Facebook et les "Méchants"

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Re: Facebook et les "Méchants"

Messagede laurentfib » 03 Mar 2011, 22:46

RAPPORT OTL (Part 2)


========== Files - Modified Within 90 Days ==========

[2011/03/03 21:06:12 | 000,000,680 | ---- | M] () -- C:\Users\tonton\AppData\Local\d3d9caps.dat
[2011/03/03 21:06:10 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/03 20:56:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/03 20:41:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/03 20:41:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/03 20:41:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/03 20:41:13 | 3216,236,544 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/14 17:15:38 | 000,679,486 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/02/14 17:15:38 | 000,596,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/14 17:15:38 | 000,126,812 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/02/14 17:15:38 | 000,104,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/12 21:09:08 | 000,309,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/06 16:48:02 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\tonton\Desktop\OTL.exe
[2011/02/06 16:42:02 | 000,000,733 | ---- | M] () -- C:\Users\tonton\Desktop\NTREGOPT.lnk
[2011/02/06 16:42:02 | 000,000,714 | ---- | M] () -- C:\Users\tonton\Desktop\ERUNT.lnk
[2011/02/06 16:32:28 | 000,000,943 | ---- | M] () -- C:\Users\tonton\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/01/25 12:54:35 | 000,001,664 | ---- | M] () -- C:\Users\tonton\Desktop\iTunes.lnk
[2011/01/20 17:08:16 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/01/20 17:08:06 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/01/20 17:08:06 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/01/20 17:08:06 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/01/20 17:08:06 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/01/20 17:07:58 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/01/20 17:06:38 | 002,873,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/01/20 17:06:35 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/01/20 17:04:54 | 000,209,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/01/20 17:04:54 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/01/20 15:28:38 | 001,554,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/01/20 15:27:50 | 000,876,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/01/20 15:26:30 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/01/20 15:25:25 | 000,847,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/01/20 15:24:32 | 000,288,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/01/20 15:24:26 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/01/20 15:15:10 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/01/20 15:14:39 | 000,357,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/01/20 15:14:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/01/20 15:14:03 | 000,261,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/01/20 15:12:46 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/01/20 15:11:34 | 000,486,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/01/20 14:47:51 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/01/20 14:44:05 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/01/20 14:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/01/08 09:47:50 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/01/08 07:28:49 | 000,292,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/01/02 17:50:56 | 000,001,878 | ---- | M] () -- C:\Users\tonton\Desktop\Skype.lnk
[2010/12/31 14:57:01 | 002,039,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/28 16:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/18 07:23:39 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/18 07:23:11 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/18 07:23:11 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/12/18 07:22:41 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/12/18 07:22:33 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/18 07:22:27 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/12/18 07:22:11 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/12/18 07:22:11 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/12/18 07:22:11 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/12/18 07:22:11 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/12/18 07:22:10 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/18 07:22:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/18 06:25:26 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/18 05:48:39 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/12/18 05:48:23 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/12/18 05:47:42 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/12/18 05:47:11 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/15 21:06:19 | 000,000,765 | ---- | M] () -- C:\Users\tonton\Desktop\EPSON Scan.lnk
[2010/12/15 19:51:31 | 000,000,025 | ---- | M] () -- C:\Windows\CDE SX200DEFGIPS.ini
[2010/12/14 15:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

========== Files Created - No Company Name ==========

[2011/03/03 21:06:12 | 000,000,680 | ---- | C] () -- C:\Users\tonton\AppData\Local\d3d9caps.dat
[2011/02/27 03:02:00 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/27 03:02:00 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/27 03:02:00 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/06 16:42:02 | 000,000,733 | ---- | C] () -- C:\Users\tonton\Desktop\NTREGOPT.lnk
[2011/02/06 16:42:02 | 000,000,714 | ---- | C] () -- C:\Users\tonton\Desktop\ERUNT.lnk
[2011/02/06 16:32:28 | 000,000,943 | ---- | C] () -- C:\Users\tonton\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/06 16:31:20 | 000,000,000 | ---- | C] () -- C:\Users\tonton\AppData\Local\QSwitch.txt
[2011/02/06 16:31:20 | 000,000,000 | ---- | C] () -- C:\Users\tonton\AppData\Local\DSwitch.txt
[2011/02/06 16:31:20 | 000,000,000 | ---- | C] () -- C:\Users\tonton\AppData\Local\AtStart.txt
[2011/02/06 16:30:54 | 000,000,949 | ---- | C] () -- C:\Users\tonton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/06 16:30:52 | 000,000,944 | ---- | C] () -- C:\Users\tonton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/02/06 16:30:38 | 000,000,915 | ---- | C] () -- C:\Users\tonton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/02/06 16:12:14 | 000,001,928 | ---- | C] () -- C:\Users\tonton\Application Data\Microsoft\Internet Explorer\Quick Launch\HP MediaSmart.lnk
[2011/02/06 16:12:14 | 000,000,258 | ---- | C] () -- C:\Users\tonton\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/06 16:12:14 | 000,000,240 | ---- | C] () -- C:\Users\tonton\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/01/25 12:54:35 | 000,001,664 | ---- | C] () -- C:\Users\tonton\Desktop\iTunes.lnk
[2011/01/02 15:07:10 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 5.lnk
[2011/01/01 21:18:33 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2010/12/15 21:06:19 | 000,000,765 | ---- | C] () -- C:\Users\tonton\Desktop\EPSON Scan.lnk
[2010/12/15 19:53:16 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/12/15 19:53:14 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/12/15 19:53:14 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/12/15 19:53:14 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/12/15 19:53:14 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/12/15 19:53:14 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/12/15 19:53:14 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/12/15 19:53:14 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/12/15 19:53:14 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2010/12/15 19:53:14 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/12/15 19:53:14 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2010/12/15 19:53:14 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2010/12/15 19:53:14 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2010/12/15 19:53:14 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2010/12/15 19:53:14 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010/12/15 19:53:14 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2010/12/15 19:53:14 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2010/12/15 19:53:14 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2010/12/15 19:53:14 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2010/12/15 19:53:14 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2010/12/15 19:53:14 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/12/15 19:53:14 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2010/12/15 19:53:14 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2010/12/15 19:53:14 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/12/15 19:53:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/12/15 19:53:14 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/12/15 19:53:14 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/12/15 19:53:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/12/15 19:53:14 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/12/15 19:53:14 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/12/15 19:53:14 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/12/15 19:53:14 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/12/15 19:51:31 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX200DEFGIPS.ini
[2010/11/15 21:16:50 | 000,070,144 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/02/21 17:10:20 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/28 01:11:21 | 000,000,362 | ---- | C] () -- C:\Program Files\ffdsvsetts.reg
[2009/08/23 00:57:23 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/19 18:44:15 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/19 18:44:15 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/05/18 21:17:49 | 000,027,926 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/02/05 07:24:11 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/02/05 07:24:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/02/05 07:23:28 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/02/05 07:22:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/02/05 07:21:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/02/05 06:40:52 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/01/23 05:13:43 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/23 05:09:04 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/23 05:07:27 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/23 05:06:22 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/12/31 13:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/07/16 11:32:04 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\Feedreader
[2009/05/21 20:43:56 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\FloodLightGames
[2010/09/19 16:17:04 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\FreeVideoConverter
[2009/08/07 14:39:06 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\funkitron
[2009/07/01 13:58:50 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\Gaijin Ent
[2009/07/10 12:51:41 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\muvee Technologies
[2009/05/22 10:59:32 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\PlayFirst
[2011/03/03 21:05:42 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\SoftGrid Client
[2011/01/02 15:12:03 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\TeamViewer
[2009/05/25 17:57:53 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\Template
[2010/12/14 19:10:29 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\TP
[2009/05/18 21:52:01 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\WildTangent
[2009/12/10 23:14:40 | 000,000,000 | ---D | M] -- C:\Users\Odélia\AppData\Roaming\Windows Live Writer
[2011/02/06 16:30:34 | 000,000,000 | ---D | M] -- C:\Users\tonton\AppData\Roaming\TeamViewer
[2011/03/03 20:40:14 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/01/23 12:16:34 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/01/23 12:16:34 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009/01/23 12:16:34 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/01/23 12:16:34 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\System32\ctfmon.exe
[2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2007/05/17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/12/31 13:37:46 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/11 07:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:55F44B88

< End of report >
laurentfib
 
Messages: 27
Inscription: 31 Jan 2011, 18:37
Localisation: Paris

Re: Facebook et les "Méchants"

Messagede laurentfib » 03 Mar 2011, 22:49

RAPPORT EXTRA


OTL Extras logfile created on: 03/03/2011 21:23:29 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\tonton\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,30 Gb Total Space | 72,53 Gb Free Space | 32,63% Space Free | Partition Type: NTFS
Drive D: | 10,59 Gb Total Space | 1,79 Gb Free Space | 16,88% Space Free | Partition Type: NTFS
Drive F: | 1,90 Gb Total Space | 1,29 Gb Free Space | 68,21% Space Free | Partition Type: FAT

Computer Name: PC-DE-ODÉLIA | User Name: tonton | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005087AB-3EB1-4E05-A6C1-53FCBC69AEC9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A6BA761-8C5E-481F-9ADD-4F917DF398A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1B14CC90-9836-46B0-935F-8C70EE0352E4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{2511F847-D699-4214-8BD5-BE01511D5645}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{28F03127-52CA-4347-B6CE-C35D41935FE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{30DE14D1-AD14-4216-9BB1-725323DCBAB8}" = lport=137 | protocol=17 | dir=in | app=system |
"{3C796BB1-9B43-4C1A-AA81-8CC93404D898}" = lport=139 | protocol=6 | dir=in | app=system |
"{40CB36FE-0939-439F-98AF-89E054706449}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4A887799-1601-46BA-842D-BD8AAABC4915}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5B21C62E-DF22-4F64-A2F9-393EF3234D7B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EEA27E3-2527-4DCA-807D-B5DAD7BF2CB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6D2DE834-6033-4846-97E8-6611FF8BA414}" = lport=445 | protocol=6 | dir=in | app=system |
"{6FF93737-64DE-4E5B-9000-2DA1C0AD0D5A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{85FA79A5-1BD1-4120-961C-D2B072265264}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8758F128-DAEF-4086-9319-63F74C1DA9F5}" = lport=138 | protocol=17 | dir=in | app=system |
"{87907949-CFA0-48A6-BE65-379733A4D4C7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8CD9430C-25CC-4081-87CD-AEF7E7D46241}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A1427FFF-05D3-4711-B815-91E844E95E66}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3791A01-2247-4426-BDCB-0195F468C06C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AF5B0A85-A865-41B5-BC4B-215CD20CBB58}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B080B0E6-DA88-4D12-B4CE-D9BBE416CA35}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B08B794C-FD7D-4F9A-B3B0-CB54EC0EC8BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{B2473AF4-2F47-4531-8BF9-DE61EF778D1F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B604B59F-AA07-42B8-99F6-5F6F246C8A8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C10595FD-A2E5-43A8-B0A8-7F919C975FAE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF564A55-BCE6-4073-9C60-8F023D59C3A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{CFFD796A-70B7-4832-9BA4-4EDCB35DD8DB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB5DFBC4-16B5-40C0-A890-AA8E491B1157}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB8A2301-60E5-438A-848C-26D5DAEB1548}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDD21496-C0D9-46CE-AF48-26B71CFF609F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E0E1BB05-9400-4196-9138-AAA5C0F17659}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E4A5BE3D-20F9-45AC-A71C-F8875AB06905}" = rport=139 | protocol=6 | dir=out | app=system |
"{F8E1E6C6-68D0-4E79-A599-94DDC674A525}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FDBA0C-7030-4548-BD44-2B958EBA6BFF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0E9BD569-F1DA-4AE2-AF27-04F3427CE15A}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{1C88FA37-20DC-4D65-B181-43CE410D466D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1D3B7F9C-407A-4D09-8EA3-D65D53E4D6CC}" = protocol=6 | dir=out | app=system |
"{2D2814B7-8956-4D3C-AE54-ABD0D447F955}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2EEF8A6B-A127-494F-AE0A-D6C318C82777}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{41ACECD0-4F45-4D11-8FA0-77179D02E9AF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{41CAC7BB-0EB7-4D31-9C40-3FD4043E1104}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43A59EE4-1C77-426A-89A7-5B77BA9E181C}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{43C41CBA-FED6-46C5-9E16-54002CA84551}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{469B3B68-9D35-4DDD-BD09-2F2DFDD1D971}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{46A59A52-971E-4CF1-93FB-D20C515E5560}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{48DE0D81-3DBA-49C1-B357-2DA98CC2802F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{53CE5A12-19C9-4E54-B457-3E7A3DD0DC59}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{5BA30346-0526-492E-BB99-56DC88201C87}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5F2D26A3-9EB8-4FD9-88FE-F94710478CBC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{615DEC8A-B45F-4D5C-85ED-B3D75AF114D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6321DA37-5CEB-4998-BDAD-A6BBD567A262}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{6B8BA019-AABD-4CC5-ABCB-705DBC940D76}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{6E89829F-FA51-4123-BB3C-62405A7E293D}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |
"{7703123D-E0A9-4565-8085-272E485B6DDE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78F41FB2-D520-4283-93E3-F3E4A3DC7254}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{82B86E68-EB7C-431F-BC23-33D82512D06D}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{8846D554-88A1-4CE9-8EF3-96EB2C080186}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{88BC18A2-E9AE-4AEB-BCBA-C10195585DE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8BAE07E7-FDD9-4EB2-BF3C-55D85336D427}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{91A9FD20-7988-49CA-B745-37DD42566894}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{96AEEB91-3626-4746-A753-23B00E70A10E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{96E3413A-1D70-4B72-BF5E-9964A0700C5A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5583C1A-785B-4D86-AFF7-C2541737BA89}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A866AC28-726D-4070-8237-E79F677B7D3A}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{AEC8D49E-981D-4DE4-954F-6C1C300FC043}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2775894-DEEE-4FDE-94B2-A4A02E00CF1B}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{B380BBCD-B149-4DF4-9402-704F8A22E8D2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B67D6DAD-7964-4FD4-B9F7-8EAAD462A6C7}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{B76F3F24-48A8-4223-9164-86D094017340}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BD25DB5E-3609-4D10-A844-12E96A3F8E33}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BDBF038C-A37F-4393-814C-CCCABDD31DD6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C583D3A6-0409-4559-A360-4FC6BD7030DB}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe |
"{CD19280A-5251-478E-A8A2-A546DFC47442}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{CF02178E-4FB5-4248-BCF8-0EF502A84372}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{D3A05983-13AC-4968-99D8-DAC5A28379A6}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{DF9B45CD-593E-4185-BB5F-2EEF5EC8DAE3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer_service.exe |
"{E47F8FC2-B187-4A9B-90B4-0FB7919F7F96}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{E564507A-2051-4A91-83B6-15B0BC8AE7DE}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{EFE5288A-E2E3-480E-BE81-1434994605AA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F9CB24F5-718D-44B4-9F55-998B4A39DAF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB6FACD9-56B8-4C4F-93A3-BE5B6F20BE1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1783B5FD-F0C9-422F-BE53-ECF1E4C628C6}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{1A089119-5CD1-4B41-B9B8-98BDC7CC2ECD}C:\programdata\ab97dc6\weab97.exe" = protocol=6 | dir=in | app=c:\programdata\ab97dc6\weab97.exe |
"TCP Query User{6197E075-03F4-4467-976D-FBC86F4164CB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7527E385-E5D7-4583-8293-F1F18F0E7E91}C:\program files\hewlett-packard\media\tv\hptv.exe" = protocol=6 | dir=in | app=c:\program files\hewlett-packard\media\tv\hptv.exe |
"TCP Query User{7697C328-7574-44D7-AECB-58F93B4B4AE8}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{7A3BA016-99E6-4A49-A895-5690FDC3CC6A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{8AE7E30C-D043-434F-BE5C-705F7BB357E1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B1D7CE79-BD8A-4C6A-98B6-489EBBF3379C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{B8F3E6D8-8E91-4BF5-A28E-956AAA22B99E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0C6145D5-6610-4D9A-AA01-2A0CB502DC16}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{3AAAD7C2-7541-4BE7-93D1-E258D78E4175}C:\programdata\ab97dc6\weab97.exe" = protocol=17 | dir=in | app=c:\programdata\ab97dc6\weab97.exe |
"UDP Query User{50F02DAA-A1C2-4A43-BAFC-D02AE379D359}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{726CAF35-5476-48B7-854F-740DDD09AC88}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DA943D4D-08FA-42B4-BD32-80644BBAC2CC}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{DEBDF9B5-E025-4355-A3CB-D5E3A1DFF32E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{E8DD0207-730D-434E-B1B9-FDBF0C88D006}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{EE049150-DB34-4A44-93A8-E388CB32A8A8}C:\program files\hewlett-packard\media\tv\hptv.exe" = protocol=17 | dir=in | app=c:\program files\hewlett-packard\media\tv\hptv.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Assistant de connexion Windows Live ID
"{0C7F8FBE-435C-34D2-6813-2A632AAC0C92}" = Catalyst Control Center Localization Greek
"{0E1F58B6-39BF-23FC-B4E5-3A2B4A0FADEB}" = CCC Help Turkish
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0EEF3E07-3971-5080-2A3F-910691DA1135}" = Catalyst Control Center Graphics Previews Vista
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{114C14EE-652A-5EF6-59B8-3E5B33D6A4DF}" = Catalyst Control Center Graphics Full New
"{116C3B09-ADE0-1B8B-2F9F-C8B09A89F9AA}" = CCC Help Thai
"{12C11B2C-00F3-AF06-94D4-1AAF70616507}" = Catalyst Control Center Graphics Light
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{1EC09CDB-0674-B3D6-FCB1-7B3CE2BFF3E8}" = Catalyst Control Center Localization Danish
"{1EE04769-91C4-4A06-92B7-FCAFE6BABDD9}" = Galerie de photos Windows Live
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230B83A5-7D88-4B95-B71E-F44C0C78B002}" = Windows Live Movie Maker
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{255C206B-4776-1D14-9EDD-2F9458847739}" = ccc-core-static
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34CFF761-7AD1-7C1A-4513-79B3E2F54290}" = CCC Help Greek
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{36E90C09-EB23-4EAC-8B47-12C0CA5DBD3A}" = HP User Guides 0126
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3A6F3C3C-A83C-34D5-F80A-4FDA2FBBFE2F}" = Catalyst Control Center Localization Chinese Standard
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DFA31F1-4747-60E4-6CA9-0060CFB99E30}" = CCC Help Spanish
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4198AAE5-A938-B0A0-9AD2-95C2F23ED677}" = Catalyst Control Center Localization Italian
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{46345EA6-1608-2E99-B47F-D83725A5C4D9}" = CCC Help Hungarian
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ACB9C1-6109-088B-931F-B7A5CE735504}" = CCC Help Italian
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{51B8CA01-3E68-9993-E6F3-7F8982A0F600}" = CCC Help Finnish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{650A275F-75B8-B71E-4C9D-04E952A63E5F}" = Catalyst Control Center Graphics Previews Common
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6756A967-2904-DE46-3265-4BB80B934904}" = Catalyst Control Center Localization Chinese Traditional
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{735DAC68-3FF4-2895-83A2-DBF135AB9F44}" = CCC Help German
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DAD42E6-BBE7-C12B-C78D-8AC8C87F4055}" = Catalyst Control Center Localization German
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001C-040C-0000-0000000FF1CE}" = Microsoft Office Access Runtime (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-040C-0000-0000000FF1CE}" = Microsoft Office « Démarrer en un clic » 2010
"{90140011-0061-040C-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Français
"{90EF242A-A2ED-FBBD-2F1F-A159DB0DDAC3}" = CCC Help Chinese Traditional
"{9111040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9198CC8F-8B08-6F7B-BF7D-A6594526B5DF}" = Catalyst Control Center Localization Hungarian
"{93DD8BC9-ADD5-D20B-22B5-1526E45CB6C8}" = CCC Help French
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{99AF6670-F557-F4D3-3069-AE62DA675A70}" = Catalyst Control Center Localization French
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B88930B-A7E7-03E5-1313-BED90FCCF72C}" = CCC Help Swedish
"{9D615069-AA8F-4E89-AE9D-77AAE90F529F}" = ProtectSmart Hard Drive Protection
"{9D6524E6-15CF-4852-BF70-04FE973A3DE1}" = Windows Live Toolbar
"{9F19486B-B187-5A51-189F-FCCEBBB70E2E}" = Catalyst Control Center Localization Dutch
"{A019B329-BFA8-3F59-6F80-6A3714104CE9}" = CCC Help English
"{A107F928-EED3-28FC-857F-ED33FEDBA02A}" = Catalyst Control Center Localization Korean
"{A15B2786-6F7E-0B96-A222-141202F9CECC}" = CCC Help Japanese
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5D5CC36-6A42-6FB6-882F-90C6262C8DCA}" = CCC Help Korean
"{A7AC8E69-01FF-494E-9A2C-423B82CEA604}" = HP MediaSmart SmartMenu
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9359BA2-B496-8E14-EDA9-923DBE8913CB}" = Catalyst Control Center Localization Thai
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B1493D8A-C782-4ED3-A34D-8A9B8D9925BF}" = MediaCUB
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B3D11644-94AB-17E7-D9CF-52EF943D9F52}" = Catalyst Control Center Localization Spanish
"{B4B199E3-4D33-4F08-688A-9BCE5920AAF6}" = Catalyst Control Center Localization Japanese
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDDB0932-2C7F-ABB3-ED54-6F045EEF14F7}" = Catalyst Control Center Localization Swedish
"{C2E52B6F-E4F1-B9D6-D671-D7E2FC60C7C0}" = CCC Help Chinese Standard
"{C3BB5992-04BD-5A27-A8A5-5D976DF8E743}" = ATI Catalyst Install Manager
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C58AED82-0DD9-DF4B-1CE7-F7EE9B1BBB83}" = CCC Help Danish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C61D8EF2-D9BF-B36F-4887-ADE39C924F3F}" = Catalyst Control Center Localization Polish
"{C7D02E19-07F2-8EE5-7C18-1617A656AF74}" = Catalyst Control Center Localization Turkish
"{C91CC841-7B39-9454-4A16-91C7FF300EC8}" = CCC Help Portuguese
"{CAAAB039-95E4-6F1C-36CC-2E6005E2540D}" = ccc-utility
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE60D4C0-86A7-52C8-7C8A-AFD2E99A1790}" = Catalyst Control Center Graphics Full Existing
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D6EA6018-0F5B-E4CC-C930-990412BED306}" = Catalyst Control Center Localization Czech
"{D80D6A7D-A6AA-019A-12D8-CA58F76FA313}" = Skins
"{DB7DE91F-AC23-7A23-B1A7-6FD3A05534E2}" = CCC Help Czech
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DFC21203-E063-A351-8027-F5D43162539D}" = CCC Help Norwegian
"{E0FE7850-04F8-D01A-971F-C7B00F8D003A}" = Catalyst Control Center Localization Russian
"{E18407AE-614D-5B0B-9C38-5A1853E8AB5D}" = Catalyst Control Center Core Implementation
"{E1B2BA63-4023-B582-0D88-ABB528E281D9}" = Catalyst Control Center InstallProxy
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E651B083-2904-8342-5C27-39800B39E03B}" = CCC Help Polish
"{E6695454-03CD-146E-4A10-75FCB5AFE3FB}" = Catalyst Control Center Localization Finnish
"{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}" = muvee Reveal
"{E9D045D8-E31E-E3D6-004D-9AD4EE6C2747}" = CCC Help Russian
"{E9EEB277-B66C-9A72-9CF0-90AC7BFC2095}" = Catalyst Control Center Localization Norwegian
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F98DF01D-F1C3-3878-FCE6-F749729A8949}" = CCC Help Dutch
"{FDBA2850-0054-7733-527B-A6286D639345}" = Catalyst Control Center Localization Portuguese
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Package de pilotes Windows - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFG-Agatha Christie - Death on the Nile" = Agatha Christie - Death on the Nile
"BFGC" = Big Fish Games Client
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner (remove only)
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200 Series" = Désinstaller l'imprimante EPSON Stylus SX200 Series
"ERUNT_is1" = ERUNT 1.1j
"FeedReader_is1" = FeedReader
"Free Video Converter_is1" = Free Video Converter V 2.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"JDownloader" = JDownloader
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Office14.Click2Run" = Microsoft Office « Démarrer en un clic » 2010
"PokerStars.fr" = PokerStars.fr
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"VLC media player" = VLC media player 1.0.5
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/02/2011 16:43:07 | Computer Name = PC-de-Odélia | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6505

Error - 27/02/2011 16:43:07 | Computer Name = PC-de-Odélia | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6505

Error - 27/02/2011 18:01:51 | Computer Name = PC-de-Odélia | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27/02/2011 18:01:51 | Computer Name = PC-de-Odélia | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4730871

Error - 27/02/2011 18:01:51 | Computer Name = PC-de-Odélia | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4730871

Error - 27/02/2011 18:01:52 | Computer Name = PC-de-Odélia | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27/02/2011 18:01:52 | Computer Name = PC-de-Odélia | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4732353

Error - 27/02/2011 18:01:52 | Computer Name = PC-de-Odélia | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4732353

Error - 27/02/2011 18:01:53 | Computer Name = PC-de-Odélia | Source = Avira AntiVir | ID = 4118
Description = ERREUR D'EXCEPTION lors de l'accès à la fonction <Scan> pour le fichier
C:\Program
Files\HP Games\Cake Mania\common\local_assets\img\wire2_content_bg.jpg. [ACCESS_VIOLATION
Exception!! EIP = 0x1b72288] Veuillez informer Avira et transmettre le fichier
ci-dessus!

Error - 27/02/2011 18:11:14 | Computer Name = PC-de-Odélia | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ OSession Events ]
Error - 22/12/2010 18:51:36 | Computer Name = PC-de-Odélia | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 94
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 18/02/2011 03:59:43 | Computer Name = PC-de-Odélia | Source = Service Control Manager | ID = 7000
Description =

Error - 19/02/2011 14:23:08 | Computer Name = PC-de-Odélia | Source = Service Control Manager | ID = 7000
Description =

Error - 20/02/2011 19:12:30 | Computer Name = PC-de-Odélia | Source = disk | ID = 262155
Description = Le pilote a détecté une erreur du contrôleur sur \Device\Harddisk1\DR1.

Error - 22/02/2011 16:14:01 | Computer Name = PC-de-Odélia | Source = DCOM | ID = 10010
Description =

Error - 26/02/2011 16:59:46 | Computer Name = PC-de-Odélia | Source = Service Control Manager | ID = 7011
Description =

Error - 28/02/2011 10:18:44 | Computer Name = PC-de-Odélia | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 15:15:02 le 28/02/2011 n'était pas prévu.

Error - 28/02/2011 10:19:04 | Computer Name = PC-de-Odélia | Source = Dhcp | ID = 1002
Description = Le bail de l'adresse IP 192.168.0.11 pour la carte réseau dont l'adresse
réseau est 002100AD1592 a été refusé par le serveur DHCP 192.168.0.254 (celui-ci
a envoyé un message DHCPNACK).

Error - 28/02/2011 10:19:51 | Computer Name = PC-de-Odélia | Source = Service Control Manager | ID = 7000
Description =

Error - 28/02/2011 10:21:57 | Computer Name = PC-de-Odélia | Source = Service Control Manager | ID = 7009
Description =

Error - 03/03/2011 15:42:56 | Computer Name = PC-de-Odélia | Source = Service Control Manager | ID = 7000
Description =


< End of report >
laurentfib
 
Messages: 27
Inscription: 31 Jan 2011, 18:37
Localisation: Paris

Re: Facebook et les "Méchants"

Messagede laurentfib » 03 Mar 2011, 22:53

J'ai failli oublier un autre petit détail :

J'ai effectué la manip à distance via TeamViewer.

Merci
laurentfib
 
Messages: 27
Inscription: 31 Jan 2011, 18:37
Localisation: Paris

Re: Facebook et les "Méchants"

Messagede laurentfib » 15 Mar 2011, 23:07

Bonjour les helpers,

Pas de solution pour mon problème ?

En attendant...
Bonne soirée
laurentfib
 
Messages: 27
Inscription: 31 Jan 2011, 18:37
Localisation: Paris

Re: Facebook et les "Méchants"

Messagede nickW » 16 Mar 2011, 00:28

Bonsoir,

Liste du contenu d'un dossier:


Étape 1: SystemLook (de jpshortstuff)
Télécharger SystemLook depuis l'un des deux liens ci-dessous:
http://jpshortstuff.247fixes.com/SystemLook.exe
http://images.malwareremoval.com/jpshor ... emLook.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: SystemLook (de jpshortstuff)
Faire un clic droit sur SystemLook.exe situé sur le Bureau, puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'exécution de l'outil.

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C
Code: Tout sélectionner
:comment
:dir
C:\programdata\ab97dc6 /s /md5



Dans la petite fenêtre de SystemLook, faire un clic droit dans la zone blanche et choisir Coller.
Note: les lignes sélectionnées précédemment doivent avoir été recopiées dans la zone blanche de SystemLook - y compris le caractère "deux points" en début de première ligne.

Cliquer sur le bouton Look pour lancer la recherche.

Lorsque l'outil a terminé cette recherche, il y a ouverture d'une fenêtre du Bloc-notes.
Fermer le Bloc-notes.
Fermer SystemLook en cliquant sur le bouton Exit.


Étape 3: Résultat
Envoyer en réponse:
*- le rapport de SystemLook (contenu du fichier SystemLook.txt situé sur le Bureau)

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Facebook et les "Méchants"

Messagede laurentfib » 18 Mar 2011, 15:32

Bonjour NickW,

Pas de bol, le fichier n'est plus là.
L'affreux a du voir qu'il allait être repéré ! Il doit lire le forum ! :-)

J'attends tes conseils avisés.

Merci d'avance.

RAPPORT SYSTEMLOOK

SystemLook 04.09.10 by jpshortstuff
Log created at 15:15 on 18/03/2011 by tonton
Administrator - Elevation successful

========== dir ==========

C:\programdata\ab97dc6 - Unable to find folder.

-= EOF =-
laurentfib
 
Messages: 27
Inscription: 31 Jan 2011, 18:37
Localisation: Paris

Re: Facebook et les "Méchants"

Messagede nickW » 18 Mar 2011, 23:27

Bonsoir,

L'affreux a du voir qu'il allait être repéré ! Il doit lire le forum ! :-)

Attention de ne pas tomber dans la paranoïa aiguë!
Il s'agit d'une ligne enregistrée dans les paramètres du pare-feu, mais cela peut être très ancien et ne plus être utilisé aujourd'hui.


Il devrait être possible d'utiliser le programme TCPView afin de visualiser les connexions du PC:

http://www.microsoft.com/france/technet ... pView.mspx
En anglais: http://technet.microsoft.com/en-us/sysi ... s/bb897437

Un tutoriel, en français: Tcpview, Surveiller Sa Connexion
http://forums.cnetfrance.fr/topic/90-tc ... connexion/

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Précédente

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 5 invités

cron