Comment se débarasser de Sécurity tool?

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Comment se débarasser de Sécurity tool?

Messagede hurorei » 10 Oct 2010, 12:28

Depuis hier j'ai Sécurity tool qui me dit que j'ai pas mal de virus, trojans ... et qui m'empeche de faire quoi que se soit.
Quelqu'un peut m'aider pour empecher tout cela ?
j'ai utiliser malwarebytes ..., me suis renseigner sur des sites ... mais j'ai un peu de mal (avec internet)

Si vous avez des idées
Merci
hurorei
 
Messages: 5
Inscription: 10 Oct 2010, 12:24

Messagede nickW » 10 Oct 2010, 13:13

Bonjour,

Question préliminaire:
Quel est le système d'exploitation du PC?
(Windows quoi, version 32bit ou 64bit, avec quel SP)

Peux-tu suivre les instructions de ce sujet et envoyer les trois rapports demandés?

Si rien ne fonctionne, réponds au moins à la question préliminaire.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede hurorei » 10 Oct 2010, 14:01

système d'exploitation: windows vista 32 bits

SP ???

rapport de malwarebyts:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4787

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18943

10/10/2010 13:01:23
mbam-log-2010-10-10 (13-01-23).txt

Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 319956
Temps écoulé: 1 heure(s), 34 minute(s), 34 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 56

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\TypeLib\{18af7201-4f14-4bcf-93fe-45617cf259ff} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{df76e9b7-35ec-46fc-af56-5b79ded9d64f} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b6acb3f1-6a83-432c-b854-3e1056f87f4e} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819db72d-1c28-4387-9778-e2ff3dc86f74} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eoengine (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eorezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang (Rogue.Eorezo) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\stephane\Local Settings\Application Data\nggefxx_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\stephane\Local Settings\Application Data\nggefxx_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\stephane\Local Settings\Application Data\nggefxx.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\eorezo.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Users\stephane\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoBHO.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\SpiderMessenger\SpiderMessenger.exe (Spyware.AgenceExclusive) -> Quarantined and deleted successfully.
C:\Users\stephane\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\confmedia.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\eoEngine.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoMultiLanguage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoComm.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoImg_17.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoImg_19.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoImg_20.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoImg_21.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoImg_22.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoImg_23.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_16.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_17.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_18.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_20.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_21.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_26.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_27.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_28.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_29.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_30.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\FreeImage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\Host.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\MngInstaller.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\unins000.dat (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\unins000.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\unins001.dat (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\unins001.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\user.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\atl90.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\mfc90.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.ATL.manifest (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.CRT.manifest (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.MFC.manifest (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\msvcr90.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eoclock.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eoengine.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eonet.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eoweather.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_en.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_es.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_fr.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_it.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Users\stephane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
hurorei
 
Messages: 5
Inscription: 10 Oct 2010, 12:24

Messagede hurorei » 10 Oct 2010, 14:03

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18943

10/10/2010 14:51:45
mbam-log-2010-10-10 (14-51-45).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 121272
Temps écoulé: 10 minute(s), 33 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\stephane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> No action taken.

==> j'ai eu celui la en analyse simple
hurorei
 
Messages: 5
Inscription: 10 Oct 2010, 12:24

Messagede hurorei » 10 Oct 2010, 14:16

OTL:

extra.txt:
OTL Extras logfile created on: 10/10/2010 14:54:09 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\stephane\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 53,49 Gb Free Space | 18,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-STEPHANE
Current User Name: stephane
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03986087-7075-40BB-9042-1A64DCB20E1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22FEED60-47CE-4DAA-B215-624AE7FE8030}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25E930FA-6EAD-4AB1-B468-161A17F52999}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{2AE831C5-2328-4351-ACB9-852C19A73EF6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{47BBC266-47F3-4429-8FA5-A5672B02E30A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B336C31-6D64-42B3-BA1D-C3534A7ADC49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BD98BA6-4F6D-4D78-9A96-149B4DA81D27}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6CDB3830-EDF6-4287-810F-9A956C75636E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{793E59BD-5C0B-4AEE-860B-2B2F6B5B8134}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B2F0E75-2A06-4038-B4FD-2404B266B99B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{7B3AB270-35E8-4DF1-A2B1-B5938CD5C09F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{81BFA2C6-4B7F-45B8-8DAC-D2EBE78DE068}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{869548C3-ECDC-4A01-93AA-AB0499529F04}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{87457856-4B2B-4025-886C-74981A3FA494}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{94FBE21E-888B-4C08-A15A-8D7B241351B4}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{B032749C-C78E-42B7-A68A-A2205F776F45}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B52DE3F3-A655-4F6F-955D-FCF18268BF3E}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{B751B4C5-7886-44CF-987F-F2D2BCE339DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CFFB770B-0273-41C6-BA81-DC3C173ED348}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DAD5EFC8-49D0-4EC9-B645-E5E88C43377A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC52FB27-0255-403C-B77E-EAE2D03A28D9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E4B27050-3A87-4C05-8BB4-D852D0966296}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E804A5FD-76C6-4EA6-B112-2C80B337724D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{E94CFD3F-E7F0-4BDB-B22B-9D735C1FEE40}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EC66F1E3-98BB-4366-8500-AD2F67A930D3}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0556F09D-0425-4A42-9C5A-FBE72BA294F8}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"{07B023E0-3703-4295-8EE9-6B2EE113993D}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{08A155BE-EF88-41F4-B8FA-86D872199D7E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{163720DE-ACB5-438C-B9EE-BA2BA8ABDA84}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{1A631D58-00A6-4222-9775-443561FA027F}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{20C0AC00-278F-49DD-A67B-6EB6AE2FCCC2}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{26E9C227-7BBD-4923-A0DB-993DB56C2B3A}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{34681B00-23FD-4CE9-AD75-5C0E06F07E62}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{3A709EF1-B9F4-4C89-B964-44500BA5D4D7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3B715BFF-023A-4632-90EC-7946707B776C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5EBD9A3F-45D0-48E3-BB16-EE3EBE3F2170}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6BC49BA2-026E-4064-B5A3-3FC9AC675886}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{77E8E552-13F3-46A6-BE0B-C3B07CA20F1F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{887D668A-6BDC-4B28-B902-649073509D12}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B4D86AF8-82A2-41B9-8B67-176E2B195C2E}" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{C315F853-C72F-47C9-AACB-762C07C7E4E5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D95A082E-FEB6-4AE4-80A5-A65A929DFCDE}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DA4CBCBC-0155-45D0-8641-C62124D68085}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DC73BF4A-386D-482D-A807-3AE0111CC445}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DE45257F-2080-4862-A527-3E948E06038F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E9598BBA-D9FB-48E9-8139-E82E3F56D986}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"{F4F02C01-63A2-43D4-AAF1-BE5BCD03F921}" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{1760BE05-1819-4464-B93F-8D2E48B9A613}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{1BAF17A7-E1ED-4932-A17E-FFB136193E53}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{1CF84EB4-E450-48C4-9242-827891DEE1CF}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{38A828A4-1FBB-49EC-A400-314CACA7704B}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{53CAA2F9-45C3-4105-81CF-CC4A7D4FF131}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{6713FF14-1DB3-4AA6-9E3D-07ACF66D9299}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{699AD19E-BB6D-4EC0-A4EC-61A2BDD1B728}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{6E1C475C-4EBA-463A-A3A8-666A9E005440}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{C55B6A77-F195-44EC-871E-B8B57969A37F}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe |
"TCP Query User{D28C9897-8889-44FA-A3DB-359A62DAD9AF}C:\program files\live-player\live-player.exe" = protocol=6 | dir=in | app=c:\program files\live-player\live-player.exe |
"TCP Query User{E6BFCD93-535E-4A78-BDF8-A9F85CC6B35C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F0845FAA-658F-4669-A9C0-6548C19E719E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{21F2C055-1CC4-4859-83AE-2BC54A7B0D6B}C:\program files\live-player\live-player.exe" = protocol=17 | dir=in | app=c:\program files\live-player\live-player.exe |
"UDP Query User{4025472C-1A9F-4DF0-86D9-B73B64D75484}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{44FC1E64-2756-47DA-8C3A-A433A849B25C}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{57AE0CC1-3911-4160-B847-7B48C96D2F9A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7D376BDC-AF45-4AF8-AC7B-C535B68F44F5}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{9B36564B-C9A7-456F-A768-CFD11298D691}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9FCB2C82-1537-48F4-8F19-A52624587E6C}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{A1E3220C-FC05-4A13-B4C8-42B02CD95E47}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{AFAFC885-52C6-4639-9403-06E0E7DC6F94}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{C18EEEC7-EDA6-4F00-9C70-14A144988CD1}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{EAAC8BE3-7B93-4ED6-B1E1-2F4BE82D9923}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe |
"UDP Query User{F1756E38-A9C1-47D3-B68B-E8429AA87BDB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works
"{0ED40D2A-7131-4FE7-941E-5C329336F712}" = HDReg France
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C02A760-1682-49AE-BB54-FA7D63BD3504}" = Ma-Config.com
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{53B20C18-D8D4-4588-8737-9BBFE303C354}" = Windows Live Movie Maker
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{61E8B062-51F9-4BBB-B1FC-E2A4A40944F5}" = Adobe Flash Player 9 Plugin
"{66039B36-96AE-40D1-8A32-071F7A61B738}" = Microsoft LifeChat
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}_PROR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}_PROR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}_PROR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}_PROR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9085040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{980B9958-1239-4FC5-8C88-AC5650321036}" = Nero 8 Essentials
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}" = Microsoft Antimalware Service FR-FR Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B2D7C787-7BFD-47b3-AE85-60146221015D}" = C4380_Help
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DE54F85C-DB65-4691-B15D-1EF9149F0FD6}" = MangaBrowser for SHONEN JUMP 40th
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F40C0988-E8B1-479b-80BD-D5FADAB9697A}" = C4380_doccd
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F7D27C70-90F5-49B9-B188-0A133C0CE353}" = Windows Live Toolbar
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"2ADF4484850200A062B66ED19240994480D85943" = Package de pilotes Windows - ITE Tech.Inc. (itecir) HIDClass (01/05/2007 5.0.0003.2)
"8461-7759-5462-8226" = Vuze
"AbiWord2" = AbiWord 2.6.6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeReader" = Adobe Reader 8
"AVerMedia A310 (MiniCard, DVB-T)" = AVerMedia A310 (MiniCard, DVB-T) 1.1.0.11
"Carbonite" = Carbonite
"Carbonite Setup Lite" = Protégez vos données
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eoEngine_is1" = eoEngine 9.1
"EoRezo_is1" = EoRezo 10.3
"ERUNT_is1" = ERUNT 1.1j
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 2.7
"Google Desktop" = Google Desktop
"Google Updater" = Outil de mise à jour Google
"GoogleBAE" = Google BAE
"GoogleDesktop" = GoogleDesktop
"GoogleToolbar" = GoogleToolbar
"HDMI_AudioSwitch" = HDMI Audio Switch
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0.0.1
"LCDTest" = Packard Bell LCD Test
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.7.6
"Messenger Plus! Live" = Messenger Plus! Live
"METABOLI" = Metaboli
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSN Toolbar" = Barre d'outils MSN
"Nero8" = Nero 8 Essentials
"NEUF_FR" = ADSL Neuf
"Neuf_Kit" = Neuf - Kit de connexion
"nggefxx" = Favorit
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OFF2k7_FR" = Microsoft® Office Trial 2007
"Picasa 3" = Picasa 3
"Picasa_2" = Picasa2
"Picasa2" = Picasa 2
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROR" = Version d'évaluation de Microsoft Office Professional 2007
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"SETUPMYPC_FR" = SetUp My PC
"SKYPE" = Skype 3.6.2.248
"SoftwareUpdate_is1" = SoftwareUpdate 1.0
"SopCast" = SopCast 3.0.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Updator" = Packard Bell Updator
"VLC media player" = VideoLAN VLC media player 0.8.4a
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Winamax_is1" = Winamax
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"works9se" = Microsoft Works 9 SE
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-436771057-208794786-2296091765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CGoban 3" = CGoban 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2009 15:36:52 | Computer Name = PC-de-stephane | Source = WinMgmt | ID = 10
Description =

Error - 12/11/2009 01:46:04 | Computer Name = PC-de-stephane | Source = WinMgmt | ID = 10
Description =

Error - 12/11/2009 12:45:39 | Computer Name = PC-de-stephane | Source = WinMgmt | ID = 10
Description =

Error - 13/11/2009 05:08:21 | Computer Name = PC-de-stephane | Source = WinMgmt | ID = 10
Description =

Error - 13/11/2009 05:49:03 | Computer Name = PC-de-stephane | Source = Windows Search Service | ID = 3013
Description =

Error - 13/11/2009 08:00:17 | Computer Name = PC-de-stephane | Source = MsiInstaller | ID = 1024
Description =

Error - 13/11/2009 08:00:19 | Computer Name = PC-de-stephane | Source = MsiInstaller | ID = 1021
Description =

Error - 13/11/2009 08:00:19 | Computer Name = PC-de-stephane | Source = MsiInstaller | ID = 1024
Description =

Error - 13/11/2009 08:02:18 | Computer Name = PC-de-stephane | Source = MsiInstaller | ID = 1024
Description =

Error - 13/11/2009 18:09:06 | Computer Name = PC-de-stephane | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 30/04/2009 17:24:26 | Computer Name = PC-de-stephane | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 358 seconds with 300 seconds of active time. This session ended with a crash.

Error - 04/05/2009 17:06:55 | Computer Name = PC-de-stephane | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 813 seconds with 780 seconds of active time. This session ended with a crash.

Error - 04/05/2009 17:09:41 | Computer Name = PC-de-stephane | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 105 seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/05/2009 04:49:42 | Computer Name = PC-de-stephane | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 738 seconds with 420 seconds of active time. This session ended with a crash.

Error - 05/05/2009 06:02:59 | Computer Name = PC-de-stephane | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 385 seconds with 360 seconds of active time. This session ended with a crash.

Error - 15/06/2009 16:04:42 | Computer Name = PC-de-stephane | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/08/2009 07:07:01 | Computer Name = PC-de-stephane | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/08/2009 07:57:26 | Computer Name = PC-de-stephane | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 08/09/2009 08:11:20 | Computer Name = PC-de-stephane | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/10/2009 10:30:48 | Computer Name = PC-de-stephane | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/12/2008 05:25:22 | Computer Name = PC-de-stephane | Source = Service Control Manager | ID = 7000
Description =

Error - 12/12/2008 05:25:23 | Computer Name = PC-de-stephane | Source = Service Control Manager | ID = 7009
Description =

Error - 12/12/2008 05:25:23 | Computer Name = PC-de-stephane | Source = Service Control Manager | ID = 7000
Description =

Error - 12/12/2008 05:29:27 | Computer Name = PC-de-stephane | Source = Service Control Manager | ID = 7009
Description =

Error - 12/12/2008 05:29:27 | Computer Name = PC-de-stephane | Source = Service Control Manager | ID = 7000
Description =

Error - 12/12/2008 05:30:03 | Computer Name = PC-de-stephane | Source = Service Control Manager | ID = 7009
Description =

Error - 12/12/2008 05:30:03 | Computer Name = PC-de-stephane | Source = Service Control Manager | ID = 7000
Description =

Error - 12/12/2008 05:38:20 | Computer Name = PC-de-stephane | Source = HTTP | ID = 15016
Description =

Error - 12/12/2008 05:39:27 | Computer Name = PC-de-stephane | Source = Service Control Manager | ID = 7000
Description =

Error - 12/12/2008 05:39:27 | Computer Name = PC-de-stephane | Source = Service Control Manager | ID = 7026
Description =


<End>
hurorei
 
Messages: 5
Inscription: 10 Oct 2010, 12:24

Messagede hurorei » 10 Oct 2010, 14:17

OTL.txt:

OTL logfile created on: 10/10/2010 14:54:09 - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\stephane\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 53,49 Gb Free Space | 18,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-STEPHANE
Current User Name: stephane
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\stephane\Desktop\OTL.scr (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated)


========== Modules (SafeList) ==========

MOD - C:\Users\stephane\Desktop\OTL.scr (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll (Microsoft Corporation)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.3053_none_d08d7bba442a9b36\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll ()
MOD - C:\Windows\System32\msshsq.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\duser.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\actxprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\System32\SLC.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\networkexplorer.dll (Microsoft Corporation)
MOD - C:\Windows\System32\thumbcache.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\IconCodecService.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (x10nets) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (X10)


========== Driver Services (SafeList) ==========

DRV - (OMCI) -- C:\Windows\System32\DRIVERS\OMCI.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (Ma-Config.com)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Pilote de carte Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NETw4v32) Pilote de carte Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-436771057-208794786-2296091765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
IE - HKU\S-1-5-21-436771057-208794786-2296091765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-436771057-208794786-2296091765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lo.st/
IE - HKU\S-1-5-21-436771057-208794786-2296091765-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-436771057-208794786-2296091765-1000\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL File not found
IE - HKU\S-1-5-21-436771057-208794786-2296091765-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-436771057-208794786-2296091765-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-436771057-208794786-2296091765-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-436771057-208794786-2296091765-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\SpiderMessengerHelper@spidermessenger.com:

[2008/12/26 17:51:23 | 000,000,000 | ---D | M] -- C:\Users\stephane\AppData\Roaming\mozilla\Extensions

O1 HOSTS File: ([2010/10/10 14:04:12 | 000,370,558 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 12775 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Barre d'outils MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-436771057-208794786-2296091765-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-436771057-208794786-2296091765-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-436771057-208794786-2296091765-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SpiderMessenger] File not found
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-436771057-208794786-2296091765-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-436771057-208794786-2296091765-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-436771057-208794786-2296091765-1000..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKU\S-1-5-21-436771057-208794786-2296091765-1000..\Run: [SpiderMessenger] File not found
O4 - HKU\S-1-5-21-436771057-208794786-2296091765-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-436771057-208794786-2296091765-1000..\RunOnce: [95291] C:\Users\stephane\AppData\Local\95291.exe ()
O4 - Startup: C:\Users\stephane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\stephane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-21-436771057-208794786-2296091765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-436771057-208794786-2296091765-1000\..Trusted Domains: localhost ([]http in Intranet local)
O15 - HKU\S-1-5-21-436771057-208794786-2296091765-1000\..Trusted Ranges: GD ([http] in Intranet local)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/So ... b56986.cab (Solitaire Showdown Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/Mi ... b56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\stephane\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\stephane\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0ffff4c6-1794-11de-b193-001e6867c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{0ffff4c6-1794-11de-b193-001e6867c2d1}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{4db614a2-d330-11dd-ab0b-001e6867c2d1}\Shell\AutoRun\command - "" = F:\start.exe -- File not found
O33 - MountPoints2\{4db614a2-d330-11dd-ab0b-001e6867c2d1}\Shell\FramaKey\command - "" = F:\start.exe -- File not found
O33 - MountPoints2\{8c7fc39b-89da-11de-b926-001e6867c2d1}\Shell\AutoRun\command - "" = G:\winlog.exe -- File not found
O33 - MountPoints2\{8c7fc39b-89da-11de-b926-001e6867c2d1}\Shell\open\command - "" = G:\winlog.exe -- File not found
O33 - MountPoints2\{a35d409d-016a-11de-b681-001e6867c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{a35d409d-016a-11de-b681-001e6867c2d1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/10 14:38:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/10 14:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/10 14:13:55 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/10/10 14:01:01 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\System32\VCCLSID.exe
[2010/10/10 14:01:01 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\System32\SrchSTS.exe
[2010/10/10 14:01:01 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\System32\swreg.exe
[2010/10/10 14:01:01 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\VACFix.exe
[2010/10/10 14:01:01 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.exe
[2010/10/10 14:01:01 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\IEDFix.C.exe
[2010/10/10 14:01:01 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\404Fix.exe
[2010/10/10 14:01:01 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\o4Patch.exe
[2010/10/10 14:01:01 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\System32\swxcacls.exe
[2010/10/10 14:01:01 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\System32\Agent.OMZ.Fix.exe
[2010/10/10 14:01:01 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\System32\Process.exe
[2010/10/10 14:00:54 | 000,000,000 | ---D | C] -- C:\Users\stephane\Desktop\SmitfraudFix
[2010/10/10 12:12:03 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\stephane\Desktop\OTL.scr
[2010/10/10 11:23:10 | 000,000,000 | ---D | C] -- C:\Users\stephane\AppData\Roaming\Malwarebytes
[2010/10/10 11:22:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/10 11:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/10 11:22:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/10 11:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/09 15:03:39 | 000,000,000 | ---D | C] -- C:\Users\stephane\Desktop\Gamble Fish 07
[2010/10/09 11:08:30 | 000,000,000 | ---D | C] -- C:\Users\stephane\Desktop\tournoi poussin
[2010/10/07 22:18:59 | 000,000,000 | ---D | C] -- C:\Users\stephane\Desktop\BKT_Chapitre_423_V1
[2010/09/29 17:06:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/17 23:33:37 | 000,000,000 | ---D | C] -- C:\Users\stephane\Desktop\triathlon
[2010/09/15 19:13:16 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/10 14:56:27 | 008,388,608 | -HS- | M] () -- C:\Users\stephane\ntuser.dat
[2010/10/10 14:44:14 | 000,001,356 | ---- | M] () -- C:\Users\stephane\AppData\Local\d3d9caps.dat
[2010/10/10 14:39:37 | 000,000,845 | ---- | M] () -- C:\Users\stephane\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/10 14:39:37 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/10 14:34:18 | 000,000,916 | ---- | M] () -- C:\Users\stephane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/10 14:34:16 | 000,000,736 | ---- | M] () -- C:\Users\stephane\Desktop\NTREGOPT.lnk
[2010/10/10 14:34:16 | 000,000,717 | ---- | M] () -- C:\Users\stephane\Desktop\ERUNT.lnk
[2010/10/10 14:32:09 | 000,513,320 | ---- | M] () -- C:\Users\stephane\Desktop\erunt.zip
[2010/10/10 14:23:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/10 14:17:38 | 000,098,380 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/10/10 14:17:38 | 000,098,380 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/10/10 14:17:22 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/10 14:17:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 14:17:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/10 14:17:11 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/10 14:17:11 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32E6C9B1-842B-4F49-8702-563A9EDC1638}.job
[2010/10/10 14:17:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/10 14:04:22 | 000,000,035 | ---- | M] () -- C:\Users\stephane\AppData\Roaming\SetValue.bat
[2010/10/10 14:04:21 | 000,004,384 | ---- | M] () -- C:\Windows\System32\tmp.reg
[2010/10/10 14:04:21 | 000,000,691 | ---- | M] () -- C:\Users\stephane\AppData\Roaming\GetValue.vbs
[2010/10/10 14:01:08 | 001,872,472 | ---- | M] () -- C:\Users\stephane\Desktop\SmitfraudFix.exe
[2010/10/10 13:30:06 | 000,524,288 | -HS- | M] () -- C:\Users\stephane\ntuser.dat{8e5c62a1-7578-11df-9792-001e6867c2d1}.TMContainer00000000000000000001.regtrans-ms
[2010/10/10 13:30:06 | 000,065,536 | -HS- | M] () -- C:\Users\stephane\ntuser.dat{8e5c62a1-7578-11df-9792-001e6867c2d1}.TM.blf
[2010/10/10 12:12:16 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\stephane\Desktop\OTL.scr
[2010/10/10 11:08:03 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/10 11:07:45 | 000,364,032 | ---- | M] () -- C:\Users\stephane\Desktop\rkill.scr
[2010/10/10 11:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Recovery DVD Creator-stephane.job
[2010/10/10 11:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\Extension de garantie-stephane.job
[2010/10/09 23:28:07 | 001,019,392 | ---- | M] () -- C:\Users\stephane\AppData\Local\95291.exe
[2010/10/08 19:07:55 | 000,119,808 | ---- | M] () -- C:\Users\stephane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/08 18:55:25 | 001,503,662 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/10/08 18:55:25 | 000,681,798 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/10/08 18:55:25 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/08 18:55:25 | 000,127,504 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/10/08 18:55:25 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/30 19:12:18 | 000,017,125 | ---- | M] () -- C:\Users\stephane\Documents\tirage dos.jpg
[2010/09/30 18:42:36 | 000,309,518 | ---- | M] () -- C:\Users\stephane\Documents\Numériser0001.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/10 14:39:37 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/10 14:34:18 | 000,000,916 | ---- | C] () -- C:\Users\stephane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/10 14:34:16 | 000,000,736 | ---- | C] () -- C:\Users\stephane\Desktop\NTREGOPT.lnk
[2010/10/10 14:34:16 | 000,000,717 | ---- | C] () -- C:\Users\stephane\Desktop\ERUNT.lnk
[2010/10/10 14:32:05 | 000,513,320 | ---- | C] () -- C:\Users\stephane\Desktop\erunt.zip
[2010/10/10 14:04:22 | 000,000,035 | ---- | C] () -- C:\Users\stephane\AppData\Roaming\SetValue.bat
[2010/10/10 14:04:21 | 000,000,691 | ---- | C] () -- C:\Users\stephane\AppData\Roaming\GetValue.vbs
[2010/10/10 14:01:30 | 000,004,384 | ---- | C] () -- C:\Windows\System32\tmp.reg
[2010/10/10 14:01:01 | 000,075,776 | ---- | C] () -- C:\Windows\System32\WS2Fix.exe
[2010/10/10 14:01:01 | 000,051,200 | ---- | C] () -- C:\Windows\System32\dumphive.exe
[2010/10/10 14:01:01 | 000,040,960 | ---- | C] () -- C:\Windows\System32\swsc.exe
[2010/10/10 14:00:39 | 001,872,472 | ---- | C] () -- C:\Users\stephane\Desktop\SmitfraudFix.exe
[2010/10/10 11:22:57 | 000,000,845 | ---- | C] () -- C:\Users\stephane\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/10 11:07:38 | 000,364,032 | ---- | C] () -- C:\Users\stephane\Desktop\rkill.scr
[2010/10/09 23:28:07 | 001,019,392 | ---- | C] () -- C:\Users\stephane\AppData\Local\95291.exe
[2010/09/30 19:12:18 | 000,017,125 | ---- | C] () -- C:\Users\stephane\Documents\tirage dos.jpg
[2010/09/30 18:42:35 | 000,309,518 | ---- | C] () -- C:\Users\stephane\Documents\Numériser0001.jpg
[2010/01/06 20:24:55 | 000,000,093 | ---- | C] () -- C:\Users\stephane\AppData\Local\aavhc.bat
[2009/12/28 17:44:30 | 000,000,747 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/18 12:01:44 | 000,000,091 | ---- | C] () -- C:\Users\stephane\AppData\Local\fcumd.bat
[2009/11/02 00:07:57 | 000,000,091 | ---- | C] () -- C:\Users\stephane\AppData\Local\bwsobplh.bat
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009/03/23 12:17:47 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/03/10 21:35:29 | 000,000,552 | ---- | C] () -- C:\Users\stephane\AppData\Local\d3d8caps.dat
[2009/03/06 21:46:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/02/04 22:22:46 | 000,000,231 | ---- | C] () -- C:\Windows\pwcsu.INI
[2009/01/12 19:06:25 | 000,000,094 | ---- | C] () -- C:\Users\stephane\AppData\Local\asuga.bat
[2008/11/06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 18:34:00 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/10/08 20:41:21 | 000,001,330 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/10/03 16:51:23 | 000,000,030 | ---- | C] () -- C:\Windows\System32\drivers\service.ini
[2008/10/01 17:59:28 | 000,001,546 | ---- | C] () -- C:\Users\stephane\AppData\Roaming\wklnhst.dat
[2008/09/15 20:50:59 | 000,001,356 | ---- | C] () -- C:\Users\stephane\AppData\Local\d3d9caps.dat
[2008/08/29 14:43:51 | 000,000,026 | ---- | C] () -- C:\Windows\System32\satsukidecodersettings.ini
[2008/08/26 12:01:30 | 000,000,102 | ---- | C] () -- C:\Windows\Kit.ini
[2008/08/24 14:26:36 | 000,017,948 | ---- | C] () -- C:\Users\stephane\AppData\Roaming\UserTile.png
[2008/08/24 13:05:28 | 000,119,808 | ---- | C] () -- C:\Users\stephane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/19 14:15:58 | 000,098,380 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/06/19 14:15:57 | 000,098,380 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2007/09/17 05:21:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/06/03 14:31:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006/12/10 23:32:16 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/09/18 16:12:02 | 000,000,000 | ---D | M] -- C:\Users\stephane\AppData\Roaming\Azureus
[2009/03/23 12:21:21 | 000,000,000 | ---D | M] -- C:\Users\stephane\AppData\Roaming\DAEMON Tools
[2009/03/23 12:22:14 | 000,000,000 | ---D | M] -- C:\Users\stephane\AppData\Roaming\DAEMON Tools Lite
[2009/03/23 12:21:21 | 000,000,000 | ---D | M] -- C:\Users\stephane\AppData\Roaming\DAEMON Tools Pro
[2010/10/10 10:49:46 | 000,000,000 | ---D | M] -- C:\Users\stephane\AppData\Roaming\EoRezo
[2008/08/31 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\stephane\AppData\Roaming\Packard Bell
[2008/08/24 14:26:36 | 000,000,000 | ---D | M] -- C:\Users\stephane\AppData\Roaming\PeerNetworking
[2008/10/01 17:59:30 | 000,000,000 | ---D | M] -- C:\Users\stephane\AppData\Roaming\Template
[2010/04/15 20:03:18 | 000,000,000 | ---D | M] -- C:\Users\stephane\AppData\Roaming\Windows Live Writer
[2010/10/10 11:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\Extension de garantie-stephane.job
[2010/10/10 11:00:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\Recovery DVD Creator-stephane.job
[2010/10/10 00:47:34 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/10 14:17:11 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{32E6C9B1-842B-4F49-8702-563A9EDC1638}.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

<MD5>
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

<MD5>
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

<MD5>
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/03/21 12:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/03/21 12:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

<MD5>
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

<MD5>
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

<MD5>
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

<MD5>
[2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

<systemroot>

<systemroot>

<systemroot>
<End>
hurorei
 
Messages: 5
Inscription: 10 Oct 2010, 12:24

Messagede nickW » 11 Oct 2010, 00:02

Bonsoir,

Qui t'a demandé de faire un "Examen complet" avec MBAM?

Qui t'a demandé de "Supprimer la sélection" avec MBAM?

Qui t'a demandé d'utiliser SmitfraudFix?


Étape 1: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Tous les programmes---->Accessoires---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-436771057-208794786-2296091765-1000\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL File not found
IE - HKU\S-1-5-21-436771057-208794786-2296091765-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-436771057-208794786-2296091765-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-436771057-208794786-2296091765-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O33 - MountPoints2\{0ffff4c6-1794-11de-b193-001e6867c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{0ffff4c6-1794-11de-b193-001e6867c2d1}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{4db614a2-d330-11dd-ab0b-001e6867c2d1}\Shell\AutoRun\command - "" = F:\start.exe -- File not found
O33 - MountPoints2\{4db614a2-d330-11dd-ab0b-001e6867c2d1}\Shell\FramaKey\command - "" = F:\start.exe -- File not found
O33 - MountPoints2\{8c7fc39b-89da-11de-b926-001e6867c2d1}\Shell\AutoRun\command - "" = G:\winlog.exe -- File not found
O33 - MountPoints2\{8c7fc39b-89da-11de-b926-001e6867c2d1}\Shell\open\command - "" = G:\winlog.exe -- File not found
O33 - MountPoints2\{a35d409d-016a-11de-b681-001e6867c2d1}\Shell - "" = AutoRun
O33 - MountPoints2\{a35d409d-016a-11de-b681-001e6867c2d1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

:Files
C:\Program Files\EoRezo

:Commands
[resethosts]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: hurorei.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Redémarrage

Faire redémarrer le PC en Mode sans échec avec prise en charge réseau en utilisant la méthode F8 (F5 sur certains PCs). Impératif: ne pas utiliser la méthode "msconfig"!
Voir http://assiste.com.free.fr/p/comment/co ... echec.html


Étape 3: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3

Enregistrer le fichier sur le Bureau.


Étape 4: rkill (de Grinler), exécution
Faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Si aucun des cinq outils téléchargés ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 5: Pas de processus de contrôle en temps réel
S'il est actif, désactiver le module résident de l'antivirus.
Image Microsoft Security Essentials: ouvrir MSE, dans l'onglet "Paramètres" décocher la case située devant "Activer la protection en temps réel (recommandé)"


Étape 6: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 7: OTL (de OldTimer), correction

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 8: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 9: Résultats
Envoyer en réponse:
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier SystemDrive\)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Users\<tonprofil>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-**-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]


Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 33 invités