlefrontii.exe:*:Disabled:battlefrontii -- ()
"C:\Program Files\TmUnitedForever\TmForeverLauncher.exe" = C:\Program Files\TmUnitedForever\TmForeverLauncher.exe:*:Enabled:TmForeverLauncher.exe -- ()
"C:\Program Files\sixteen tons entertainment\Gotcha!\Gotcha.exe" = C:\Program Files\sixteen tons entertainment\Gotcha!\Gotcha.exe:*:Disabled:Gotcha! -- (sixteen tons entertainment)
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02C47AB7-0EFA-4804-BCFC-63DD27698B89}" = Stunt GP Demo
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05A6BB0F-29D8-C438-7938-DCF738A67631}" = CCC Help Turkish
"{066A9382-003A-2AC4-26C6-F209DA8C8091}" = CCC Help English
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B51F3C2-FB16-FC36-F226-275CC818D22D}" = ccc-core-static
"{0B9E0BD1-328D-415C-80A5-6B0028F0C104}" = Call of Duty(R) 2 Patch 1.2
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{109E9521-50C8-CB7F-9B45-F151A950B779}" = CCC Help Japanese
"{10F3AB60-69B4-0847-B2D1-ACE7E1FB4A7E}" = Skins
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{1EE844AB-6ECB-89B5-071C-E3A918CB1751}" = CCC Help Norwegian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{211E8730-5681-49ED-BC6A-78C9F88E95F5}" = Adobe Shockwave Player
"{228AFF4C-6AFD-A056-D626-F84049324EE6}" = CCC Help Chinese Traditional
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{31B83FA4-2D2B-1824-CEC9-3719898325BF}" = Catalyst Control Center Localization All
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{348B2B84-B1EE-7EC5-0D83-C0B1D7F1AFD1}" = CCC Help Portuguese
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39CB7912-6AF3-B874-5DBF-CEBF8ED371D9}" = CCC Help Dutch
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3BC8D2F1-8CA2-4AF9-99C7-8598AFFDEF8F}" = Thrillville(TM): '07
"{3CDF9C0F-6C77-4307-80A6-0A9D47C174D8}_is1" = Call of Duty Modern Warfare 2
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45C16B95-8454-ABE8-3E27-66C7506E5241}" = Catalyst Control Center Graphics Previews Common
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4BF1D2E7-F003-4AD9-9820-525126BA9038}" = Gotcha!
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}" = Pinnacle VideoSpin
"{52712563-D0AC-FC9C-E20B-714F9F1CD51D}" = CCC Help Czech
"{52B4C42B-A110-4236-95C8-AA4B137C16AC}" = EPSON CopyFactory
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteur™
"{5FC5E89C-31B1-07AE-BC55-3CF38624F903}" = Catalyst Control Center HydraVision Full
"{608094C6-C386-45E4-B13C-BC1735854459}" = Atomic Time Synchronizer
"{60A70F50-80EE-2F1D-8AE9-D5F67989FFF2}" = CCC Help Spanish
"{61D13FAA-A78F-0A1F-C7C0-767059D4156B}" = CCC Help German
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A6DCB18-3ECB-46DC-894B-5EFE08C0BD9B}" = Mega Manager
"{6C89B82E-AD76-7715-43EA-C37E563E83BB}" = ATI Catalyst Install Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{76563402-16FE-4A15-8E32-83B1773DBFC9}" = Ma-Config.com
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{811C07FB-CBB5-DF79-74E8-A2424ADAADB8}" = Catalyst Control Center Graphics Light
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{86689842-0863-5EEE-64EC-454C5231F2B6}" = Catalyst Control Center Graphics Full Existing
"{8737FB98-C705-3C80-D71E-1948E0D7E55F}" = Catalyst Control Center Core Implementation
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADC9D36-06E9-B91E-F691-6EA30703FC6D}" = CCC Help Italian
"{8BD2EF4D-C31E-2C8E-1914-953C3CE4EC51}" = CCC Help Polish
"{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}" = Add-in ODF pour Microsoft Word
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_ENTERPRISE_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_ENTERPRISE_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-040C-0000-0000000FF1CE}" = Complément Microsoft Enregistrer en tant que PDF ou XPS pour programmes Microsoft Office 2007
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_ENTERPRISE_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9D79B68E-DF5D-D100-E417-FEB3614AB6F8}" = CCC Help Greek
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A274DC14-20D1-C584-8275-44BA438CE1B1}" = CCC Help Danish
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A4FED512-C47E-E26D-0FA9-6B54CD861DD2}" = CCC Help Finnish
"{A6A05330-CEC5-28F6-8778-0CC180CB4C72}" = CCC Help Russian
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB8E4806-1B32-FF6C-88B8-24B77F7E66E1}" = CCC Help Korean
"{AC5019DA-5DC2-44E6-808A-1A68F3CCA79D}" = Caricature Studio Green 3.6
"{AC76BA86-7AD7-1036-7B44-A81200000003}" = Adobe Reader 8.1.2 - Français
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B0B56CEE-7747-EABD-1A23-BFE2E45F08A4}" = CCC Help Thai
"{B1D7660F-F2ED-3795-FCA2-78CF2E3902AB}" = Catalyst Control Center Graphics Full New
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B67150E1-369B-5A3A-8C7B-A374CEA78BEB}" = ccc-core-preinstall
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0DDC931-CD9C-4527-872A-5FA96F6EF77F}" = The Hulk(TM) Demo
"{C0F714B9-D7C0-ABD8-09B1-779067765618}" = CCC Help Hungarian
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2498EDC-4126-03A7-DB78-4012D4A9BF0E}" = CCC Help French
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE7E690-99FF-7EE3-1331-8547545E7F66}" = ccc-utility
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D1A82B5C-580E-AEFE-96F2-0A20715C5C74}" = CCC Help Swedish
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5DE2E28-2BA1-4CF8-A4C5-D3D2AE0A9E38}" = DAMN NFO Viewer Setup
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DD81E669-A068-FA5C-6BFD-606790A14171}" = CCC Help Chinese Standard
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Gestionnaire de photos
"0D91165CEEB2095316E8A04A59CDF0AE4B957C61" = Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0)
"13860389BCE916343D6A5C65169C6F0C6BF6E3EA" = Windows Driver Package - Cypress (CyUsb) USB
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"7BDD6421B73797179E9A97E5C7DE019FBC77147F" = Windows Driver Package - Razer (HidUsb) HIDClass (04/04/2009 1.0.5.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"adsl TV" = adsl TV
"AI RoboForm" = AI RoboForm (All Users)
"All ATI Software" = ATI - Utilitaire de désinstallation du logiciel
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C248DC5465E4500BAAAE52DF5A4C1714C1714ABE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/10/2007 1.00)
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"ChronoShutdown" = Chrono Shutdown
"ClipName" = ClipName
"CMenu" = CMenu
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Console" = Console 2
"DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
"Driver Cleaner" = Driver Cleaner 3
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EAXSet" = Paramètres EAX Creative
"Enregistrement utilisateur de Canon iP2600 series" = Enregistrement utilisateur de Canon iP2600 series
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"eXPander" = XPero's eXPander
"FileCase" = File Case Shell Extension
"FlashGet" = FlashGet 1.9.6.1073
"GameSpy Arcade" = GameSpy Arcade
"Hamachi" = Hamachi 1.0.3.0
"HashTab" = HashTab 2.1
"HighwayNights Demo" = Crash Time III Demo (remove only)
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3BC8D2F1-8CA2-4AF9-99C7-8598AFFDEF8F}" = Thrillville(TM): '07
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWatch Pro 2.5" = InstallWatch Pro 2.5
"Internet Scrabble Club_is1" = WordBiz version 1.8
"JDownloader" = JDownloader
"Lexmark_HostCD" = Désinstallation du logiciel Lexmark
"MakeISO" = MakeISO
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marsu-Fix 2.5" = Marsu-Fix 2.5
"Media Player Classic" = Media Player Classic fr
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MMM" = Mmm
"ModifyPE" = ModifyPE
"Monopoly Deluxe" = Monopoly Deluxe
"Motocross Madness 2" = Microsoft Motocross Madness 2
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1b
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"PKR" = PKR
"PokerStars" = PokerStars
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"qt7lite_is1" = QT Lite 2.6.0
"QuickPar" = QuickPar 0.9
"RealAlt_is1" = Real Alternative 1.8.0 Lite
"RefreshEM" = RefreshEM
"RegMerger" = Reg File Merger
"RegShot" = RegShot
"Replacer" = Replacer
"Reshack" = Resource Hacker
"rFactor" = rFactor (remove only)
"RunWith" = Run Program Shell Extension
"Seismovision 3" = Seismovision 3 (remove only)
"SendTo" = Utilitaires "Envoyer vers"
"SopCast" = SopCast 3.0.1
"SPEAKER" = Paramètres de haut-parleur Creative
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"SystemRequirementsLab" = System Requirements Lab
"TeamScripT 4.1" = TeamScripT 4.1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamSpeak Client_is1" = TeamSpeak Client
"TmNationsForever_is1" = TmNationsForever_Fix_2008_11_26
"TmUnitedForever_is1" = TmUnitedForever
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"TVAnts 1.0" = TVAnts 1.0
"Unlocker" = Unlocker 1.8.7
"UT2004" = Unreal Tournament 2004
"VexcastPlayer2.0" = VexcastPlayer2.0
"VistaWalls" = Windows Vista Wallpapers
"VLC media player" = VLC media player 1.0.0-rc1
"WaveStudio 7" = Creative WaveStudio 7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WhyReboot" = WhyReboot
"Windows Live Safety Scanner" = Windows Live Safety Scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Installation Windows Live
"WinMover_is1" = WinMover 3.2.0.6
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xtremsplit" = Xtremsplit
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-606747145-1085031214-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"207s2000 1.1 for rFactor" = 207s2000 1.1 for rFactor
"TravManager" = TravManager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/01/2010 13:08:39 | Computer Name = BUREAU | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

Error - 27/01/2010 11:08:08 | Computer Name = BUREAU | Source = MsiInstaller | ID = 1013
Description = Produit : AGEIA PhysX v7.09.13 -- Installation terminated

Error - 27/01/2010 11:11:46 | Computer Name = BUREAU | Source = MsiInstaller | ID = 1013
Description = Produit : AGEIA PhysX v7.09.13 -- Installation terminated

Error - 30/01/2010 10:30:15 | Computer Name = BUREAU | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 30/01/2010 10:30:15 | Computer Name = BUREAU | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

Error - 30/01/2010 10:42:32 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Application bloquée UT2004.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 30/01/2010 10:42:36 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Application bloquée UT2004.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 31/01/2010 15:43:46 | Computer Name = BUREAU | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 80070422 à partir de la ligne 44
de d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 31/01/2010 15:47:31 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Application bloquée CoD2MP_s.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 31/01/2010 16:32:03 | Computer Name = BUREAU | Source = Application Hang | ID = 1002
Description = Application bloquée CoD2MP_s.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

[ OSession Events ]
Error - 17/01/2010 11:20:13 | Computer Name = BUREAU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 541
seconds with 480 seconds of active time. This session ended with a crash.

Error - 17/01/2010 11:20:43 | Computer Name = BUREAU | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/05/2010 05:05:24 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7000
Description = Le service Pilote de port parallèle n'a pas pu démarrer en raison
de l'erreur : %%1058

Error - 05/05/2010 05:05:24 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7001
Description = Le service Notification d'événement système dépend du service Système
d'événements de COM+ qui n'a pas pu démarrer en raison de l'erreur : %%1058

Error - 05/05/2010 05:05:24 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7001
Description = Le service Windows Service Pack Installer update service dépend du
service Gestionnaire de comptes de sécurité qui n'a pas pu démarrer en raison de
l'erreur : %%1058

Error - 05/05/2010 05:05:24 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%126

Error - 05/05/2010 05:05:28 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%126

Error - 05/05/2010 05:05:28 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%126

Error - 05/05/2010 07:31:13 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%126

Error - 05/05/2010 07:31:13 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%126

Error - 05/05/2010 07:31:42 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%126

Error - 05/05/2010 07:31:42 | Computer Name = BUREAU | Source = Service Control Manager | ID = 7023
Description = Le service Explorateur d'ordinateur s'est arrêté avec l'erreur : %%126

[ TuneUp Events ]
Error - 21/05/2009 08:06:37 | Computer Name = BUREAU | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-21 14:06:37', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5140',0)

Error - 21/05/2009 08:06:42 | Computer Name = BUREAU | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-05-21 14:06:42', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','5476',0)

Error - 08/07/2009 02:26:55 | Computer Name = BUREAU | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-07-08 08:26:55', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1884',0)

Error - 09/09/2009 09:54:09 | Computer Name = BUREAU | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-09 15:54:09', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','424',0)

Error - 26/09/2009 06:51:18 | Computer Name = BUREAU | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-09-26 12:51:18', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2988',0)

Error - 10/04/2010 14:02:54 | Computer Name = BUREAU | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-10 19:02:54', '\device\harddiskvolume3\program
files\malwarebytes' anti-malware\mbam.exe','4004',0)

Error - 10/04/2010 14:03:14 | Computer Name = BUREAU | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-10 19:03:14', '\device\harddiskvolume3\program
files\malwarebytes' anti-malware\unins000.exe','4052',0)

Error - 05/05/2010 08:27:25 | Computer Name = BUREAU | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-05-05 14:27:25', '\device\harddiskvolume3\program
files\malwarebytes' anti-malware\mbam.exe','1300',0)


<End>
tft13
 
Messages: 15
Inscription: 05 Mai 2010, 10:26

Messagede tft13 » 09 Mai 2010, 08:56

un p'tit up, personne pour m'aiguiller ?
tft13
 
Messages: 15
Inscription: 05 Mai 2010, 10:26

Messagede nickW » 11 Mai 2010, 00:51

Bonsoir,

Tu utilises/tu as utilisé une version piratée de Adobe Photoshop CS4! :twisted:


Premiers nettoyages:


Étape 1: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3
Lien 4

Enregistrer le fichier sur le Bureau.


Étape 2: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-6660110630-5249769342-760524933-2291\recycle.exe) - C:\RECYCLER\S-1-5-21-6660110630-5249769342-760524933-2291\recycle.exe ()
O20 - HKU\S-1-5-21-606747145-1085031214-682003330-500 Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6660110630-5249769342-760524933-2291\recycle.exe) - C:\RECYCLER\S-1-5-21-6660110630-5249769342-760524933-2291\recycle.exe ()

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: tft13.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 4: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des quatre liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les quatre liens ci-dessus ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 5: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. La suite est donc dans le message suivant.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 11 Mai 2010, 00:52

Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. Ceci est la suite du message précédent.

Étape 6: Pas de processus de contrôle en temps réel
Si le PC a redémarré, et si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 7: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 8: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 9: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 10: Résultats
Envoyer en réponse:
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier SystemDrive\)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede tft13 » 11 Mai 2010, 13:37

bonjour

merci beaucoup, ci dessous les logs demandés !

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Administrateur on 11/05/2010 at 14:16:35.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\Administrateur\Bureau\rkill.exe


Rkill completed on 11/05/2010 at 14:16:48.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4090

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/05/2010 14:24:42
mbam-log-2010-05-11 (14-24-42).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 128867
Temps écoulé: 5 minute(s), 53 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Adparatus (Adware.Adparatus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MarketPrecision\DuhikiToolbar (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\RECYCLER\S-1-5-21-0324232222-888888379-781133308-1995 (Trojan.Agent.M) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6392.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6393.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6395.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6399.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6400.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6401.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6402.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6405.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6406.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6408.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6409.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-606747145-1085031214-682003330-500\Dc6410.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0324232222-888888379-781133308-1995\recyclebin.exe (Trojan.Agent.M) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0324232222-888888379-781133308-1995\Desktop.ini (Trojan.Agent.M) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wdm.dll (Trojan.Agent) -> Quarantined and deleted successfully.






========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 15629542 bytes
->Temporary Internet Files folder emptied: 93984796 bytes
->Java cache emptied: 88109676 bytes
->FireFox cache emptied: 36089681 bytes
->Flash cache emptied: 295046 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 318072 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 411130 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2921373 bytes
%systemroot%\System32 .tmp files removed: 733696 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5744 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 513984845 bytes

Total Files Cleaned = 718.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05112010_142843

Files\Folders moved on Reboot...
C:\Documents and Settings\Administrateur\Local Settings\Temp\~DFF97E.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT07bb4.TMP not found!

Registry entries deleted on Reboot...
tft13
 
Messages: 15
Inscription: 05 Mai 2010, 10:26

Messagede tft13 » 11 Mai 2010, 13:37

OTL logfile created on: 11/05/2010 14:32:55 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 70.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 271.59 Gb Free Space | 58.31% Space Free | Partition Type: NTFS
Drive D: | 485.46 Gb Total Space | 451.36 Gb Free Space | 92.98% Space Free | Partition Type: NTFS
Drive E: | 446.05 Gb Total Space | 445.97 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive F: | 74.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUREAU
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/05 14:25:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
PRC - [2010/04/07 23:41:04 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/25 14:42:48 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\system32\UAService7.exe
PRC - [2009/10/19 23:31:00 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/10/19 23:31:00 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/09 12:06:56 | 000,604,416 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2009/03/30 08:32:40 | 000,032,768 | R--- | M] () -- C:\WINDOWS\DAODx.exe
PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/16 01:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/16 01:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/07/17 14:10:30 | 000,888,832 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
PRC - [2008/06/25 19:30:17 | 001,573,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/05/01 22:15:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/15 05:41:52 | 001,040,384 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/09/14 03:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007/09/07 16:54:54 | 000,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2007/05/07 16:35:14 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2007/04/13 17:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2006/11/24 16:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
PRC - [2004/08/22 17:05:02 | 000,081,920 | ---- | M] (DAEMON'S HOME) -- C:\Program Files\D-Tools\daemon.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 14:25:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
MOD - [2008/06/25 19:30:42 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/05/01 22:15:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2006/05/03 22:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WinVNC4)
SRV - [2010/04/03 10:52:46 | 000,243,056 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2009/11/25 14:42:48 | 000,221,184 | ---- | M] (Sony DADC Austria AG.) [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2009/10/19 23:31:00 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/10/19 23:31:00 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/24 04:59:24 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/08/28 20:42:54 | 000,144,672 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/09 12:06:56 | 000,604,416 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009/05/09 12:06:55 | 000,361,216 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/04/27 14:21:36 | 000,028,928 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/02/16 01:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/01/07 18:21:08 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/11/12 16:15:21 | 000,069,120 | ---- | M] (BOONTY) [Disabled | Stopped] -- C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/04/13 17:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/04/03 11:16:34 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/01/26 19:05:17 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/12/10 23:30:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/19 23:31:00 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/10/09 03:45:02 | 000,341,504 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2009/09/16 13:38:38 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/06/26 16:29:34 | 001,656,960 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/16 23:33:02 | 003,597,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/02/26 13:40:10 | 000,099,856 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/02/16 01:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008/12/18 23:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 23:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 23:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/18 23:43:06 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/11/17 03:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008/10/25 10:05:04 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/10/14 02:15:42 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008/10/08 15:12:36 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/10/08 15:12:36 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/08/18 18:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/08/07 19:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/03 10:22:08 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2008/06/25 19:30:19 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/05/06 08:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008/04/13 11:46:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007/12/17 18:14:06 | 000,012,400 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007/08/02 18:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2007/06/15 11:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/06/14 14:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2007/06/13 19:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/01/12 20:09:53 | 000,082,296 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2006/10/23 12:09:48 | 000,027,776 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\habu.sys -- (HabuFltr)
DRV - [2006/09/27 00:21:10 | 000,021,920 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2006/08/21 12:24:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/07/10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006/07/05 14:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006/06/14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006/02/26 17:02:49 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2005/08/10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/06/17 17:41:10 | 000,026,496 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiU040B.sys -- (SaiU040B)
DRV - [2005/06/17 17:41:04 | 000,173,568 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH040B.sys -- (SaiH040B)
DRV - [2005/03/03 20:47:42 | 000,031,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CYUSB.sys -- (CyUsb)
DRV - [2005/01/10 19:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 19:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/08/22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/04/06 14:08:00 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 14:07:00 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 14:07:00 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [1998/10/06 15:36:26 | 000,001,984 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\papycpu.sys -- (papycpu)
DRV - [1998/10/06 15:36:26 | 000,001,888 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\papyjoy.sys -- (papyjoy)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.96
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.9
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..network.proxy.http: "128.195.54.161"
FF - prefs.js..network.proxy.http_port: 3124
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2008/10/04 15:44:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/13 23:08:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/07 23:41:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2008/10/04 14:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Extensions
[2010/05/11 14:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions
[2010/04/28 08:32:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/04 07:37:46 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/04/15 14:32:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/08 11:06:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/07 21:37:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/10/11 09:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\extension@openitonline.com
[2010/02/20 12:33:42 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\searchplugins\myiptest---ip-lookup.xml
[2009/06/09 23:41:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010/02/19 16:19:51 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/02/19 16:19:51 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/02/19 16:19:51 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2009/03/08 15:43:15 | 000,000,748 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml
[2010/02/19 16:19:51 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/02/19 16:19:51 | 000,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/08/18 21:50:59 | 000,001,397 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 rsgames.hs.llnwd.net
O1 - Hosts: 127.0.0.1 updates.rockstargames.com
O1 - Hosts: 127.0.0.1 socialclub.rockstargames.com
O1 - Hosts: 127.0.0.1 www.gamesforwindows.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [RunDAOD] C:\WINDOWS\DAODx.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: Barre RoboForm - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm ()
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Enregistrer le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Personnaliser le menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Remplir le formulaire - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/04 14:51:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/03/28 09:30:06 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/08/30 19:14:02 | 000,061,440 | R--- | M] () - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/01/18 11:19:08 | 000,000,053 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe -- [2006/08/30 19:14:02 | 000,061,440 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/11 14:28:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/09 11:50:39 | 000,000,000 | ---D | C] -- C:\Program Files\CyberQix
[2010/05/09 11:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2010/05/05 14:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/05/05 14:27:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/05 14:27:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/05 14:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/05 14:25:21 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/05/04 19:09:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\3DVIA
[2010/04/20 13:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010/04/20 13:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\ATI
[2010/04/20 13:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\ATI
[2010/04/20 13:48:36 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\ATI Technologies
[2010/04/20 13:48:10 | 000,099,856 | R--- | C] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys
[2010/04/20 13:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/04/20 13:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/04/20 13:23:15 | 000,000,000 | ---D | C] -- C:\ATI
[2010/04/18 22:57:51 | 000,000,000 | ---D | C] -- C:\TeamScripT 4.1
[2010/04/15 08:13:06 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2010/04/14 10:34:32 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2010/04/14 10:34:20 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2010/04/12 17:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2008/10/04 15:37:16 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll
[2008/10/04 15:12:42 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2008/10/04 15:12:42 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2002/04/11 10:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2010/05/11 14:31:19 | 000,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/05/11 14:31:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/11 14:30:56 | 000,000,526 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
[2010/05/11 14:30:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/11 14:30:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/11 14:30:34 | 000,173,776 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/11 14:30:32 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/11 14:29:52 | 008,126,464 | -H-- | M] () -- C:\Documents and Settings\Administrateur\NTUSER.DAT
[2010/05/11 14:29:52 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Administrateur\ntuser.ini
[2010/05/11 14:25:18 | 013,196,418 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2010/05/11 14:14:59 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\rkill.exe
[2010/05/10 09:02:31 | 000,137,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/05/10 09:02:00 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/05/09 11:51:05 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Téléfoot World Of Soccer.lnk
[2010/05/09 11:46:05 | 000,511,362 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/05/09 11:46:05 | 000,441,704 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/09 11:46:05 | 000,085,082 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/05/09 11:46:05 | 000,071,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/09 11:46:05 | 000,004,808 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/09 11:33:00 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Heroes of the Pacific.lnk
[2010/05/07 21:52:46 | 000,041,872 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/05/05 14:28:47 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/05/05 14:28:38 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/05/05 14:27:19 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/05/05 14:25:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2010/05/05 11:04:52 | 000,000,692 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/05 11:04:52 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/05 11:04:52 | 000,000,224 | RHS- | M] () -- C:\boot.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 00:14:16 | 000,162,848 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\Sans titre.JPG
[2010/04/21 14:07:57 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/21 14:07:56 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/04/20 13:40:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2010/04/18 23:02:33 | 000,001,386 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\TeamScripT 4.1.lnk
[2010/04/15 13:52:19 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\housecall.guid.cache
[2010/04/15 08:21:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 08:21:49 | 000,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/12 17:52:22 | 000,000,749 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\RegistryBooster.lnk

========== Files Created - No Company Name ==========

[2010/05/11 14:14:57 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\rkill.exe
[2010/05/09 11:51:05 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Téléfoot World Of Soccer.lnk
[2010/05/09 11:32:59 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Heroes of the Pacific.lnk
[2010/05/07 21:52:46 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2010/05/05 14:28:47 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/05/05 14:28:38 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\ERUNT.lnk
[2010/05/05 14:27:19 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/04/23 23:53:19 | 000,162,848 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\Sans titre.JPG
[2010/04/20 13:53:12 | 2145,570,816 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/20 13:47:41 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/04/20 13:47:33 | 000,007,167 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/04/20 13:40:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/04/18 22:58:07 | 000,001,386 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\TeamScripT 4.1.lnk
[2010/04/15 13:52:19 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\housecall.guid.cache
[2010/04/15 08:21:49 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/04/12 17:49:52 | 000,000,749 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\RegistryBooster.lnk
[2010/04/07 22:34:00 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/04/07 22:34:00 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/04/07 20:54:57 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/04/07 20:54:57 | 000,012,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/04/07 08:50:42 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/03/06 13:59:08 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/05/10 23:28:53 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2009/03/25 11:32:04 | 000,000,119 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/11/29 23:53:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2008/11/29 23:37:48 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2008/11/29 23:37:48 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/10/29 11:27:22 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu.sys
[2008/10/29 11:27:22 | 000,001,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2008/10/29 11:27:13 | 000,000,132 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/10/25 10:00:50 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/10/22 06:29:06 | 000,173,550 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/21 19:12:46 | 000,000,040 | ---- | C] () -- C:\WINDOWS\TSC.INI
[2008/10/11 09:19:34 | 000,000,191 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/10/10 07:29:31 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/10/08 15:12:36 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/08 15:12:36 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/10/05 16:57:35 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/05 16:29:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/10/05 16:28:54 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2008/10/05 16:28:54 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2008/10/05 16:28:54 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2008/10/04 17:58:20 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008/10/04 17:58:20 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008/10/04 17:58:20 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2008/10/04 16:35:18 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/10/04 16:26:46 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/10/04 16:16:34 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/10/04 15:39:07 | 000,000,507 | ---- | C] () -- C:\WINDOWS\LMABB2DD.ini
[2008/10/04 15:19:44 | 000,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/10/04 15:19:44 | 000,000,396 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2008/10/04 15:17:47 | 000,040,930 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/10/04 15:17:31 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/10/04 14:48:22 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2008/10/04 14:48:22 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008/06/25 19:29:59 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/01/26 03:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 03:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/14 14:38:28 | 000,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/08/22 17:04:56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2003/10/02 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
<End>
tft13
 
Messages: 15
Inscription: 05 Mai 2010, 10:26

Messagede tft13 » 11 Mai 2010, 13:39

voila, je n'ai plus de programme au démarrage, mais une dernière question :

ma corbeille, bien que visuellement vide, m'indique 9 fichiers présent.. quand je veux la vider , cela me met un message indiquant qu'elle ne peut pas supprimer un fichier...pourtant elle est apparemment vide....
tft13
 
Messages: 15
Inscription: 05 Mai 2010, 10:26

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 7 invités