[OK] Rapport de log suite problème

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Rapport de log suite problème

Messagede mo_chinasky » 25 Fév 2011, 05:27

Bonjour à toutes et tous,
cela fait longtemps que je n'ai pas demandé de l'aide (dernière fois c'était encore avec Hijack This), mais mon PC me semble infecté.
Depuis aujourd'hui, 01h du matin environ, date du dernier démarrage, sous mon utilisateur Net, un logiciel type antispyware se lance au démarrage (system tool), bloquant tous les programmes que j'ai essayé, me disant que mon ordinateur est infecté et bien sûr pour résoudre le problème, de payer.

J'ai suivi la démarche définie plus haut mais n'est pu le faire qu'avec mon utilisateur admin (Sudaka Morlet) et non l'autre (net) puisque tous les programmes sont bloqués avec ce dernier, et ne n'installe ni ne tente rien par moi-même bien entendu.
Comme toujours merci d'avance pour le temps passé ici à m'aider.

J'édite ce message, car je suis arrivé à lancer la procédure à partir de net (compte limité) en passant par le mode sans echec.
Je poste donc les log à la suite des précédent (ne sachant s'ils ont une utilité, je les laisse.

Nouvelle édition, puisque en voulant venir ici pour voir si j'avais un retour, par habitude, je suis passé par Net (compte limité) et là, System Tool ne s'est pas lancé.
J'ai refait un scan avec malware byte qui n'a rien trouvé aussi bien sur le compte admin que limité, en mode normal et sans échec (uniquement pour compte limité).

Malgré tout le fichier infecté trouvé par malwarebyte est toujours présent sur l'ordinateur: c:\programdata\ijfchca06504 (que je n'ai pas ouvert).
Devant désactiver spybot pour lancer malwarebyte, une ligne d'écriture stipulait que ijfchca06504 avait été supprimé du démarrage.

Je ne pense pas que le problème ne se soit réglé par enchantement (je ne pense pas avoir fait quoique ce soit pour en tout cas) et suit toujours dans l'attente de conseils.
mo_chinasky
 
Messages: 20
Inscription: 25 Fév 2011, 05:16

Re: Rapport de log suite problème

Messagede mo_chinasky » 25 Fév 2011, 05:30

Log de malware bytes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5873

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

25/02/2011 04:30:37
mbam-log-2011-02-25 (04-30-37).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 151295
Temps écoulé: 3 minute(s), 12 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
mo_chinasky
 
Messages: 20
Inscription: 25 Fév 2011, 05:16

Re: Rapport de log suite problème

Messagede mo_chinasky » 25 Fév 2011, 05:37

1er log de OTL (en 2 posts)

OTL logfile created on: 25/02/2011 04:41:36 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Sudaka Morlet\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,19 Gb Total Space | 63,93 Gb Free Space | 45,93% Space Free | Partition Type: NTFS
Drive D: | 9,86 Gb Total Space | 1,73 Gb Free Space | 17,52% Space Free | Partition Type: NTFS

Computer Name: PCPORTABLE | User Name: Sudaka Morlet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/25 04:25:18 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Sudaka Morlet\Desktop\OTL.exe
PRC - [2010/09/23 04:47:16 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2010/08/10 21:18:58 | 000,222,544 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
PRC - [2010/08/10 21:18:56 | 000,333,136 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
PRC - [2009/12/10 18:50:34 | 000,259,312 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2009/12/10 18:50:34 | 000,128,240 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2009/11/25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/07/29 13:49:14 | 000,283,888 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
PRC - [2009/06/15 11:32:26 | 000,760,664 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/01 10:45:52 | 000,875,000 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
PRC - [2009/04/01 10:45:52 | 000,207,352 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/20 09:39:12 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe
PRC - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe
PRC - [2008/12/23 16:18:20 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/01/21 03:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (SafeList) ==========

MOD - [2011/02/25 04:25:18 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Sudaka Morlet\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/05/04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009/09/25 03:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009/04/11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/04/11 07:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008/01/21 03:34:51 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/21 03:34:44 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008/01/21 03:33:21 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/20 14:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/08/10 21:18:58 | 000,222,544 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/10 18:50:34 | 000,259,312 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2009/12/10 18:50:34 | 000,128,240 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/29 13:49:14 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2009/06/15 11:32:26 | 000,760,664 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2009/04/01 10:45:52 | 000,875,000 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/04/01 10:45:52 | 000,207,352 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV)
SRV - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/23 16:18:20 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/12/18 21:54:42 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 12:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 12:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/15 12:55:09 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/04/01 10:45:50 | 000,205,304 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2009/04/01 10:45:50 | 000,073,720 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/02/27 05:43:10 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/02/27 05:43:10 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/02/27 05:43:10 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/01/20 09:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/29 16:31:32 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/12/23 12:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/19 23:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/04 23:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/10/28 09:29:36 | 002,476,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/09/22 06:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.ask.com?o=15161&l=dis
IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "http://fr.ask.com?o=15161&l=dis"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.8


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/12 02:04:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 18:18:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/22 12:07:43 | 000,000,000 | ---D | M]

[2009/10/10 17:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sudaka Morlet\AppData\Roaming\mozilla\Extensions
[2009/10/10 17:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sudaka Morlet\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2011/01/09 21:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sudaka Morlet\AppData\Roaming\mozilla\Firefox\Profiles\xfdu344l.default\extensions
[2010/04/09 11:56:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sudaka Morlet\AppData\Roaming\mozilla\Firefox\Profiles\xfdu344l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/10 18:11:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sudaka Morlet\AppData\Roaming\mozilla\Firefox\Profiles\xfdu344l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/10 17:54:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Sudaka Morlet\AppData\Roaming\mozilla\Firefox\Profiles\xfdu344l.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/09/02 13:52:02 | 000,002,257 | ---- | M] () -- C:\Users\Sudaka Morlet\AppData\Roaming\Mozilla\Firefox\Profiles\xfdu344l.default\searchplugins\askcom.xml
[2010/12/18 21:55:33 | 000,002,059 | ---- | M] () -- C:\Users\Sudaka Morlet\AppData\Roaming\Mozilla\Firefox\Profiles\xfdu344l.default\searchplugins\daemon-search.xml
[2010/12/29 12:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/30 18:18:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/10 18:51:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010/07/23 03:11:07 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/07/23 03:11:07 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009/07/25 04:23:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/07/23 03:11:07 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/11/06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009/11/09 19:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/04/16 18:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/04/16 18:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/04/16 18:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/04/16 18:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/04/16 18:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/04/16 18:00:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/11/09 19:00:00 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/07/23 01:44:11 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/23 01:44:11 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/23 01:44:11 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/07/23 01:44:11 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/07/23 01:44:11 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/23 01:44:11 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/02/18 11:57:39 | 000,430,015 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14804 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CAPPActiveProtection] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2168351569-2062086647-247387013-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-2168351569-2062086647-247387013-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Sudaka Morlet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 0.0.0.0
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
mo_chinasky
 
Messages: 20
Inscription: 25 Fév 2011, 05:16

Re: Rapport de log suite problème

Messagede mo_chinasky » 25 Fév 2011, 05:38

========== Files/Folders - Created Within 30 Days ==========

[2011/02/25 04:24:58 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Sudaka Morlet\Desktop\OTL.exe
[2011/02/25 04:21:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/25 04:03:45 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Roaming\WinRAR
[2011/02/25 04:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/25 04:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/25 04:02:22 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Roaming\Malwarebytes
[2011/02/25 04:02:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/25 04:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/25 04:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/25 04:02:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/25 04:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/25 01:14:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/25 01:12:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/02/25 01:12:06 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/02/25 01:12:06 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/02/25 01:12:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/02/25 01:12:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/02/25 01:12:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/02/25 01:12:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/02/25 01:12:02 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/02/25 01:12:02 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/02/25 01:12:02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/02/25 01:12:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/02/25 01:11:53 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/02/25 01:11:53 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/02/25 01:11:53 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/02/25 01:11:53 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/02/25 01:11:52 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/02/24 14:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\iJfChCa06504
[2011/02/19 13:21:56 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2011/02/19 13:21:56 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2011/02/19 13:21:56 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2011/02/19 13:21:56 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2011/02/19 13:21:56 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2011/02/19 13:21:56 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2011/02/19 13:21:56 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2011/02/19 13:21:56 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2011/02/19 13:21:56 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2011/02/19 13:21:56 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2011/02/19 13:21:55 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2011/02/19 13:21:55 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2011/02/19 13:20:10 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Roaming\Reviversoft
[2011/02/19 13:19:59 | 000,011,264 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011/02/19 13:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © v2011.build.44 (Jan 21, 2011)
[2011/02/19 13:19:19 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Local\OpenCandy
[2011/02/19 13:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2011/02/19 01:13:15 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Roaming\FreeVideoConverter
[2011/02/13 16:44:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/13 11:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/02/13 11:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/02/10 10:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2011/02/10 10:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2011/02/09 15:30:42 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 15:30:13 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 15:30:11 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 15:29:19 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/02/09 15:29:18 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/09 15:29:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/09 15:29:15 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/09 15:29:14 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/09 15:29:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/09 15:29:12 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 15:29:11 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/09 15:29:11 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/09 15:29:10 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/09 15:29:09 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/09 15:29:09 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/09 15:29:07 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/09 15:29:06 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/09 15:29:06 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/09 15:29:05 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/09 15:29:03 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/09 15:29:03 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/09 15:29:02 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/09 15:29:00 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/09 15:28:59 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/09 15:28:59 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/09 15:28:49 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/09 15:28:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/09 15:28:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/09 15:28:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/09 15:28:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 15:28:26 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 15:28:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 15:28:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 15:28:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 15:28:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/09 15:28:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/09 15:28:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 15:28:25 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/09 15:28:25 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/09 15:28:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/09 15:28:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/09 15:28:25 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 15:28:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 15:28:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/09 15:28:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 15:28:15 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 15:28:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/07 20:03:15 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Roaming\vlc
[2011/02/07 20:01:16 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Local\adslTV
[2011/01/27 04:58:51 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/01/27 04:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009/10/30 13:19:06 | 000,037,376 | ---- | C] () -- C:\Users\Sudaka Morlet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/10 18:55:40 | 002,669,286 | -H-- | C] () -- C:\Users\Sudaka Morlet\AppData\Local\IconCache.db
[2009/10/10 17:35:51 | 000,000,000 | ---- | C] () -- C:\Users\Sudaka Morlet\AppData\Local\QSwitch.txt
[2009/10/10 17:35:51 | 000,000,000 | ---- | C] () -- C:\Users\Sudaka Morlet\AppData\Local\DSwitch.txt
[2009/10/10 17:35:51 | 000,000,000 | ---- | C] () -- C:\Users\Sudaka Morlet\AppData\Local\AtStart.txt
[2009/10/10 17:35:46 | 000,024,100 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/10/10 17:33:45 | 000,076,904 | ---- | C] () -- C:\Users\Sudaka Morlet\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/20 02:28:23 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/07/20 02:27:57 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/07/20 02:27:48 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/07/20 02:27:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/07/20 02:25:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/07/20 02:24:36 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/02/26 22:38:29 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/02/26 22:34:24 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/02/26 22:33:02 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/02/26 22:32:03 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2006/11/02 13:48:00 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini

========== Files - Modified Within 30 Days ==========

[2011/02/25 04:42:11 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/25 04:35:13 | 006,553,600 | -HS- | M] () -- C:\Users\Sudaka Morlet\ntuser.dat
[2011/02/25 04:25:18 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Sudaka Morlet\Desktop\OTL.exe
[2011/02/25 04:20:30 | 000,076,904 | ---- | M] () -- C:\Users\Sudaka Morlet\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/02/25 04:20:05 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/25 04:20:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 04:20:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 04:19:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/02/25 04:19:37 | 000,306,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/25 04:19:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/25 04:19:13 | 2075,062,272 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/25 04:18:38 | 000,000,272 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2011/02/25 04:18:38 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2011/02/25 04:18:38 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2011/02/25 04:18:38 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2011/02/25 04:18:38 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2011/02/25 04:18:38 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2011/02/25 04:18:38 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2011/02/25 04:18:38 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2011/02/25 04:18:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/02/25 04:18:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/02/25 04:18:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/02/25 04:18:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/02/25 04:18:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/02/25 04:18:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/02/25 04:18:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/02/25 04:18:38 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/02/25 04:18:08 | 000,524,288 | -HS- | M] () -- C:\Users\Sudaka Morlet\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2011/02/25 04:18:08 | 000,065,536 | -HS- | M] () -- C:\Users\Sudaka Morlet\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2011/02/25 04:18:05 | 002,669,286 | -H-- | M] () -- C:\Users\Sudaka Morlet\AppData\Local\IconCache.db
[2011/02/25 04:02:58 | 000,000,873 | ---- | M] () -- C:\Users\Sudaka Morlet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/25 04:02:56 | 000,000,693 | ---- | M] () -- C:\Users\Sudaka Morlet\Desktop\NTREGOPT.lnk
[2011/02/25 04:02:56 | 000,000,674 | ---- | M] () -- C:\Users\Sudaka Morlet\Desktop\ERUNT.lnk
[2011/02/25 04:02:16 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/25 03:18:34 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AC1D44AE-EBBF-456B-B0A4-3687C1765680}.job
[2011/02/21 19:35:19 | 000,524,288 | -HS- | M] () -- C:\Users\Sudaka Morlet\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2011/02/19 13:19:21 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2011/02/19 00:53:06 | 209,615,292 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/02/18 11:57:39 | 000,430,015 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/13 11:48:49 | 000,000,772 | ---- | M] () -- C:\Users\Sudaka Morlet\Desktop\SpywareBlaster.lnk
[2011/02/10 15:12:47 | 001,495,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011/02/10 15:12:47 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/02/10 15:12:47 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/10 15:12:47 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/02/10 15:12:47 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/10 10:38:03 | 000,001,688 | ---- | M] () -- C:\Users\Sudaka Morlet\Desktop\PeerBlock.lnk
[2011/02/09 20:29:08 | 000,429,885 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110218-115739.backup
[2011/01/27 04:22:52 | 000,429,224 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110209-202908.backup

========== Files Created - No Company Name ==========

[2011/02/25 04:02:58 | 000,000,873 | ---- | C] () -- C:\Users\Sudaka Morlet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/25 04:02:56 | 000,000,693 | ---- | C] () -- C:\Users\Sudaka Morlet\Desktop\NTREGOPT.lnk
[2011/02/25 04:02:56 | 000,000,674 | ---- | C] () -- C:\Users\Sudaka Morlet\Desktop\ERUNT.lnk
[2011/02/25 04:02:16 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/25 01:11:56 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/25 01:11:56 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/25 01:11:56 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/19 13:21:56 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2011/02/19 13:21:56 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2011/02/19 13:21:56 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2011/02/19 13:21:56 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2011/02/19 13:21:55 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2011/02/19 13:21:55 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2011/02/19 13:21:55 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2011/02/19 13:21:55 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2011/02/19 13:19:21 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2011/02/13 16:44:05 | 209,615,292 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/02/13 11:48:49 | 000,000,772 | ---- | C] () -- C:\Users\Sudaka Morlet\Desktop\SpywareBlaster.lnk
[2011/02/10 10:38:03 | 000,001,688 | ---- | C] () -- C:\Users\Sudaka Morlet\Desktop\PeerBlock.lnk
[2010/12/18 21:54:41 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/04/09 12:31:29 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/23 09:44:12 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/11/29 17:45:52 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/29 17:45:52 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/11/29 17:45:49 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/29 17:45:49 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/29 17:45:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/11/29 17:45:45 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/29 17:45:45 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/11/19 15:16:52 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/11/02 08:05:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2009/11/02 08:03:21 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2009/11/02 08:00:53 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/10/25 00:28:48 | 000,001,348 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2009/10/11 15:15:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/11 15:15:21 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2008/10/28 09:35:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2008/09/22 06:49:24 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/01/21 03:34:22 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2006/11/02 11:33:01 | 001,495,948 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006/11/02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 11:23:31 | 000,000,326 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll

========== LOP Check ==========

[2010/09/01 17:56:01 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\BSplayer
[2011/02/23 20:08:19 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\cacaoweb
[2011/01/06 01:42:56 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\Canon
[2010/12/18 22:14:42 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\DAEMON Tools Lite
[2010/04/11 12:47:37 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\Digiarty
[2010/03/23 09:40:29 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\foobar2000
[2010/03/23 09:45:13 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\FreeAudioPack
[2011/02/19 13:02:38 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\FreeVideoConverter
[2011/02/21 19:30:55 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\gtk-2.0
[2010/01/07 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\muvee Technologies
[2010/01/18 18:58:08 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\NewSoft
[2010/03/31 08:41:00 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\RayV
[2011/01/06 01:44:13 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\ScanSoft
[2010/02/08 17:20:14 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\Sierra
[2010/04/09 11:45:32 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\Template
[2011/02/24 04:57:18 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\uTorrent
[2009/10/11 14:23:04 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\WildTangent
[2009/11/22 22:24:10 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\BSplayer
[2009/11/19 16:02:37 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\BSplayer Pro
[2009/11/02 08:17:33 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\Canon
[2010/12/18 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\DAEMON Tools Lite
[2010/03/29 13:30:17 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\FileZilla
[2010/03/23 09:44:19 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\FreeAudioPack
[2010/04/03 19:55:12 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\freeTVRadio
[2011/02/19 01:13:15 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\FreeVideoConverter
[2010/04/09 11:36:35 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\NewSoft
[2010/04/09 11:34:07 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\OfferBox
[2010/03/31 08:40:26 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\RayV
[2011/02/19 13:20:10 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\Reviversoft
[2009/11/02 08:00:31 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\ScanSoft
[2010/05/20 17:28:45 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\uTorrent
[2010/08/10 21:04:14 | 000,000,520 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2010/09/04 10:32:39 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2011/02/25 04:18:16 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/25 03:18:34 | 000,000,444 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AC1D44AE-EBBF-456B-B0A4-3687C1765680}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/02/27 05:43:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/02/27 05:43:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009/02/27 05:43:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/02/27 05:43:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

< MD5 for: [2006/11/02 10:46:03 | 000,011,776 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: [2006/11/02 10:49:36 | 000,019,048 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: [2006/11/02 10:49:52 | 000,053,864 | ---- | M] (MICROSOFT CORPORATION) >
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA CORPORATION) >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

< MD5 for: [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (INTEL CORPORATION) >
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: [2008/01/21 03:32:21 | 000,021,560 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

< MD5 for: [2008/01/21 03:32:22 | 000,056,376 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

< MD5 for: [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA CORPORATION) >
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (INTEL CORPORATION) >
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

< MD5 for: [2008/01/21 03:33:41 | 000,592,384 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: [2008/01/21 03:34:39 | 000,177,152 | ---- | M] (MICROSOFT CORPORATION) >
[2008/01/21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< MD5 for: [2009/02/27 05:43:10 | 000,021,560 | ---- | M] (MICROSOFT CORPORATION) >
[2009/02/27 05:43:10 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/02/27 05:43:10 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/02/27 05:43:10 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
[2009/02/27 05:43:10 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys

< MD5 for: [2009/04/11 07:28:23 | 000,592,896 | ---- | M] (MICROSOFT CORPORATION) >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

< MD5 for: [2009/04/11 07:28:24 | 000,177,152 | ---- | M] (MICROSOFT CORPORATION) >
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (MICROSOFT CORPORATION) >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
mo_chinasky
 
Messages: 20
Inscription: 25 Fév 2011, 05:16

Re: Rapport de log suite problème

Messagede mo_chinasky » 25 Fév 2011, 05:40

2nd log OTL dit extra

OTL Extras logfile created on: 25/02/2011 04:41:36 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Sudaka Morlet\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,19 Gb Total Space | 63,93 Gb Free Space | 45,93% Space Free | Partition Type: NTFS
Drive D: | 9,86 Gb Total Space | 1,73 Gb Free Space | 17,52% Space Free | Partition Type: NTFS

Computer Name: PCPORTABLE | User Name: Sudaka Morlet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4C501618-75F4-4F6D-BF00-CFFF2C9ACEE7}" = rport=137 | protocol=17 | dir=out | app=system |
"{77DD0673-8D28-4359-BFBB-00BE3EF04F3D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7A35BDFA-0B9F-4D7D-9B28-D97F4239FA51}" = rport=139 | protocol=6 | dir=out | app=system |
"{8DB59063-76A5-4A76-BE6B-C4B4689E2E92}" = rport=138 | protocol=17 | dir=out | app=system |
"{B10C0CB8-B924-4FD6-8E36-477A216D84A8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B27FB52B-5EFF-406A-9596-B17F9B24251A}" = lport=137 | protocol=17 | dir=in | app=system |
"{BE70DCC5-394E-441C-95F2-F24F0F485506}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC4DD1B5-0657-40C1-A539-01CD5BD7D067}" = rport=445 | protocol=6 | dir=out | app=system |
"{F937D3DF-D2CE-48C0-A49D-4905B89AAF91}" = lport=138 | protocol=17 | dir=in | app=system |
"{FC4B7CA5-34E9-4800-B3FE-9872943A541E}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1361B570-0488-4F20-98A3-3C7E58B56A29}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{14388062-6FCE-439D-B646-73A83CB70F99}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{20695094-E46D-41CA-8861-56529C3F0142}" = protocol=17 | dir=in | app=c:\program files\adsltv\adsltv.exe |
"{2A98C3B4-F564-4805-BFC2-5566BD990110}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2CA81D39-8C33-4300-B08D-C75DA64A790B}" = protocol=6 | dir=in | app=c:\program files\adsltv\vlc\vlc.exe |
"{3E0760FE-BB67-4C15-AFC7-6746876F9B81}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{45BEA5AA-A020-408A-A8D3-0705BD12811F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46E475AF-73A3-4CF8-B542-4D9378735412}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{55A2E146-1342-4918-BBDC-4485916C8A41}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5A70E945-2D06-4F2C-91CC-32337BBB2D2E}" = protocol=6 | dir=in | app=c:\program files\adsltv\adsltv.exe |
"{7B7C689C-E47E-4966-B5CF-B1A865C4F413}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC8C67A9-9061-42AE-897A-10AF7F2EB372}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C888B58A-823F-4428-92E4-3DD5CDD325D3}" = protocol=17 | dir=in | app=c:\program files\adsltv\vlc\vlc.exe |
"{DB921A0E-71FD-48FA-8008-E402C292C665}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EBAE8D87-637F-406A-8EFE-DF0CA12FA6D6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F782657A-D96F-42EE-821D-1D1DD549D2B4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"TCP Query User{3F2F1819-760B-4A99-9F25-4C338154FDE1}C:\program files\k-lite codec pack\media player classic\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files\k-lite codec pack\media player classic\mpc-hc.exe |
"TCP Query User{4D77C92E-95E0-4A0C-99F5-CB7E74742D46}C:\users\net\downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe" = protocol=6 | dir=in | app=c:\users\net\downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe |
"TCP Query User{5C048A75-D7CB-4C7F-9DD3-DAE06566218B}C:\program files\le robert\le petit robert 2008\prnet.exe" = protocol=6 | dir=in | app=c:\program files\le robert\le petit robert 2008\prnet.exe |
"TCP Query User{65F8406F-5DA7-4FB0-B8E7-2EDCFB8EBB74}C:\program files\freetvradio\freetvradio.exe" = protocol=6 | dir=in | app=c:\program files\freetvradio\freetvradio.exe |
"TCP Query User{8A3D52FB-C005-4D27-92BE-E4342BFEB3C3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{94CCD869-17A6-43B4-A27B-A7CD97D5DB35}C:\program files\webteh\bsplayer\bsplayer.exe" = protocol=6 | dir=in | app=c:\program files\webteh\bsplayer\bsplayer.exe |
"TCP Query User{9FA80DBF-D470-437B-92FE-D96639E59BA4}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{BA28C1FD-3DAA-438E-9675-29F7E7DC6F28}C:\users\net\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=6 | dir=in | app=c:\users\net\appdata\roaming\cacaoweb\cacaoweb.exe |
"TCP Query User{FFCFC852-CDEF-458B-9D3A-4D75DF3F95D5}C:\program files\le robert\le petit robert 2008\robertha.exe" = protocol=6 | dir=in | app=c:\program files\le robert\le petit robert 2008\robertha.exe |
"UDP Query User{32854BBB-2C0D-4EE6-9B53-E64813E71AEA}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{39C52B36-7461-49BE-B3E5-DC20E00A7BCC}C:\users\net\downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe" = protocol=17 | dir=in | app=c:\users\net\downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe |
"UDP Query User{42141EEB-491E-4918-A92A-E518EBA9FF56}C:\program files\webteh\bsplayer\bsplayer.exe" = protocol=17 | dir=in | app=c:\program files\webteh\bsplayer\bsplayer.exe |
"UDP Query User{700DD3B1-B722-4A19-8CEF-4066534F7087}C:\users\net\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=17 | dir=in | app=c:\users\net\appdata\roaming\cacaoweb\cacaoweb.exe |
"UDP Query User{74B4F26E-EA07-403D-92BF-286A00B1EC55}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7AD752A7-B8F2-417F-BBE8-AFBB996E5B69}C:\program files\freetvradio\freetvradio.exe" = protocol=17 | dir=in | app=c:\program files\freetvradio\freetvradio.exe |
"UDP Query User{8389210C-D64C-4853-822D-41912F953862}C:\program files\k-lite codec pack\media player classic\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files\k-lite codec pack\media player classic\mpc-hc.exe |
"UDP Query User{CE0A72BD-07E3-42C4-8F05-43533427A836}C:\program files\le robert\le petit robert 2008\robertha.exe" = protocol=17 | dir=in | app=c:\program files\le robert\le petit robert 2008\robertha.exe |
"UDP Query User{ED7D9490-C38E-43B2-A302-5A88654938C8}C:\program files\le robert\le petit robert 2008\prnet.exe" = protocol=17 | dir=in | app=c:\program files\le robert\le petit robert 2008\prnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9111040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}" = CA Anti-Spyware
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.44
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}" = Code de la Route Pratic
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"BSPlayerf" = BS.Player FREE
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"cciss_pp" = CA Anti-Spyware
"CCleaner" = CCleaner
"DivX Setup.divx.com" = Configuration DivX
"ERUNT_is1" = ERUNT 1.1j
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PR1CD" = Le Petit Robert 2008
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = Logiciel d'archivage WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TimeAdjuster" = Time Adjuster STANDARD 3.1

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 25/04/2010 13:08:00 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 03/08/2010 10:26:08 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\SoftwareDistribution\Download\c1f7d948706bd20041b721202bafaf94\BITA285.tmp
failed, 00000026.

Error - 18/12/2010 08:59:10 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Net\AppData\Local\Temp\dW6e85AU.iso.part failed, 00000084.

Error - 18/12/2010 08:59:10 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Net\Desktop\Rainbow Six 3 - RavenShield CD2.iso.part failed, 00000084.


Error - 18/12/2010 08:59:32 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www1118.megaupload.com/files/783 ... %20CD2.iso
failed, 00000084.

Error - 18/12/2010 09:04:04 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Net\Desktop\Rainbow Six 3 - RavenShield CD2.iso.part failed, 00000084.



========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4C501618-75F4-4F6D-BF00-CFFF2C9ACEE7}" = rport=137 | protocol=17 | dir=out | app=system |
"{77DD0673-8D28-4359-BFBB-00BE3EF04F3D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7A35BDFA-0B9F-4D7D-9B28-D97F4239FA51}" = rport=139 | protocol=6 | dir=out | app=system |
"{8DB59063-76A5-4A76-BE6B-C4B4689E2E92}" = rport=138 | protocol=17 | dir=out | app=system |
"{B10C0CB8-B924-4FD6-8E36-477A216D84A8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B27FB52B-5EFF-406A-9596-B17F9B24251A}" = lport=137 | protocol=17 | dir=in | app=system |
"{BE70DCC5-394E-441C-95F2-F24F0F485506}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC4DD1B5-0657-40C1-A539-01CD5BD7D067}" = rport=445 | protocol=6 | dir=out | app=system |
"{F937D3DF-D2CE-48C0-A49D-4905B89AAF91}" = lport=138 | protocol=17 | dir=in | app=system |
"{FC4B7CA5-34E9-4800-B3FE-9872943A541E}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1361B570-0488-4F20-98A3-3C7E58B56A29}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{14388062-6FCE-439D-B646-73A83CB70F99}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{20695094-E46D-41CA-8861-56529C3F0142}" = protocol=17 | dir=in | app=c:\program files\adsltv\adsltv.exe |
"{2A98C3B4-F564-4805-BFC2-5566BD990110}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2CA81D39-8C33-4300-B08D-C75DA64A790B}" = protocol=6 | dir=in | app=c:\program files\adsltv\vlc\vlc.exe |
"{3E0760FE-BB67-4C15-AFC7-6746876F9B81}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{45BEA5AA-A020-408A-A8D3-0705BD12811F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46E475AF-73A3-4CF8-B542-4D9378735412}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{55A2E146-1342-4918-BBDC-4485916C8A41}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5A70E945-2D06-4F2C-91CC-32337BBB2D2E}" = protocol=6 | dir=in | app=c:\program files\adsltv\adsltv.exe |
"{7B7C689C-E47E-4966-B5CF-B1A865C4F413}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC8C67A9-9061-42AE-897A-10AF7F2EB372}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C888B58A-823F-4428-92E4-3DD5CDD325D3}" = protocol=17 | dir=in | app=c:\program files\adsltv\vlc\vlc.exe |
"{DB921A0E-71FD-48FA-8008-E402C292C665}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EBAE8D87-637F-406A-8EFE-DF0CA12FA6D6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F782657A-D96F-42EE-821D-1D1DD549D2B4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"TCP Query User{3F2F1819-760B-4A99-9F25-4C338154FDE1}C:\program files\k-lite codec pack\media player classic\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files\k-lite codec pack\media player classic\mpc-hc.exe |
"TCP Query User{4D77C92E-95E0-4A0C-99F5-CB7E74742D46}C:\users\net\downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe" = protocol=6 | dir=in | app=c:\users\net\downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe |
"TCP Query User{5C048A75-D7CB-4C7F-9DD3-DAE06566218B}C:\program files\le robert\le petit robert 2008\prnet.exe" = protocol=6 | dir=in | app=c:\program files\le robert\le petit robert 2008\prnet.exe |
"TCP Query User{65F8406F-5DA7-4FB0-B8E7-2EDCFB8EBB74}C:\program files\freetvradio\freetvradio.exe" = protocol=6 | dir=in | app=c:\program files\freetvradio\freetvradio.exe |
"TCP Query User{8A3D52FB-C005-4D27-92BE-E4342BFEB3C3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{94CCD869-17A6-43B4-A27B-A7CD97D5DB35}C:\program files\webteh\bsplayer\bsplayer.exe" = protocol=6 | dir=in | app=c:\program files\webteh\bsplayer\bsplayer.exe |
"TCP Query User{9FA80DBF-D470-437B-92FE-D96639E59BA4}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{BA28C1FD-3DAA-438E-9675-29F7E7DC6F28}C:\users\net\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=6 | dir=in | app=c:\users\net\appdata\roaming\cacaoweb\cacaoweb.exe |
"TCP Query User{FFCFC852-CDEF-458B-9D3A-4D75DF3F95D5}C:\program files\le robert\le petit robert 2008\robertha.exe" = protocol=6 | dir=in | app=c:\program files\le robert\le petit robert 2008\robertha.exe |
"UDP Query User{32854BBB-2C0D-4EE6-9B53-E64813E71AEA}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{39C52B36-7461-49BE-B3E5-DC20E00A7BCC}C:\users\net\downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe" = protocol=17 | dir=in | app=c:\users\net\downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe |
"UDP Query User{42141EEB-491E-4918-A92A-E518EBA9FF56}C:\program files\webteh\bsplayer\bsplayer.exe" = protocol=17 | dir=in | app=c:\program files\webteh\bsplayer\bsplayer.exe |
"UDP Query User{700DD3B1-B722-4A19-8CEF-4066534F7087}C:\users\net\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=17 | dir=in | app=c:\users\net\appdata\roaming\cacaoweb\cacaoweb.exe |
"UDP Query User{74B4F26E-EA07-403D-92BF-286A00B1EC55}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7AD752A7-B8F2-417F-BBE8-AFBB996E5B69}C:\program files\freetvradio\freetvradio.exe" = protocol=17 | dir=in | app=c:\program files\freetvradio\freetvradio.exe |
"UDP Query User{8389210C-D64C-4853-822D-41912F953862}C:\program files\k-lite codec pack\media player classic\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files\k-lite codec pack\media player classic\mpc-hc.exe |
"UDP Query User{CE0A72BD-07E3-42C4-8F05-43533427A836}C:\program files\le robert\le petit robert 2008\robertha.exe" = protocol=17 | dir=in | app=c:\program files\le robert\le petit robert 2008\robertha.exe |
"UDP Query User{ED7D9490-C38E-43B2-A302-5A88654938C8}C:\program files\le robert\le petit robert 2008\prnet.exe" = protocol=17 | dir=in | app=c:\program files\le robert\le petit robert 2008\prnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9111040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}" = CA Anti-Spyware
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.44
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}" = Code de la Route Pratic
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"BSPlayerf" = BS.Player FREE
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"cciss_pp" = CA Anti-Spyware
"CCleaner" = CCleaner
"DivX Setup.divx.com" = Configuration DivX
"ERUNT_is1" = ERUNT 1.1j
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PR1CD" = Le Petit Robert 2008
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = Logiciel d'archivage WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TimeAdjuster" = Time Adjuster STANDARD 3.1

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 25/04/2010 13:08:00 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 03/08/2010 10:26:08 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\SoftwareDistribution\Download\c1f7d948706bd20041b721202bafaf94\BITA285.tmp
failed, 00000026.

Error - 18/12/2010 08:59:10 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Net\AppData\Local\Temp\dW6e85AU.iso.part failed, 00000084.

Error - 18/12/2010 08:59:10 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Net\Desktop\Rainbow Six 3 - RavenShield CD2.iso.part failed, 00000084.


Error - 18/12/2010 08:59:32 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www1118.megaupload.com/files/783 ... %20CD2.iso
failed, 00000084.

Error - 18/12/2010 09:04:04 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Net\Desktop\Rainbow Six 3 - RavenShield CD2.iso.part failed, 00000084.


[ Application Events ]
Error - 23/02/2011 05:30:58 | Computer Name = PCportable | Source = WinMgmt | ID = 10
Description =

Error - 23/02/2011 13:40:12 | Computer Name = PCportable | Source = Application Hang | ID = 1002
Description = Le programme gimp-2.6.exe version 0.0.0.0 a cessé d’interagir avec
Windows et a été fermé. Pour déterminer si des informations supplémentaires sont
disponibles, consultez l’historique du problème dans l’application Rapports et
solutions aux problèmes du Panneau de configuration. ID de processus : a68 Heure de
début : 01cbd380a5e6a570 Heure de fin : 15

Error - 23/02/2011 15:07:16 | Computer Name = PCportable | Source = WinMgmt | ID = 10
Description =

Error - 23/02/2011 22:39:22 | Computer Name = PCportable | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 23/02/2011 22:39:23 | Computer Name = PCportable | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 23/02/2011 22:39:23 | Computer Name = PCportable | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24/02/2011 07:20:13 | Computer Name = PCportable | Source = WinMgmt | ID = 10
Description =

Error - 24/02/2011 09:32:26 | Computer Name = PCportable | Source = VSS | ID = 8194
Description =

Error - 24/02/2011 10:14:01 | Computer Name = PCportable | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 24/02/2011 10:14:01 | Computer Name = PCportable | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 24/02/2011 07:20:14 | Computer Name = PCportable | Source = Service Control Manager | ID = 7000
Description =

Error - 24/02/2011 07:20:14 | Computer Name = PCportable | Source = Service Control Manager | ID = 7011
Description =

Error - 24/02/2011 09:49:11 | Computer Name = PCportable | Source = Server | ID = 2505
Description = Le serveur n'a pas pu se lier au transport \Device\NetbiosSmb car
un autre ordinateur du réseau porte le même nom. Le serveur n'a pas pu démarrer.

Error - 24/02/2011 20:04:56 | Computer Name = PCportable | Source = Service Control Manager | ID = 7000
Description =

Error - 24/02/2011 20:20:09 | Computer Name = PCportable | Source = Service Control Manager | ID = 7000
Description =

Error - 24/02/2011 20:22:03 | Computer Name = PCportable | Source = DCOM | ID = 10010
Description =

Error - 24/02/2011 20:22:10 | Computer Name = PCportable | Source = DCOM | ID = 10010
Description =

Error - 24/02/2011 20:22:47 | Computer Name = PCportable | Source = DCOM | ID = 10010
Description =

Error - 24/02/2011 22:36:07 | Computer Name = PCportable | Source = DCOM | ID = 10010
Description =

Error - 24/02/2011 23:20:02 | Computer Name = PCportable | Source = Service Control Manager | ID = 7000
Description =


< End of report >
mo_chinasky
 
Messages: 20
Inscription: 25 Fév 2011, 05:16

Re: Rapport de log suite problème

Messagede mo_chinasky » 25 Fév 2011, 15:35

LOG A PARTIR DE NET EN MODE SANS ECHEC

malware byte

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5873

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.19019

25/02/2011 15:05:47
mbam-log-2011-02-25 (15-05-30).txt

Scan type: Quick scan
Objects scanned: 124591
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\iJfChCa06504 (Trojan.FakeAlert) -> Value: iJfChCa06504 -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\ijfchca06504\ijfchca06504.exe (Trojan.FakeAlert) -> No action taken.
mo_chinasky
 
Messages: 20
Inscription: 25 Fév 2011, 05:16

Re: Rapport de log suite problème

Messagede mo_chinasky » 25 Fév 2011, 15:36

LOG OTL

OTL logfile created on: 25/02/2011 15:19:07 - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Net\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,19 Gb Total Space | 67,27 Gb Free Space | 48,33% Space Free | Partition Type: NTFS
Drive D: | 9,86 Gb Total Space | 1,73 Gb Free Space | 17,52% Space Free | Partition Type: NTFS

Computer Name: PCPORTABLE | User Name: Sudaka Morlet | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/25 04:25:18 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Net\Desktop\OTL.exe
PRC - [2010/09/23 04:47:16 | 000,349,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2010/09/01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/02/25 04:25:18 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Net\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/01/20 14:44:03 | 000,797,184 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/08/10 21:18:58 | 000,222,544 | ---- | M] (CA, Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/10 18:50:34 | 000,259,312 | ---- | M] (CA, Inc.) [On_Demand | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2009/12/10 18:50:34 | 000,128,240 | ---- | M] (Computer Associates International, Inc.) [Auto | Stopped] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2009/11/25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/07/29 13:49:14 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2009/06/15 11:32:26 | 000,760,664 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg)
SRV - [2009/04/01 10:45:52 | 000,875,000 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent)
SRV - [2009/04/01 10:45:52 | 000,207,352 | ---- | M] (CA) [Auto | Stopped] -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/20 09:38:46 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe -- (STacSV)
SRV - [2009/01/20 09:37:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe -- (AESTFilters)
SRV - [2008/12/23 16:18:20 | 000,365,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Stopped] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/12/18 21:54:42 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/11/25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/09/15 12:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/09/15 12:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/09/15 12:55:09 | 000,053,328 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2009/04/01 10:45:50 | 000,205,304 | ---- | M] (CA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2009/04/01 10:45:50 | 000,073,720 | ---- | M] (CA) [File_System | System | Stopped] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2009/02/27 05:43:10 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/02/27 05:43:10 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/02/27 05:43:10 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/01/20 09:39:16 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/12/29 16:31:32 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/12/23 12:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/12/19 23:01:46 | 001,093,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/12/04 23:55:14 | 000,204,976 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/10/28 09:29:36 | 002,476,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/09/22 06:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/01/21 03:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 03:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 03:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 03:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 03:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/21 03:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.ask.com?o=15161&l=dis
IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
IE - HKU\S-1-5-21-2168351569-2062086647-247387013-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://fr.ask.com?o=15161&l=dis"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 18:18:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/22 12:07:43 | 000,000,000 | ---D | M]

[2009/10/10 17:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sudaka Morlet\AppData\Roaming\mozilla\Extensions
[2011/02/25 10:21:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sudaka Morlet\AppData\Roaming\mozilla\Firefox\Profiles\xfdu344l.default\extensions
[2010/04/09 11:56:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sudaka Morlet\AppData\Roaming\mozilla\Firefox\Profiles\xfdu344l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/10 18:11:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sudaka Morlet\AppData\Roaming\mozilla\Firefox\Profiles\xfdu344l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/10 17:54:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Sudaka Morlet\AppData\Roaming\mozilla\Firefox\Profiles\xfdu344l.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/09/02 13:52:02 | 000,002,257 | ---- | M] () -- C:\Users\Sudaka Morlet\AppData\Roaming\Mozilla\Firefox\Profiles\xfdu344l.default\searchplugins\askcom.xml
[2010/12/18 21:55:33 | 000,002,059 | ---- | M] () -- C:\Users\Sudaka Morlet\AppData\Roaming\Mozilla\Firefox\Profiles\xfdu344l.default\searchplugins\daemon-search.xml
[2010/12/29 12:36:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 01:44:11 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/07/23 01:44:11 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/07/23 01:44:11 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/07/23 01:44:11 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/07/23 01:44:11 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/02/18 11:57:39 | 000,430,015 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14804 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2168351569-2062086647-247387013-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2168351569-2062086647-247387013-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-2168351569-2062086647-247387013-1001\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CAPPActiveProtection] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2168351569-2062086647-247387013-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-2168351569-2062086647-247387013-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2168351569-2062086647-247387013-1001..\Run: [cacaoweb] C:\Users\Net\AppData\Roaming\cacaoweb\cacaoweb.exe ()
O4 - HKU\S-1-5-21-2168351569-2062086647-247387013-1001..\Run: [RayV] File not found
O4 - HKU\S-1-5-21-2168351569-2062086647-247387013-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2168351569-2062086647-247387013-1001..\Run: [swg] File not found
O4 - HKU\S-1-5-21-2168351569-2062086647-247387013-1001..\Run: [uTorrent] C:\Users\Net\Downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-2168351569-2062086647-247387013-1001..\RunOnce: [iJfChCa06504] C:\ProgramData\iJfChCa06504\iJfChCa06504.exe (Mozilla Corporation)
O4 - Startup: C:\Users\Sudaka Morlet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2168351569-2062086647-247387013-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2168351569-2062086647-247387013-1001\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 0.0.0.0
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/25 04:24:58 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Users\Sudaka Morlet\Desktop\OTL.exe
[2011/02/25 04:21:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/25 04:03:45 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Roaming\WinRAR
[2011/02/25 04:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/02/25 04:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/02/25 04:02:22 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Roaming\Malwarebytes
[2011/02/25 04:02:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/25 04:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/25 04:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/25 04:02:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/25 04:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/25 01:14:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/25 01:12:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/02/25 01:12:06 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/02/25 01:12:06 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/02/25 01:12:06 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/02/25 01:12:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/02/25 01:12:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/02/25 01:12:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/02/25 01:12:02 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/02/25 01:12:02 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/02/25 01:12:02 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/02/25 01:12:01 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/02/25 01:11:53 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/02/25 01:11:53 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/02/25 01:11:53 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/02/25 01:11:53 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/02/25 01:11:52 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/02/24 14:25:13 | 000,000,000 | ---D | C] -- C:\ProgramData\iJfChCa06504
[2011/02/19 13:21:56 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2011/02/19 13:21:56 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2011/02/19 13:21:56 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2011/02/19 13:21:56 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2011/02/19 13:21:56 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2011/02/19 13:21:56 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2011/02/19 13:21:56 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2011/02/19 13:21:56 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2011/02/19 13:21:56 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2011/02/19 13:21:56 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2011/02/19 13:21:55 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2011/02/19 13:21:55 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2011/02/19 13:20:10 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Roaming\Reviversoft
[2011/02/19 13:19:59 | 000,011,264 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011/02/19 13:19:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © v2011.build.44 (Jan 21, 2011)
[2011/02/19 13:19:19 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Local\OpenCandy
[2011/02/19 13:14:26 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2011/02/19 01:13:15 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Roaming\FreeVideoConverter
[2011/02/13 16:44:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/02/13 11:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011/02/13 11:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/02/10 10:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2011/02/10 10:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2011/02/09 15:30:42 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/09 15:30:13 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/09 15:30:11 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/09 15:29:19 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011/02/09 15:29:18 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/02/09 15:29:18 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/02/09 15:29:15 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/02/09 15:29:14 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/02/09 15:29:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/02/09 15:29:12 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/02/09 15:29:11 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/02/09 15:29:11 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/02/09 15:29:10 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/02/09 15:29:09 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/02/09 15:29:09 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/02/09 15:29:07 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/02/09 15:29:06 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/02/09 15:29:06 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/02/09 15:29:05 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/09 15:29:03 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/02/09 15:29:03 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/02/09 15:29:02 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/09 15:29:00 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/02/09 15:28:59 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/02/09 15:28:59 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/02/09 15:28:49 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/02/09 15:28:49 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/09 15:28:48 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/09 15:28:27 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/02/09 15:28:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/09 15:28:26 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/09 15:28:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/09 15:28:26 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/09 15:28:26 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/09 15:28:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/02/09 15:28:26 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/02/09 15:28:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/09 15:28:25 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/02/09 15:28:25 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/09 15:28:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/02/09 15:28:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/02/09 15:28:25 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/09 15:28:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/09 15:28:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/09 15:28:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/09 15:28:15 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/09 15:28:14 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/07 20:03:15 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Roaming\vlc
[2011/02/07 20:01:16 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Local\adslTV
[2011/01/27 04:58:51 | 000,000,000 | ---D | C] -- C:\Users\Sudaka Morlet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2011/01/27 04:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker

========== Files - Modified Within 30 Days ==========

[2011/02/25 15:18:56 | 006,553,600 | -HS- | M] () -- C:\Users\Sudaka Morlet\ntuser.dat
[2011/02/25 15:18:29 | 000,037,376 | ---- | M] () -- C:\Users\Sudaka Morlet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/25 15:08:07 | 000,524,288 | -HS- | M] () -- C:\Users\Sudaka Morlet\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2011/02/25 15:08:07 | 000,065,536 | -HS- | M] () -- C:\Users\Sudaka Morlet\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2011/02/25 14:58:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/25 14:57:30 | 000,000,192 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2011/02/25 14:57:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2011/02/25 14:57:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2011/02/25 14:57:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2011/02/25 14:57:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2011/02/25 14:57:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2011/02/25 14:57:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2011/02/25 14:57:30 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2011/02/25 14:57:30 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2011/02/25 14:57:30 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2011/02/25 14:57:30 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2011/02/25 14:57:30 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2011/02/25 14:57:30 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2011/02/25 14:57:30 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2011/02/25 14:57:30 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2011/02/25 14:57:30 | 000,000,028 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2011/02/25 14:57:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 14:57:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/25 14:57:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011/02/25 14:42:10 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/25 14:41:23 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/25 11:23:07 | 002,694,650 | -H-- | M] () -- C:\Users\Sudaka Morlet\AppData\Local\IconCache.db
[2011/02/25 10:17:20 | 000,306,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/25 05:39:57 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AC1D44AE-EBBF-456B-B0A4-3687C1765680}.job
[2011/02/25 04:25:18 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Sudaka Morlet\Desktop\OTL.exe
[2011/02/25 04:20:30 | 000,076,904 | ---- | M] () -- C:\Users\Sudaka Morlet\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/02/25 04:02:58 | 000,000,873 | ---- | M] () -- C:\Users\Sudaka Morlet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/25 04:02:56 | 000,000,693 | ---- | M] () -- C:\Users\Sudaka Morlet\Desktop\NTREGOPT.lnk
[2011/02/25 04:02:56 | 000,000,674 | ---- | M] () -- C:\Users\Sudaka Morlet\Desktop\ERUNT.lnk
[2011/02/25 04:02:16 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/21 19:35:19 | 000,524,288 | -HS- | M] () -- C:\Users\Sudaka Morlet\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2011/02/19 13:19:21 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2011/02/18 11:57:39 | 000,430,015 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/13 11:48:49 | 000,000,772 | ---- | M] () -- C:\Users\Sudaka Morlet\Desktop\SpywareBlaster.lnk
[2011/02/10 15:12:47 | 001,495,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011/02/10 15:12:47 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/02/10 15:12:47 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/10 15:12:47 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/02/10 15:12:47 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/10 10:38:03 | 000,001,688 | ---- | M] () -- C:\Users\Sudaka Morlet\Desktop\PeerBlock.lnk
[2011/02/09 20:29:08 | 000,429,885 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110218-115739.backup
[2011/01/27 04:22:52 | 000,429,224 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110209-202908.backup

========== Files Created - No Company Name ==========

[2011/02/25 04:02:58 | 000,000,873 | ---- | C] () -- C:\Users\Sudaka Morlet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/02/25 04:02:56 | 000,000,693 | ---- | C] () -- C:\Users\Sudaka Morlet\Desktop\NTREGOPT.lnk
[2011/02/25 04:02:56 | 000,000,674 | ---- | C] () -- C:\Users\Sudaka Morlet\Desktop\ERUNT.lnk
[2011/02/25 04:02:16 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/25 01:11:56 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/25 01:11:56 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/25 01:11:56 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/19 13:21:56 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2011/02/19 13:21:56 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2011/02/19 13:21:56 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2011/02/19 13:21:56 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2011/02/19 13:21:55 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2011/02/19 13:21:55 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2011/02/19 13:21:55 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2011/02/19 13:21:55 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2011/02/19 13:19:21 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2011/02/13 11:48:49 | 000,000,772 | ---- | C] () -- C:\Users\Sudaka Morlet\Desktop\SpywareBlaster.lnk
[2011/02/10 10:38:03 | 000,001,688 | ---- | C] () -- C:\Users\Sudaka Morlet\Desktop\PeerBlock.lnk
[2010/04/09 12:31:29 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/23 09:44:12 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009/11/29 17:45:52 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/11/29 17:45:52 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/11/29 17:45:49 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/11/29 17:45:49 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/11/29 17:45:48 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/11/29 17:45:45 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/29 17:45:45 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/11/19 15:16:52 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009/11/02 08:05:13 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2009/11/02 08:03:21 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2009/11/02 08:00:53 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/10/30 13:19:06 | 000,037,376 | ---- | C] () -- C:\Users\Sudaka Morlet\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/25 00:28:48 | 000,001,348 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2009/10/11 15:15:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/11 15:15:21 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2009/10/10 18:55:40 | 002,694,650 | -H-- | C] () -- C:\Users\Sudaka Morlet\AppData\Local\IconCache.db
[2009/10/10 17:35:51 | 000,000,000 | ---- | C] () -- C:\Users\Sudaka Morlet\AppData\Local\QSwitch.txt
[2009/10/10 17:35:51 | 000,000,000 | ---- | C] () -- C:\Users\Sudaka Morlet\AppData\Local\DSwitch.txt
[2009/10/10 17:35:51 | 000,000,000 | ---- | C] () -- C:\Users\Sudaka Morlet\AppData\Local\AtStart.txt
[2009/10/10 17:35:46 | 000,008,757 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/10/10 17:33:45 | 000,076,904 | ---- | C] () -- C:\Users\Sudaka Morlet\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/20 02:28:23 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/07/20 02:27:57 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/07/20 02:27:48 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/07/20 02:27:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/07/20 02:25:10 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/07/20 02:24:36 | 000,000,286 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/02/26 22:38:29 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/02/26 22:34:24 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/02/26 22:33:02 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/02/26 22:32:03 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/10/28 09:35:26 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1591.dll
[2008/09/22 06:49:24 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/01/21 03:34:22 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2006/11/02 13:48:00 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 11:33:01 | 001,495,948 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006/11/02 11:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 11:23:31 | 000,000,326 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 11:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 08:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 08:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 08:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 08:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 08:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 08:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 08:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 08:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 08:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 08:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 08:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 08:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 08:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 08:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 07:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll

========== LOP Check ==========

[2010/09/01 17:56:01 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\BSplayer
[2011/02/23 20:08:19 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\cacaoweb
[2011/01/06 01:42:56 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\Canon
[2010/12/18 22:14:42 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\DAEMON Tools Lite
[2010/04/11 12:47:37 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\Digiarty
[2010/03/23 09:40:29 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\foobar2000
[2010/03/23 09:45:13 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\FreeAudioPack
[2011/02/19 13:02:38 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\FreeVideoConverter
[2011/02/21 19:30:55 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\gtk-2.0
[2010/01/07 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\muvee Technologies
[2010/01/18 18:58:08 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\NewSoft
[2010/03/31 08:41:00 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\RayV
[2011/01/06 01:44:13 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\ScanSoft
[2010/02/08 17:20:14 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\Sierra
[2010/04/09 11:45:32 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\Template
[2011/02/24 04:57:18 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\uTorrent
[2009/10/11 14:23:04 | 000,000,000 | ---D | M] -- C:\Users\Net\AppData\Roaming\WildTangent
[2009/11/22 22:24:10 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\BSplayer
[2009/11/19 16:02:37 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\BSplayer Pro
[2009/11/02 08:17:33 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\Canon
[2010/12/18 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\DAEMON Tools Lite
[2010/03/29 13:30:17 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\FileZilla
[2010/03/23 09:44:19 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\FreeAudioPack
[2010/04/03 19:55:12 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\freeTVRadio
[2011/02/19 01:13:15 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\FreeVideoConverter
[2010/04/09 11:36:35 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\NewSoft
[2010/04/09 11:34:07 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\OfferBox
[2010/03/31 08:40:26 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\RayV
[2011/02/19 13:20:10 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\Reviversoft
[2009/11/02 08:00:31 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\ScanSoft
[2010/05/20 17:28:45 | 000,000,000 | ---D | M] -- C:\Users\Sudaka Morlet\AppData\Roaming\uTorrent
[2010/08/10 21:04:14 | 000,000,520 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2010/09/04 10:32:39 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\Install_NSS.job
[2011/02/25 14:57:09 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/02/25 05:39:57 | 000,000,444 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{AC1D44AE-EBBF-456B-B0A4-3687C1765680}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/02/27 05:43:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/02/27 05:43:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009/02/27 05:43:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/02/27 05:43:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
mo_chinasky
 
Messages: 20
Inscription: 25 Fév 2011, 05:16

Re: Rapport de log suite problème

Messagede mo_chinasky » 25 Fév 2011, 15:37

LOG ODT dit extra

OTL Extras logfile created on: 25/02/2011 15:19:07 - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Net\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,19 Gb Total Space | 67,27 Gb Free Space | 48,33% Space Free | Partition Type: NTFS
Drive D: | 9,86 Gb Total Space | 1,73 Gb Free Space | 17,52% Space Free | Partition Type: NTFS

Computer Name: PCPORTABLE | User Name: Sudaka Morlet | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2168351569-2062086647-247387013-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4C501618-75F4-4F6D-BF00-CFFF2C9ACEE7}" = rport=137 | protocol=17 | dir=out | app=system |
"{77DD0673-8D28-4359-BFBB-00BE3EF04F3D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7A35BDFA-0B9F-4D7D-9B28-D97F4239FA51}" = rport=139 | protocol=6 | dir=out | app=system |
"{8DB59063-76A5-4A76-BE6B-C4B4689E2E92}" = rport=138 | protocol=17 | dir=out | app=system |
"{B10C0CB8-B924-4FD6-8E36-477A216D84A8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B27FB52B-5EFF-406A-9596-B17F9B24251A}" = lport=137 | protocol=17 | dir=in | app=system |
"{BE70DCC5-394E-441C-95F2-F24F0F485506}" = lport=445 | protocol=6 | dir=in | app=system |
"{EC4DD1B5-0657-40C1-A539-01CD5BD7D067}" = rport=445 | protocol=6 | dir=out | app=system |
"{F937D3DF-D2CE-48C0-A49D-4905B89AAF91}" = lport=138 | protocol=17 | dir=in | app=system |
"{FC4B7CA5-34E9-4800-B3FE-9872943A541E}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1361B570-0488-4F20-98A3-3C7E58B56A29}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{14388062-6FCE-439D-B646-73A83CB70F99}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{20695094-E46D-41CA-8861-56529C3F0142}" = protocol=17 | dir=in | app=c:\program files\adsltv\adsltv.exe |
"{2A98C3B4-F564-4805-BFC2-5566BD990110}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2CA81D39-8C33-4300-B08D-C75DA64A790B}" = protocol=6 | dir=in | app=c:\program files\adsltv\vlc\vlc.exe |
"{3E0760FE-BB67-4C15-AFC7-6746876F9B81}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{45BEA5AA-A020-408A-A8D3-0705BD12811F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{46E475AF-73A3-4CF8-B542-4D9378735412}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{55A2E146-1342-4918-BBDC-4485916C8A41}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5A70E945-2D06-4F2C-91CC-32337BBB2D2E}" = protocol=6 | dir=in | app=c:\program files\adsltv\adsltv.exe |
"{7B7C689C-E47E-4966-B5CF-B1A865C4F413}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC8C67A9-9061-42AE-897A-10AF7F2EB372}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C888B58A-823F-4428-92E4-3DD5CDD325D3}" = protocol=17 | dir=in | app=c:\program files\adsltv\vlc\vlc.exe |
"{DB921A0E-71FD-48FA-8008-E402C292C665}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{EBAE8D87-637F-406A-8EFE-DF0CA12FA6D6}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F782657A-D96F-42EE-821D-1D1DD549D2B4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"TCP Query User{3F2F1819-760B-4A99-9F25-4C338154FDE1}C:\program files\k-lite codec pack\media player classic\mpc-hc.exe" = protocol=6 | dir=in | app=c:\program files\k-lite codec pack\media player classic\mpc-hc.exe |
"TCP Query User{4D77C92E-95E0-4A0C-99F5-CB7E74742D46}C:\users\net\downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe" = protocol=6 | dir=in | app=c:\users\net\downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe |
"TCP Query User{5C048A75-D7CB-4C7F-9DD3-DAE06566218B}C:\program files\le robert\le petit robert 2008\prnet.exe" = protocol=6 | dir=in | app=c:\program files\le robert\le petit robert 2008\prnet.exe |
"TCP Query User{65F8406F-5DA7-4FB0-B8E7-2EDCFB8EBB74}C:\program files\freetvradio\freetvradio.exe" = protocol=6 | dir=in | app=c:\program files\freetvradio\freetvradio.exe |
"TCP Query User{8A3D52FB-C005-4D27-92BE-E4342BFEB3C3}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{94CCD869-17A6-43B4-A27B-A7CD97D5DB35}C:\program files\webteh\bsplayer\bsplayer.exe" = protocol=6 | dir=in | app=c:\program files\webteh\bsplayer\bsplayer.exe |
"TCP Query User{9FA80DBF-D470-437B-92FE-D96639E59BA4}C:\program files\rayv\rayv\rayv.exe" = protocol=6 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"TCP Query User{BA28C1FD-3DAA-438E-9675-29F7E7DC6F28}C:\users\net\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=6 | dir=in | app=c:\users\net\appdata\roaming\cacaoweb\cacaoweb.exe |
"TCP Query User{FFCFC852-CDEF-458B-9D3A-4D75DF3F95D5}C:\program files\le robert\le petit robert 2008\robertha.exe" = protocol=6 | dir=in | app=c:\program files\le robert\le petit robert 2008\robertha.exe |
"UDP Query User{32854BBB-2C0D-4EE6-9B53-E64813E71AEA}C:\program files\rayv\rayv\rayv.exe" = protocol=17 | dir=in | app=c:\program files\rayv\rayv\rayv.exe |
"UDP Query User{39C52B36-7461-49BE-B3E5-DC20E00A7BCC}C:\users\net\downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe" = protocol=17 | dir=in | app=c:\users\net\downloads\a installer\microtorrent_torrent_1.8.4_build_16442_francais_18245.exe |
"UDP Query User{42141EEB-491E-4918-A92A-E518EBA9FF56}C:\program files\webteh\bsplayer\bsplayer.exe" = protocol=17 | dir=in | app=c:\program files\webteh\bsplayer\bsplayer.exe |
"UDP Query User{700DD3B1-B722-4A19-8CEF-4066534F7087}C:\users\net\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=17 | dir=in | app=c:\users\net\appdata\roaming\cacaoweb\cacaoweb.exe |
"UDP Query User{74B4F26E-EA07-403D-92BF-286A00B1EC55}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{7AD752A7-B8F2-417F-BBE8-AFBB996E5B69}C:\program files\freetvradio\freetvradio.exe" = protocol=17 | dir=in | app=c:\program files\freetvradio\freetvradio.exe |
"UDP Query User{8389210C-D64C-4853-822D-41912F953862}C:\program files\k-lite codec pack\media player classic\mpc-hc.exe" = protocol=17 | dir=in | app=c:\program files\k-lite codec pack\media player classic\mpc-hc.exe |
"UDP Query User{CE0A72BD-07E3-42C4-8F05-43533427A836}C:\program files\le robert\le petit robert 2008\robertha.exe" = protocol=17 | dir=in | app=c:\program files\le robert\le petit robert 2008\robertha.exe |
"UDP Query User{ED7D9490-C38E-43B2-A302-5A88654938C8}C:\program files\le robert\le petit robert 2008\prnet.exe" = protocol=17 | dir=in | app=c:\program files\le robert\le petit robert 2008\prnet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 15
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9111040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.1 - Français
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}" = CA Anti-Spyware
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.44
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D374F8CD-E0F3-4810-A48F-3C96E86AF6B4}" = Code de la Route Pratic
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast!" = avast! Antivirus
"BSPlayerf" = BS.Player FREE
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"cciss_pp" = CA Anti-Spyware
"CCleaner" = CCleaner
"DivX Setup.divx.com" = Configuration DivX
"ERUNT_is1" = ERUNT 1.1j
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"PR1CD" = Le Petit Robert 2008
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.0
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = Logiciel d'archivage WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2168351569-2062086647-247387013-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TimeAdjuster" = Time Adjuster STANDARD 3.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2168351569-2062086647-247387013-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 25/04/2010 13:08:00 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000002.

Error - 03/08/2010 10:26:08 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Windows\SoftwareDistribution\Download\c1f7d948706bd20041b721202bafaf94\BITA285.tmp
failed, 00000026.

Error - 18/12/2010 08:59:10 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Net\AppData\Local\Temp\dW6e85AU.iso.part failed, 00000084.

Error - 18/12/2010 08:59:10 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Net\Desktop\Rainbow Six 3 - RavenShield CD2.iso.part failed, 00000084.


Error - 18/12/2010 08:59:32 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www1118.megaupload.com/files/783 ... %20CD2.iso
failed, 00000084.

Error - 18/12/2010 09:04:04 | Computer Name = PCportable | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\Net\Desktop\Rainbow Six 3 - RavenShield CD2.iso.part failed, 00000084.



========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
mo_chinasky
 
Messages: 20
Inscription: 25 Fév 2011, 05:16

Re: Rapport de log suite problème

Messagede mo_chinasky » 25 Fév 2011, 15:39

Dernier message parce qu'on le dit jamais assez alors merci d'avance du temps passé pour m'aider.
Et bien sûr je ne tente rien avant d'avoir une démarche à suivre
mo_chinasky
 
Messages: 20
Inscription: 25 Fév 2011, 05:16

Re: Rapport de log suite problème

Messagede nickW » 26 Fév 2011, 01:54

Bonsoir,

Premiers nettoyages:

Étape 1: Pas de processus de contrôle d'intégrité
Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant Résident "TeaTimer". Fermer Spybot-S&D.
Faire redémarrer le PC.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand et comment le faire).


Étape 2: Redémarrage

Faire redémarrer le PC en Mode sans échec avec prise en charge réseau en utilisant la méthode F8 (F5 sur certains PCs). Impératif: ne pas utiliser la méthode "msconfig"!
Voir http://assiste.com.free.fr/p/comment/co ... echec.html


Étape 3: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3

Enregistrer le fichier sur le Bureau.


Étape 4: HostsXpert (de FunkyToad), téléchargement
Télécharger HostsXpert.zip depuis la page:
http://www.funkytoad.com/index.php?opti ... 13&Itemid=
(cliquer sur Click Here to download HostsXpert)
Enregistrer le fichier sur le Bureau.
Décompresser la totalité de l'archive HostsXpert.zip (sous XP: clic droit, puis Extraire tout).


Étape 5: Pas de processus de contrôle en temps réel
S'il est actif en mode sans échec, désactiver le module résident de l'antivirus et celui de l'anti-spyware.
Image avast4!: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Arrêter la protection résidente"
Image CA Anti-Spyware: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), cliquer sur "Stop active protection" puis valider


Étape 6: rkill (de Grinler), exécution
Faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Si aucun des cinq outils téléchargés ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 7: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 8: Redémarrage
Si ce n'est déjà fait, faire redémarrer le PC en mode normal.


Étape 9: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 10: HostsXpert (de FunkyToad), exécution

Dans l'Explorateur, ouvrir le dossier HostsXpert qui a été créé sur le Bureau.

Faire un clic droit sur HostsXpert.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer le programme.

*- Dans la colonne de gauche, sous "File Handling", vérifier que le premier bouton affiche "Make ReadOnly?", comme ceci:
Image
Si ce premier bouton affiche "Make Writable?", cliquer une fois dessus de façon à ce qu'il affiche "Make ReadOnly?"

*- Dans la colonne de gauche, cliquer sur le bouton "Restore MS Hosts File"
Image
Dans la petite fenêtre intitulée "Confirm", cliquer sur OK

*- Dans la colonne de gauche, cliquer sur le premier bouton de façon à ce qu'il affiche "Make Writable?", comme ceci:
Image

*- Fermer HostsXpert.


Étape 11: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 12: Résultats
Envoyer en réponse:
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier %SystemDrive%\)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 28 invités