Assiste.Forums

[Laurent3131]

Bonjour
J'ai utilisé mon pc avec mon parefeu fermé.
En scannant avec antivir celui çi ma trouvé des trojan
J'ai bloqué avec mon parefeu
usbsvc.exe
netsvcss.exe
Qui me semble suspects.
j'ai essayé combofix mais celui ci ma effacé plusieurs fichiers dll et j'ai du restoré mon systéme a une date antérieure

le log malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Version de la base de données: 6133

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019

22/03/2011 19:36:21
mbam-log-2011-03-22 (19-36-14).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 133873
Temps écoulé: 3 minute(s), 10 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\Windows\System32\usbsvc.exe (Trojan.Downloader) -> No action taken.
c:\Users\lorenz du web\AppData\Roaming\dkfjasdfshd.bat (Malware.Trace) -> No action taken.

[Laurent3131]

LA MOITIE DU LOG OLT


OTL logfile created on: 22/03/2011 19:59:01 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lorenz du web\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 71,72 Gb Free Space | 49,79% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 80,94 Gb Free Space | 56,19% Space Free | Partition Type: NTFS

Computer Name: CRAZYLO | User Name: Lorenz du web | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/22 19:14:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lorenz du web\Desktop\OTL.exe
PRC - [2011/03/18 18:58:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/27 14:22:00 | 002,356,848 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2010/08/27 14:21:58 | 003,638,240 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2010/08/27 14:21:58 | 000,969,944 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAhlp.exe
PRC - [2010/08/27 14:21:58 | 000,432,344 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAreg.exe
PRC - [2010/08/27 14:21:56 | 000,380,272 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAcat.exe
PRC - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/12/10 23:03:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2009/07/13 22:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/04/01 14:46:04 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/03 03:38:13 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2009/03/02 12:09:54 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/03/02 12:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/30 16:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/05/20 11:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/06 21:58:20 | 000,294,912 | ---- | M] () -- C:\Program Files\HomePlayer\HomePlayer.exe
PRC - [2007/05/31 08:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe


========== Modules (SafeList) ==========

MOD - [2011/03/22 19:14:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lorenz du web\Desktop\OTL.exe
MOD - [2010/09/20 10:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2010/08/27 14:22:02 | 001,087,400 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAwatch.dll
MOD - [2008/11/13 16:23:00 | 000,612,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
MOD - [2008/01/21 03:25:01 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/21 03:25:01 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2008/01/21 03:24:47 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2008/01/21 03:24:46 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2008/01/21 03:24:35 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2008/01/21 03:24:02 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2008/01/21 03:23:45 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
MOD - [2006/11/02 13:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/27 14:21:58 | 003,638,240 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/08/27 14:21:56 | 000,380,272 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/10 23:03:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/07/13 22:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/04/01 14:46:04 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/02 12:09:54 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/05/31 08:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/08/27 14:22:36 | 000,038,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2010/08/27 14:22:16 | 000,029,120 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/08/27 14:22:16 | 000,025,000 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/08/27 14:22:14 | 000,201,168 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/11/12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/12 05:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/11/11 15:11:30 | 000,181,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/05 13:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/06/29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009/06/17 09:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/30 09:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/24 15:07:58 | 000,055,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/02/13 11:49:30 | 000,028,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/14 17:46:04 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/12/10 15:56:26 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/11/13 16:23:00 | 007,580,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/30 12:44:42 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/05/26 14:13:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/03/27 08:06:59 | 000,542,976 | ---- | M] (LiteOn) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2007/12/16 16:57:20 | 000,075,776 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/12/13 20:13:02 | 000,017,264 | ---- | M] (FSPro Labs) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\DRIVERS\MPRIFL.SYS -- (MPRIFL)
DRV - [2007/03/28 06:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_7530g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-160463765-1735941628-721991443-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_7530g
IE - HKU\S-1-5-21-160463765-1735941628-721991443-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-160463765-1735941628-721991443-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-160463765-1735941628-721991443-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-160463765-1735941628-721991443-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-160463765-1735941628-721991443-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-160463765-1735941628-721991443-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_7530g
IE - HKU\S-1-5-21-160463765-1735941628-721991443-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-160463765-1735941628-721991443-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/firefox"
FF - prefs.js..extensions.enabledItems: gazopa@hitachi.com:0.13
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/22 19:05:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/22 19:05:42 | 000,000,000 | ---D | M]

[2008/11/05 17:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Extensions
[2011/03/21 00:48:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions
[2011/03/12 03:29:39 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/08/27 19:04:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/30 15:06:07 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/03/12 03:29:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/12 03:29:35 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/03/12 03:29:41 | 000,000,000 | ---D | M] ("Flash Video Downloader (Youtube Downloader)") -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\artur.dubovoy@gmail.com
[2011/03/12 16:12:21 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\foxyproxy@eric.h.jung
[2011/02/01 22:49:41 | 000,000,000 | ---D | M] (GazoPa Similar Image Search) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\gazopa@hitachi.com
[2011/03/12 03:29:40 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\personas@christopher.beard
[2010/01/17 04:39:16 | 000,000,000 | ---D | M] (Save Session) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\savesession@noasobi.net
[2011/03/12 03:29:39 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\SkipScreen@SkipScreen
[2011/03/12 03:29:35 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\tineye@ideeinc.com
[2011/01/01 20:50:16 | 000,001,992 | ---- | M] () -- C:\Users\Lorenz du web\AppData\Roaming\Mozilla\Firefox\Profiles\2hl3ezz5.default\searchplugins\hotfilesearch.xml
[2011/03/22 19:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/03/17 17:56:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/18 18:58:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/17 17:56:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/02/28 17:00:12 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 09:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/01/01 09:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 09:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKU\S-1-5-21-160463765-1735941628-721991443-1002\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-160463765-1735941628-721991443-1002\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKU\S-1-5-21-160463765-1735941628-721991443-1002\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-160463765-1735941628-721991443-1002\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HomePlayer] C:\Program Files\HomePlayer\HomePlayer.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Google Web Services] File not found
O4 - HKU\S-1-5-18..\Run: [Google Web Services] File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-160463765-1735941628-721991443-1002..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-160463765-1735941628-721991443-1002..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - Startup: C:\Users\Lorenz du web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-160463765-1735941628-721991443-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messenger ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Lorenz du web\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lorenz du web\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\PROGRA~1\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{43625bb8-9e26-11dd-a134-001e68e237e8}\Shell - "" = AutoRun
O33 - MountPoints2\{43625bb8-9e26-11dd-a134-001e68e237e8}\Shell\AutoRun\command - "" = F:\cdstart.exe
O33 - MountPoints2\{962943b4-3d75-11de-a7b9-001e68e237e8}\Shell\AutoRun\command - "" = cb.exe
O33 - MountPoints2\{962943b4-3d75-11de-a7b9-001e68e237e8}\Shell\open\Command - "" = cb.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/03/22 19:23:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/22 19:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/03/22 19:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/22 19:20:46 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Lorenz du web\Desktop\erunt-setup.exe
[2011/03/22 19:17:39 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lorenz du web\Desktop\mbam-setup.exe
[2011/03/22 19:15:56 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/03/22 19:14:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Lorenz du web\Desktop\OTL.exe
[2011/03/22 19:05:00 | 012,660,544 | ---- | C] (Mozilla) -- C:\Users\Lorenz du web\Desktop\Firefox Setup 4.0.exe
[2011/03/22 12:15:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/03/21 00:26:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/20 13:42:36 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\Desktop\freeboxV6_valid.pl_fichiers
[2011/03/17 20:50:34 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\Desktop\OpenOffice.org 3.1 (fr) Installation Files
[2011/03/17 17:56:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/17 17:56:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/17 17:56:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/17 17:52:51 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\Desktop\OpenOffice.org 3.3 (fr) Installation Files
[2011/03/17 17:45:28 | 011,338,008 | ---- | C] (Tracker Software Products Ltd.) -- C:\Users\Lorenz du web\Desktop\PDFXCview.exe
[2011/03/17 17:21:08 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\Desktop\backups
[2011/03/17 17:03:40 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lorenz du web\Desktop\TDSSKiller.exe
[2011/03/14 12:20:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/03/14 01:28:23 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\Desktop\banque postale
[2011/03/14 01:25:55 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\Desktop\divers
[2011/03/12 01:29:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/12 01:28:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/03/12 01:27:43 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/03/12 01:27:43 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/03/12 01:27:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/03/12 01:27:42 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/03/12 01:27:42 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/03/12 01:27:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/03/12 01:27:40 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/03/12 01:27:40 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/03/12 01:27:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/03/12 01:27:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/03/12 01:27:36 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/03/12 01:27:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/03/12 01:27:36 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/03/12 01:27:36 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/03/12 01:27:36 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/03/12 01:26:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/03/12 01:26:24 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/03/12 01:26:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/03/12 01:26:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/03/12 01:26:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/03/12 01:26:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/03/12 01:26:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/03/12 01:26:23 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/03/12 01:26:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/03/12 01:26:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/03/12 01:26:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/03/12 01:26:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/03/12 01:26:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/03/12 01:26:19 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/03/12 01:26:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/03/12 01:26:18 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/03/12 01:26:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/03/12 01:26:05 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/12 01:26:05 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/12 01:26:05 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/12 01:26:05 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/12 01:26:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/03/12 01:26:00 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/03/12 01:25:58 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/03/12 01:25:58 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/03/12 01:25:58 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/03/12 01:25:55 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/03/12 01:25:55 | 003,550,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/03/12 01:25:48 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/03/12 01:25:46 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/03/12 01:25:45 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/03/12 01:25:42 | 002,038,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/03/12 01:25:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/03/12 01:24:41 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/03/12 01:24:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/03/12 01:24:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/03/11 22:06:53 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\Desktop\thr
[2011/03/09 01:04:44 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lorenz du web\Desktop\HiJackThis.exe
[2011/03/03 00:00:08 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\Desktop\nouvelles preuves
[2011/02/28 17:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011/02/28 17:00:10 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JMHL Loader
[2011/02/28 17:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\JMHL Loader
[2011/02/28 00:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celestia
[2011/02/28 00:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Celestia
[2011/02/22 19:35:01 | 000,000,000 | ---D | C] -- C:\Package
[2008/07/22 09:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/22 19:56:23 | 000,126,339 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/03/22 19:52:49 | 000,126,339 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/03/22 19:51:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/03/22 19:50:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/03/22 19:50:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/03/22 19:45:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/03/22 19:44:51 | 026,809,322 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/03/22 19:44:50 | 009,307,074 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/03/22 19:44:49 | 008,789,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/22 19:44:49 | 007,977,902 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/22 19:38:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/22 19:38:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/22 19:38:09 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011/03/22 19:23:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/03/22 19:23:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/03/22 19:22:36 | 000,000,917 | ---- | M] () -- C:\Users\Lorenz du web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/22 19:21:44 | 000,000,737 | ---- | M] () -- C:\Users\Lorenz du web\Desktop\NTREGOPT.lnk
[2011/03/22 19:21:44 | 000,000,718 | ---- | M] () -- C:\Users\Lorenz du web\Desktop\ERUNT.lnk
[2011/03/22 19:19:50 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Lorenz du web\Desktop\erunt-setup.exe
[2011/03/22 19:17:31 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lorenz du web\Desktop\mbam-setup.exe
[2011/03/22 19:14:38 | 000,000,395 | ---- | M] () -- C:\Users\Lorenz du web\Desktop\scan.zip
[2011/03/22 19:14:01 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lorenz du web\Desktop\OTL.exe
[2011/03/22 19:14:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/03/22 19:13:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/03/22 19:12:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/03/22 19:09:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/03/22 19:05:45 | 000,000,874 | ---- | M] () -- C:\Users\Lorenz du web\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/22 19:05:44 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/22 19:04:20 | 012,660,544 | ---- | M] (Mozilla) -- C:\Users\Lorenz du web\Desktop\Firefox Setup 4.0.exe
[2011/03/22 19:04:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At78.job
[2011/03/20 13:42:37 | 000,020,285 | ---- | M] () -- C:\Users\Lorenz du web\Desktop\freeboxV6_valid.pl.htm
[2011/03/17 21:07:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/03/17 21:07:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/03/17 20:49:40 | 135,328,296 | ---- | M] () -- C:\Users\Lorenz du web\Desktop\openoffice-org_openoffice.org_3.1.0_francais_10677.exe
[2011/03/17 18:21:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At71.job
[2011/03/17 18:15:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At49.job
[2011/03/17 18:15:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/03/17 18:08:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At83.job
[2011/03/17 17:56:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/17 17:56:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/17 17:56:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/17 17:56:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/03/17 17:48:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At51.job
[2011/03/17 17:08:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/03/17 17:08:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/03/17 16:17:59 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/03/17 15:59:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/03/17 12:13:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/03/17 12:13:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/03/17 12:10:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At70.job
[2011/03/17 12:05:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/03/17 12:03:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/03/17 12:03:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/03/17 11:52:03 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/03/17 02:22:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/03/17 02:20:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/03/17 01:06:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At57.job
[2011/03/17 00:53:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At68.job
[2011/03/17 00:49:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At87.job
[2011/03/17 00:41:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At86.job
[2011/03/17 00:13:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At91.job
[2011/03/17 00:13:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At85.job
[2011/03/17 00:10:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At90.job
[2011/03/16 23:57:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At65.job
[2011/03/16 23:49:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At84.job
[2011/03/16 23:49:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At61.job
[2011/03/16 23:46:01 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At76.job
[2011/03/15 21:57:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At50.job
[2011/03/15 21:57:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/03/15 21:48:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At72.job
[2011/03/15 21:43:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At64.job
[2011/03/15 21:38:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/03/15 21:28:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/03/15 21:28:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/03/15 21:25:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At79.job
[2011/03/15 11:58:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/03/15 11:57:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/03/15 11:52:02 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At82.job
[2011/03/15 11:52:01 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At69.job
[2011/03/14 23:35:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At56.job
[2011/03/14 23:25:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At75.job
[2011/03/14 23:21:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At59.job
[2011/03/14 23:19:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At55.job
[2011/03/14 23:01:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/03/14 23:01:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/03/14 22:56:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At73.job
[2011/03/14 22:47:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At81.job
[2011/03/14 22:45:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/03/14 22:44:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At80.job
[2011/03/14 22:20:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/03/14 22:19:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At67.job
[2011/03/14 22:19:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/03/14 22:13:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/03/14 22:12:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/03/14 12:22:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/03/13 15:57:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/03/13 14:54:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At54.job
[2011/03/13 14:43:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At77.job
[2011/03/13 14:39:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/03/13 14:38:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At53.job
[2011/03/13 14:38:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/03/13 14:32:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At60.job
[2011/03/13 14:28:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At89.job
[2011/03/13 14:20:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At58.job
[2011/03/13 14:14:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At66.job
[2011/03/13 13:46:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At88.job
[2011/03/13 13:29:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At63.job
[2011/03/13 13:29:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At52.job
[2011/03/13 12:58:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At74.job
[2011/03/12 18:46:08 | 000,014,140 | ---- | M] () -- C:\Users\Lorenz du web\.recently-used.xbel
[2011/03/12 14:18:22 | 000,296,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/11 16:56:28 | 004,285,785 | ---- | M] () -- C:\Users\Lorenz du web\Desktop\ComboFix.exe
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lorenz du web\Desktop\TDSSKiller.exe
[2011/03/09 01:04:46 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lorenz du web\Desktop\HiJackThis.exe
[2011/03/05 01:27:58 | 000,103,837 | ---- | M] () -- C:\Users\Lorenz du web\a786a84826cad0f158139584feb29f25.flv
[2011/03/04 11:47:07 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/03/04 11:47:07 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/03/02 13:08:45 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At62.job
[2011/03/02 11:36:06 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/03/02 11:36:06 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/03/02 10:38:08 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/02/26 15:06:36 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/02/23 14:30:31 | 000,108,736 | RHS- | M] () -- C:\Users\Lorenz du web\AppData\Roaming\netsvcss.exe
[2011/02/22 20:45:09 | 000,000,255 | ---- | M] () -- C:\Users\Lorenz du web\Documents\ax_files.xml
[2011/02/22 20:18:52 | 000,244,224 | ---- | M] () -- C:\Users\Lorenz du web\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 12:32:18 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\At37.job
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/22 19:22:36 | 000,000,917 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/22 19:21:44 | 000,000,737 | ---- | C] () -- C:\Users\Lorenz du web\Desktop\NTREGOPT.lnk
[2011/03/22 19:21:44 | 000,000,718 | ---- | C] () -- C:\Users\Lorenz du web\Desktop\ERUNT.lnk
[2011/03/22 19:14:38 | 000,000,395 | ---- | C] () -- C:\Users\Lorenz du web\Desktop\scan.zip
[2011/03/22 19:05:44 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/20 13:42:36 | 000,020,285 | ---- | C] () -- C:\Users\Lorenz du web\Desktop\freeboxV6_valid.pl.htm
[2011/03/17 20:48:14 | 135,328,296 | ---- | C] () -- C:\Users\Lorenz du web\Desktop\openoffice-org_openoffice.org_3.1.0_francais_10677.exe

[Laurent3131]

SUITE


[2011/03/12 18:46:08 | 000,014,140 | ---- | C] () -- C:\Users\Lorenz du web\.recently-used.xbel
[2011/03/12 18:40:04 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/12 01:27:37 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/12 01:27:37 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/12 01:27:37 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/03/11 16:56:16 | 004,285,785 | ---- | C] () -- C:\Users\Lorenz du web\Desktop\ComboFix.exe
[2011/03/09 00:13:16 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At91.job
[2011/03/09 00:10:40 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At90.job
[2011/03/08 14:28:19 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At89.job
[2011/03/08 13:46:48 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At88.job
[2011/03/08 00:49:06 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At87.job
[2011/03/08 00:41:13 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At86.job
[2011/03/08 00:14:00 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At85.job
[2011/03/07 23:49:30 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At84.job
[2011/03/07 18:08:37 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At83.job
[2011/03/07 11:52:09 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At82.job
[2011/03/06 22:48:07 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At81.job
[2011/03/06 22:44:35 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At80.job
[2011/03/06 21:25:12 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At79.job
[2011/03/06 19:04:19 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At78.job
[2011/03/06 14:43:34 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At77.job
[2011/03/05 23:46:57 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At76.job
[2011/03/05 23:25:04 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At75.job
[2011/03/05 12:58:34 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At74.job
[2011/03/05 01:27:58 | 000,103,837 | ---- | C] () -- C:\Users\Lorenz du web\a786a84826cad0f158139584feb29f25.flv
[2011/03/04 22:56:15 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At73.job
[2011/03/04 21:48:46 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At72.job
[2011/03/04 18:22:01 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At71.job
[2011/03/04 12:10:12 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At70.job
[2011/03/04 11:52:27 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At69.job
[2011/03/04 00:53:53 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At68.job
[2011/03/03 22:19:22 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At67.job
[2011/03/03 14:14:52 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At66.job
[2011/03/02 23:57:22 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At65.job
[2011/03/02 21:43:43 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At64.job
[2011/03/02 13:29:07 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At63.job
[2011/03/02 09:53:30 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At62.job
[2011/03/01 23:49:36 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At61.job
[2011/03/01 14:32:11 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At60.job
[2011/02/28 23:21:11 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At59.job
[2011/02/28 14:20:02 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At58.job
[2011/02/28 01:06:24 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At57.job
[2011/02/27 23:35:42 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At56.job
[2011/02/26 23:20:00 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At55.job
[2011/02/26 14:54:38 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At54.job
[2011/02/26 14:38:10 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At53.job
[2011/02/26 13:29:20 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At52.job
[2011/02/25 17:48:33 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At51.job
[2011/02/24 21:57:07 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At50.job
[2011/02/24 18:15:08 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At49.job
[2011/02/24 00:14:43 | 000,108,736 | RHS- | C] () -- C:\Users\Lorenz du web\AppData\Roaming\netsvcss.exe
[2011/02/23 22:45:08 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/02/23 19:45:09 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/02/22 18:15:19 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/02/22 12:22:21 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/02/21 19:50:07 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/02/21 12:05:12 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/02/20 21:57:44 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/02/20 21:38:21 | 000,000,302 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/02/19 01:03:24 | 000,103,136 | RHS- | C] () -- C:\Users\Lorenz du web\AppData\Roaming\netsvc.exe
[2011/02/09 23:21:33 | 000,101,088 | RHS- | C] () -- C:\Users\Lorenz du web\AppData\Roaming\rervices.exe
[2011/02/09 12:13:19 | 001,503,021 | ---- | C] () -- C:\Windows\System32\usbsvc.exe
[2011/02/05 00:32:48 | 000,065,536 | ---- | C] () -- C:\Windows\TADSUINS.EXE
[2010/10/31 00:07:05 | 000,000,029 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Roaming\boot.bat
[2010/10/31 00:07:01 | 000,000,006 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Roaming\start
[2010/10/30 23:35:00 | 000,000,224 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Roaming\dkfjasdfshd.bat
[2010/10/25 12:41:45 | 000,000,000 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Roaming\wklnhst.dat
[2010/09/01 20:35:06 | 000,201,168 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2010/09/01 20:35:06 | 000,038,856 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2010/05/29 22:10:45 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/03/09 16:28:32 | 000,000,021 | ---- | C] () -- C:\Windows\kit.ini
[2010/03/06 01:29:46 | 000,147,456 | R--- | C] () -- C:\Windows\System32\pppoe32.dll
[2009/12/20 23:54:58 | 000,126,339 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/20 23:54:58 | 000,126,339 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/11/23 17:03:47 | 000,093,000 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/10/27 20:14:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2009/10/02 17:03:28 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009/08/14 21:56:08 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/28 02:59:38 | 000,000,702 | ---- | C] () -- C:\Windows\NewsRover.INI
[2009/04/19 20:08:02 | 000,040,715 | ---- | C] () -- C:\Windows\4ormulatorVE.ini
[2009/03/14 17:06:05 | 000,000,004 | ---- | C] () -- C:\Windows\System32\vm.exe
[2009/02/28 12:47:28 | 000,010,281 | ---- | C] () -- C:\Windows\wclock.ini
[2008/12/30 01:38:33 | 000,000,063 | ---- | C] () -- C:\Windows\yesmessenger.ini
[2008/11/06 18:15:06 | 000,000,137 | ---- | C] () -- C:\Windows\oports.INI
[2008/10/26 16:40:30 | 000,000,230 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/24 02:46:18 | 005,480,452 | ---- | C] () -- C:\ProgramData\2-4-03.mpg
[2008/10/21 01:00:36 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/10/21 01:00:03 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/10/21 01:00:02 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/10/21 01:00:00 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/21 00:59:54 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/10/20 13:07:21 | 000,002,032 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Local\d3d9caps.dat
[2008/10/19 02:16:51 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/19 02:16:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/18 22:24:33 | 000,244,224 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/17 21:38:31 | 000,000,550 | ---- | C] () -- C:\Windows\mozver.dat
[2008/10/17 21:33:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/08 14:08:44 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/09/08 14:08:44 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/09/08 14:08:44 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/08/14 03:25:02 | 000,129,604 | ---- | C] () -- C:\Windows\Set_Resolution_2.0.exe
[2008/04/01 18:26:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/01 18:26:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/01 18:03:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/04/01 17:49:19 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/04/01 17:49:19 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/04/01 17:49:19 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/01/21 09:40:50 | 026,809,322 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/01/21 09:40:50 | 009,307,074 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/01/21 09:40:50 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/01/21 09:40:50 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 13:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,296,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 008,789,462 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 007,977,902 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/04/01 18:24:25 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\Acer GameZone Console
[2008/10/31 18:03:42 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\Camfrog
[2010/05/29 22:10:53 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\Canneverbe Limited
[2009/11/01 18:43:35 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\Canon
[2010/11/28 01:45:40 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\DAZ 3D
[2008/10/18 21:29:00 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\eSobi
[2011/02/06 14:30:01 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\GrabPro
[2011/03/12 18:46:08 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\gtk-2.0
[2011/03/22 18:51:56 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\IrfanView
[2008/11/30 12:09:53 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\Mp3tag
[2010/10/31 13:29:19 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\OnlineArmor
[2011/02/26 15:04:01 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\Orbit
[2011/02/06 14:30:05 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\ProgSense
[2011/01/23 13:16:54 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\SecondLife
[2009/10/25 02:20:35 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\SystemRequirementsLab
[2009/10/18 21:47:46 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\Utherverse
[2011/02/05 01:58:59 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\uTorrent
[2010/02/01 19:37:15 | 000,000,000 | ---D | M] -- C:\Users\Lorenz du web\AppData\Roaming\WordWeb
[2011/03/17 02:22:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/03/02 11:36:06 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/03/13 14:38:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/03/13 14:39:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/03/22 19:50:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/03/22 19:51:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/03/17 12:03:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/03/17 12:03:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/03/22 19:13:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/03/22 19:14:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/03/14 22:12:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/03/17 11:52:03 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/03/14 22:13:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/03/15 11:57:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/03/15 11:58:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/03/15 21:28:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/03/15 21:28:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/03/17 17:08:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2011/03/17 17:08:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/03/14 22:19:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2011/03/14 22:20:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/03/04 11:47:07 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2011/03/17 12:13:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/03/04 11:47:07 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/03/17 21:07:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2011/03/17 21:07:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/03/13 15:57:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2011/03/17 15:59:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/03/02 10:38:08 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2011/03/17 12:13:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/02/21 12:32:18 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2011/03/22 19:12:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/03/17 02:20:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2011/03/22 19:23:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/03/22 19:09:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/03/15 21:38:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2011/03/15 21:57:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/03/17 12:05:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2011/03/22 19:50:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/03/14 12:22:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2011/03/17 18:15:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/03/22 19:45:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2011/03/14 22:45:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/03/17 18:15:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At49.job
[2011/03/14 23:01:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/03/15 21:57:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At50.job
[2011/03/17 17:48:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At51.job
[2011/03/13 13:29:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At52.job
[2011/03/13 14:38:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At53.job
[2011/03/13 14:54:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At54.job
[2011/03/14 23:19:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At55.job
[2011/03/14 23:35:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At56.job
[2011/03/17 01:06:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At57.job
[2011/03/13 14:20:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At58.job
[2011/03/14 23:21:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At59.job
[2011/03/22 19:23:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/03/13 14:32:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At60.job
[2011/03/16 23:49:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At61.job
[2011/03/02 13:08:45 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At62.job
[2011/03/13 13:29:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At63.job
[2011/03/15 21:43:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At64.job
[2011/03/16 23:57:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At65.job
[2011/03/13 14:14:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At66.job
[2011/03/14 22:19:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At67.job
[2011/03/17 00:53:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At68.job
[2011/03/15 11:52:01 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At69.job
[2011/03/14 23:01:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/03/17 12:10:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At70.job
[2011/03/17 18:21:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At71.job
[2011/03/15 21:48:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At72.job
[2011/03/14 22:56:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At73.job
[2011/03/13 12:58:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At74.job
[2011/03/14 23:25:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At75.job
[2011/03/16 23:46:01 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At76.job
[2011/03/13 14:43:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At77.job
[2011/03/22 19:04:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At78.job
[2011/03/15 21:25:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At79.job
[2011/03/17 16:17:59 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/03/14 22:44:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At80.job
[2011/03/14 22:47:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At81.job
[2011/03/15 11:52:02 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At82.job
[2011/03/17 18:08:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At83.job
[2011/03/16 23:49:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At84.job
[2011/03/17 00:13:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At85.job
[2011/03/17 00:41:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At86.job
[2011/03/17 00:49:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At87.job
[2011/03/13 13:46:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At88.job
[2011/03/13 14:28:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At89.job
[2011/03/02 11:36:06 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/03/17 00:10:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At90.job
[2011/03/17 00:13:00 | 000,000,302 | ---- | M] () -- C:\Windows\Tasks\At91.job
[2011/03/17 17:22:06 | 000,032,494 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\System32\ctfmon.exe
[2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVRD32.SYS >
[2008/05/26 14:13:00 | 000,132,128 | ---- | M] (NVIDIA Corporation) MD5=0D15327134E5871C922760ACD7449E84 -- C:\ACER\Preload\Autorun\DRV\nVidia NB Chipset NVMCP77MH\IDE\WinVista\sataraid\nvrd32.sys
[2009/08/04 17:44:12 | 000,139,296 | ---- | M] (NVIDIA Corporation) MD5=6F922993C8AA8BF555B0A8428AAB5731 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sataraid\nvrd32.sys
[2009/08/04 17:44:12 | 000,139,296 | ---- | M] (NVIDIA Corporation) MD5=6F922993C8AA8BF555B0A8428AAB5731 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sataraid\nvrd32.sys

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2009/08/04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sataraid\nvstor32.sys
[2009/08/04 17:44:14 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sataraid\nvstor32.sys
[2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\Win7\sata_ide\nvstor32.sys
[2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.51\English\IDE\WinVista\sata_ide\nvstor32.sys
[2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\drivers\nvstor32.sys
[2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_dcdb2e54\nvstor32.sys
[2008/05/26 14:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\ACER\Preload\Autorun\DRV\nVidia NB Chipset NVMCP77MH\IDE\WinVista\sataraid\nvstor32.sys
[2008/05/26 14:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\ACER\Preload\Autorun\DRV\nVidia NB Chipset NVMCP77MH\IDE\WinVista\sata_ide\nvstor32.sys
[2008/05/26 14:13:00 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_903234fc\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

< MD5 for: WINLOGON.EXE >
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010/03/05 15:01:02 | 000,420,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:8173A019

< End of report >

[Laurent3131]

extras log

OTL Extras logfile created on: 22/03/2011 19:59:01 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lorenz du web\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 71,72 Gb Free Space | 49,79% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 80,94 Gb Free Space | 56,19% Space Free | Partition Type: NTFS

Computer Name: CRAZYLO | User Name: Lorenz du web | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-160463765-1735941628-721991443-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisabledInterfaces" = {C7F575D9-BCC1-4A3A-B3F3-E5C32BFD5E49},{3B62B124-EDF7-4217-BBFE-8050EEBE6361}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0693C95A-2D70-4511-8086-C4072ECF7FA6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{09C3A9E4-43BD-4790-8874-1DAD3E984E3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{14E6B75B-FED3-467A-A04A-322325B3FE9E}" = rport=137 | protocol=17 | dir=out | app=system |
"{1625D0D3-BED8-4A50-B94E-D90921BF0352}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{167D3FAB-3E3B-417C-8499-C1E266F3016D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24DCE941-4C9C-489C-98F0-D3882DF04374}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{27D01A40-2C6F-4787-8123-AA62C50A19CE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{333FFDEC-C791-420C-9E57-3064D7920BBE}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{3731C0B3-7478-482B-9837-A388F48E7169}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3C09C7C3-96D0-4F1B-B81D-4BDCAEF4A56F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3F6B9AF1-CA4D-45D5-8A75-68F10A95D22D}" = lport=137 | protocol=17 | dir=in | app=system |
"{40F821F2-01DD-4D8E-BAD5-78537E3B679F}" = lport=137 | protocol=17 | dir=in | name=peer2me - allow netbios in (udp/137) |
"{4489A4D8-B12A-4A2C-AD76-7CB5D9CAB75D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{44B531AE-4DE2-4BAE-AF6C-0C9EEBF8C603}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B3C1F04-0B85-4599-8C0F-8B2001C7E897}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{580EA5F9-07C1-4159-881F-79BDB9E67FB7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5891B8C2-0D2C-430B-BC30-021F1D742DF6}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5C4BDD65-313A-48F9-BC0A-4CA3151CFD72}" = lport=2869 | protocol=6 | dir=in | app=system |
"{62DC4ECB-F543-46F6-9A76-83C83D13A73F}" = lport=138 | protocol=17 | dir=in | name=peer2me - allow netbios in (udp/138) |
"{6375C0F3-3415-4D21-99C1-FF2FC7212237}" = lport=2869 | protocol=6 | dir=in | app=system |
"{697B7ED0-4BE8-4783-9C17-F8E78965B3F1}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{723B47C2-5851-493C-8475-432B6FBF4831}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{74469BF4-C42A-4137-B215-7BB7BF70C598}" = lport=2869 | protocol=6 | dir=in | app=system |
"{78358697-1EB3-4EC8-BBF9-CA26C7AC89EB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{786CA100-D222-483C-9E4D-97B132E32CDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{78CE7A6D-1CDE-433C-B7AE-3EF66AE55E3F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7F2FFD08-53CE-49E2-9E6F-576B89EA4D08}" = lport=445 | protocol=6 | dir=in | app=system |
"{81816235-DC0F-48E6-B8DF-DCF58742BBE1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8DA73BE8-2950-4641-9F90-6102619DF151}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{986E49A7-E7CE-43F8-BF67-623D790303F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9E305C76-E803-433E-BF55-9574F3035394}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{AB15485C-F953-4B70-AF1E-F4146A7A0C26}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ACC17C96-22C2-4C7D-9741-F2B753E96767}" = rport=445 | protocol=6 | dir=out | app=system |
"{ADE51C24-FCB7-4A20-86FE-9F8E744B1C65}" = rport=139 | protocol=6 | dir=out | app=system |
"{AEEE4FE2-28EB-4989-BB56-D9EB19362269}" = lport=139 | protocol=6 | dir=in | name=peer2me - allow netbios in (tcp/139) |
"{AF419A64-1DC9-4260-B60A-06A9A46F9314}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{B0F78101-6B9C-400C-A03E-F7B0F3CAE2EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B1E26AB4-791F-49B9-834A-E6720FA30017}" = lport=445 | protocol=6 | dir=in | name=peer2me - allow netbios in (tcp/445) |
"{CDE41E82-D87F-47B5-8228-3DCA6EE981A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{D1418B2B-8AF8-4C4C-BFAE-26FE109F2F06}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{D527AE5F-FFD6-4FCF-B719-3BE99C44518E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D91F9E1A-68AA-4BE7-ADF5-BEF4329956E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D9A70102-32AD-46BE-BF7B-61F91E64848F}" = lport=139 | protocol=6 | dir=in | app=system |
"{DCF182E6-24D7-4EC1-B16D-115A52798C9E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E1DE505F-2727-47FA-8A1F-5AD12417A396}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F3AEA34F-BBE4-46DA-873E-09A0D057587B}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{036E95F9-8343-43B7-A2A2-7602A69F0A3A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{051133F6-31D6-458B-9494-6D175723ECE3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{086F0051-77D3-41B1-BF98-796DCE4090BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1001FA72-6300-486E-9001-E710E6E030F9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{100A0062-57BB-4AE1-B40D-646C790E88BE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1B82189F-02E4-4302-9FAD-6EDD9121D86D}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"{1F509085-CD06-46CE-A90C-7DFACF7C3F91}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1FA08DD9-06B3-4EBF-83EB-7C5D803D56EE}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{25AB95EE-924E-4EB2-A9F5-81816EE07504}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{26BB2F99-E0B2-4FC8-B8EE-F42BE43E6A6B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2CA57BCC-E1C0-4280-992A-9FC6AD84A0CD}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{363E4024-17A5-46CF-BD1A-C9DEC3D534D2}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{37CBA4B9-2A68-4C61-A1CC-F6138A19B0E6}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{399B8E19-57AE-439E-A4E2-2F62B2BA15B5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3B213421-855C-45B3-AA02-26ACC612C25C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3BDA3E36-95E9-4A94-A7D9-84A6B2117CE2}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{3CC5DEEC-AB6F-4F8B-8232-2FB858F155A6}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"{469B1292-7B8A-4C93-8DE2-4AED9BAE98F9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4717446B-65A7-49FB-B2E2-0837468A90DD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4D174C97-CCC8-4764-9E58-F8B28A2A4A37}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4FF19A92-7992-4372-8787-1E8E17ABF593}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{52BEB9ED-0770-4E1A-967D-E3D2C3E50BBF}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{56CD5694-1FA9-4B01-B17B-549E754479F8}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"{5B569CF0-91E5-4DF8-A43A-A9895DA5AD9E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6D3BECA8-87E8-4BA3-A7D2-F492FD8B8393}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6F04FA4B-B9D0-4165-84F0-013762057A66}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{76CE099D-3C3B-40EC-AF89-E4DEE1C176D5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{78810E3E-8208-46A5-9794-5A44BFD7F777}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7C0F11B5-BB88-4C9E-800D-287746D16AD4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7CF71B39-237C-435C-B440-487A9F403CDA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{81286262-E1BE-4315-9413-8763585E1EFC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{864C9665-9750-4BC7-B659-264952E83FB2}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{8E2430B1-CDED-431B-BC06-FFC5C37AF08B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{98D0D75E-C6FB-41CE-AFFF-F18B25675C10}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9B8270F7-2474-4A2F-8534-DB783248FA92}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9E0345B7-9110-4541-AE1E-8759493EBAD5}" = protocol=6 | dir=in | app=c:\users\lorenz du web\desktop\utorrent.exe |
"{A53D2FA4-0AA2-4136-9880-E4FA3BEF56AD}" = protocol=6 | dir=out | app=system |
"{B0846C9E-3696-4C43-86A5-A311BFA435E2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B20F1D30-F7CC-4058-B460-41AB33486D72}" = protocol=17 | dir=in | app=c:\users\lorenz du web\desktop\utorrent.exe |
"{B46F5B75-7043-4847-AC5A-F46431DFC82D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B66C7FC0-E4B9-49A8-BC12-19C6FDAD9CD0}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{B7F1E8DD-41F9-4342-9E28-FB4955ACE902}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B959AFF4-5757-41EC-A7CE-2E7B16B287CB}" = protocol=6 | dir=in | app=c:\users\lorenz\desktop\utorrent.exe |
"{BB173904-0359-46FB-9F7E-9EEB34BA6CFA}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BE2E4E55-9A20-4E2B-82DB-881F69D21DA3}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{C5AB91AA-9100-49E4-9916-5DC791983BFD}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{C80DDF42-C8E0-4166-B360-9B4674836DA5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C8B098DF-BFE5-4130-9356-21C9CE635A7B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CBFBAA99-9049-4026-9BB6-C79E59D9787D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{CC7ACDAE-0A7B-411C-9AD5-51F24D61E9FF}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{D80025CC-59B2-43F8-9070-94919395EB2D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D8863855-9FB4-40AF-ADB2-B2F245926885}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DAA1EDFC-4B05-4A79-99E7-BDA2C808FAFC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E0312CE2-0047-4ADF-9E6B-595AFD4F1848}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E3224655-9052-4409-B2E4-FE407C5A6F9A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{E39D792A-734C-4F68-AC01-0463B09F4DCF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E531C42B-1DCE-4C99-BACC-68CA36CA5FF5}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E8D5BBBD-F359-4F7A-A791-0E3984D1E630}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{E8DB09C1-79C9-46A1-9C1C-1E6E85F25FC4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F271386B-C651-4B26-9427-58D1C4E36E98}" = protocol=17 | dir=in | app=c:\users\lorenz\desktop\utorrent.exe |
"{FCABEC8C-814C-4F32-9434-57108EEAF11A}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"TCP Query User{174448F9-30E4-4D3B-AF46-7A5DF81A3879}C:\users\lorenz\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\lorenz\desktop\utorrent.exe |
"TCP Query User{5C6D31A5-31E9-4030-AB10-11A45E365F1E}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{8E9FF3C8-6494-47C9-B94B-56FAFD6954DB}C:\program files\secondlife\secondlife.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\secondlife.exe |
"TCP Query User{9C93784D-0F41-4CDE-93EB-E1814D20DC5F}C:\program files\secondlife\secondlife.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\secondlife.exe |
"TCP Query User{C818CEFA-522D-466E-A191-CC9E39FE912D}C:\program files\secondlife\slvoice.exe" = protocol=6 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"TCP Query User{EA1141C6-C75A-4B19-8A40-7D2622B612FF}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=6 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |
"TCP Query User{F3422246-DBE9-4AD8-9AD6-D7C8580F9711}C:\users\lorenz du web\desktop\utorrent.exe" = protocol=6 | dir=in | app=c:\users\lorenz du web\desktop\utorrent.exe |
"UDP Query User{018AE203-6C32-4A0F-A02D-D5B72D589F77}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{235BB82C-F100-46F0-8E24-553CE14F0BF4}C:\users\lorenz du web\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\lorenz du web\desktop\utorrent.exe |
"UDP Query User{49535DA8-C3DC-4CE4-9EB7-F948041ECE0E}C:\program files\secondlife\secondlife.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\secondlife.exe |
"UDP Query User{7C27AB2A-315C-434A-BA3A-99861DC42B0D}C:\users\lorenz\desktop\utorrent.exe" = protocol=17 | dir=in | app=c:\users\lorenz\desktop\utorrent.exe |
"UDP Query User{90C190F3-5710-41A0-9060-BB54CADCA147}C:\program files\secondlife\slvoice.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\slvoice.exe |
"UDP Query User{D3FD3E5D-6929-497B-9F48-6B2C850C2E21}C:\program files\secondlife\secondlife.exe" = protocol=17 | dir=in | app=c:\program files\secondlife\secondlife.exe |
"UDP Query User{E5A70614-8FBA-49F3-B459-39EE692197F5}C:\program files\camfrog\camfrog video chat\camfrog video chat.exe" = protocol=17 | dir=in | app=c:\program files\camfrog\camfrog video chat\camfrog video chat.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0590BB91-B280-4BAB-95D7-D6558117D27C}" = SA304x Device Manager
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Assistant de connexion Windows Live ID
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live
"{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}" = SA304x Media Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-908
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91C82FED-477B-4AF1-88FB-F967BB0D7F10}" = Winbond CIR Device Drivers
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FF9FDF7-F84A-4F99-B4BB-066B6F95F33D}" = Windows Live Contrôle parental
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8.3
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3.4 - Français
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B72CF634-2F89-478A-86E7-96F80CDAF284}" = SA304x Media Converter
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviScreen Classic (Freeware)_is1" = AviScreen Classic Version 1.3
"AviScreen Pro (Shareware)_is1" = AviScreen Pro
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"Celestia_is1" = Celestia 1.6.0
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DPP" = Canon Utilities Digital Photo Professional 3.7
"ERUNT_is1" = ERUNT 1.1j
"fhlpppoe" = PPP over Ethernet
"Foxmail_is1" = Foxmail 5.0 Fr.
"Free FLV Converter_is1" = Free FLV Converter V 5.81
"Freeplayer" = Freeplayer
"GridVista" = Acer GridVista
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"HomePlayer" = HomePlayer 1.5.9d
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"IrfanView" = IrfanView (remove only)
"JMHL Loader" = JMHL Loader
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.0 Full
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 4.0 (x86 fr)" = Mozilla Firefox 4.0 (x86 fr)
"Mp3tag" = Mp3tag v2.42
"My Lockbox_is1" = My Lockbox 1.2 for Windows 2000/XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OnlineArmor_is1" = Online Armor 4.5
"Personal Printing Guide" = Canon Guide d'impression personnelle
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SecondLife" = SecondLife (remove only)
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Software Guide" = Canon DIGITAL CAMERA Solution Disk - Guide d'utilisation des logiciels
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR
"WordWeb" = WordWeb
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-160463765-1735941628-721991443-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/03/2011 07:10:55 | Computer Name = crazylo | Source = LoadPerf | ID = 3012
Description =

Error - 18/03/2011 07:10:55 | Computer Name = crazylo | Source = LoadPerf | ID = 3012
Description =

Error - 18/03/2011 07:10:55 | Computer Name = crazylo | Source = LoadPerf | ID = 3011
Description =

Error - 22/03/2011 13:48:42 | Computer Name = crazylo | Source = VSS | ID = 8193
Description =

Error - 22/03/2011 14:02:04 | Computer Name = crazylo | Source = LoadPerf | ID = 3012
Description =

Error - 22/03/2011 14:02:05 | Computer Name = crazylo | Source = LoadPerf | ID = 3012
Description =

Error - 22/03/2011 14:02:05 | Computer Name = crazylo | Source = LoadPerf | ID = 3011
Description =

Error - 22/03/2011 14:44:45 | Computer Name = crazylo | Source = LoadPerf | ID = 3012
Description =

Error - 22/03/2011 14:44:46 | Computer Name = crazylo | Source = LoadPerf | ID = 3012
Description =

Error - 22/03/2011 14:44:46 | Computer Name = crazylo | Source = LoadPerf | ID = 3011
Description =

[ Media Center Events ]
Error - 31/10/2008 16:55:05 | Computer Name = crazylo | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.SqmFlushSession failed;
Win32 GetLastError returned 0D Processus : DefaultDomain Nom de l’objet : Media
Center Guide

Error - 31/10/2008 17:03:48 | Computer Name = crazylo | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

Error - 31/10/2008 17:04:33 | Computer Name = crazylo | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Processus : DefaultDomain Nom de l’objet : Media Center Guide

Error - 31/10/2008 17:05:00 | Computer Name = crazylo | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

Error - 17/11/2008 15:09:17 | Computer Name = crazylo | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Processus : DefaultDomain Nom de l’objet : Media Center Guide

Error - 22/12/2008 12:18:30 | Computer Name = crazylo | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.WaitForUploadComplete
failed. Please try to ping www.msn.com prior to filing a bug.; Win32 GetLastError
returned 10000109 Processus : DefaultDomain Nom de l’objet : Media Center Guide

Error - 24/12/2008 05:46:57 | Computer Name = crazylo | Source = Media Center Guide | ID = 0
Description = Info sur l’événement : ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Processus : DefaultDomain Nom de l’objet : Media
Center Guide

[ OSession Events ]
Error - 25/06/2010 17:08:25 | Computer Name = crazylo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4260
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 13/12/2008 07:35:30 | Computer Name = crazylo | Source = Service Control Manager | ID = 7000
Description =

Error - 15/12/2008 12:34:40 | Computer Name = crazylo | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 13:01:38 le 13/12/2008 n'était pas prévu.

Error - 15/12/2008 12:35:02 | Computer Name = crazylo | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 15/12/2008 12:35:03 | Computer Name = crazylo | Source = HTTP | ID = 15016
Description =

Error - 15/12/2008 12:35:06 | Computer Name = crazylo | Source = Print | ID = 54
Description = Le document http://annonces-gratuites.i... n’a pas pu être imprimé
et il a été supprimé car le fichier mis en file d’attente est endommagé. Le pilote
associé est : hp psc 1200 series. Réessayez d’imprimer le document.

Error - 15/12/2008 12:35:23 | Computer Name = crazylo | Source = Service Control Manager | ID = 7000
Description =

Error - 15/12/2008 19:31:18 | Computer Name = crazylo | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 00:29:11 le 16/12/2008 n'était pas prévu.

Error - 15/12/2008 19:31:38 | Computer Name = crazylo | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 15/12/2008 19:31:39 | Computer Name = crazylo | Source = HTTP | ID = 15016
Description =

Error - 15/12/2008 19:32:01 | Computer Name = crazylo | Source = Service Control Manager | ID = 7000
Description =


< End of report >

[Laurent3131]

Merci par avance

[Laurent3131]

up

[nickW]

Bonsoir,

Important: Peux-tu envoyer sur le forum le rapport de ComboFix (contenu du fichier %SystemDrive%\ComboFix.txt)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]



Premiers nettoyages:


Étape 1: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Tous les programmes---->Accessoires---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C
Très important: Ne pas utiliser l'option TOUT SÉLECTIONNER du forum (qui ajoute des caractères parasites).

Code: Tout sélectionner

rien

:otl
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "chrome://browser-region/locale/region.properties"
O33 - MountPoints2\{962943b4-3d75-11de-a7b9-001e68e237e8}\Shell\AutoRun\command - "" = cb.exe
O33 - MountPoints2\{962943b4-3d75-11de-a7b9-001e68e237e8}\Shell\open\Command - "" = cb.exe

:Files
C:\32788R22FWJFW
C:\Windows\tasks\At*.job
C:\ProgramData\nvModes.001
C:\ProgramData\nvModes.dat
C:\Users\Lorenz du web\AppData\Roaming\netsvcss.exe
C:\Users\Lorenz du web\AppData\Roaming\netsvc.exe
C:\Users\Lorenz du web\AppData\Roaming\rervices.exe
C:\Windows\System32\usbsvc.exe
C:\Users\Lorenz du web\AppData\Roaming\dkfjasdfshd.bat

:Commands
[emptytemp]




Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: Laurent3131.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:



Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":



Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection":

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: Pas de processus de contrôle en temps réel
Si le PC a redémarré, et si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 5: OTL (de OldTimer), correction

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:


Cliquer sur le bouton Correction:

Il y a ouverture d'une petite fenêtre "OTL":

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation"

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction:

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:


Cocher (en haut) la case située devant Tous les utilisateurs:

Puis cliquer sur le bouton Analyse:

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 8: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier %SystemDrive%\Users\<tonprofil>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-**-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,

[Laurent3131]

je n'ai pas retrouvé le fichier combofix car celui ci avait beugué avant la fin des correction


OTL
je fais correction et insére le fichier fix.txt avec le texte

mais otl bloque
je ne peut pas recliquer ensuite sur correction

[Laurent3131]

en fait la correction fonctionnne seulement si je fais un copier coller directements dans la fenetre personalisation

voici le rapport d analyse

OTL logfile created on: 27/03/2011 20:46:57 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Lorenz du web\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 93,43 Gb Free Space | 64,86% Space Free | Partition Type: NTFS
Drive D: | 144,04 Gb Total Space | 80,94 Gb Free Space | 56,19% Space Free | Partition Type: NTFS

Computer Name: CRAZYLO | User Name: Lorenz du web | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/27 20:15:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lorenz du web\Desktop\OTL.exe
PRC - [2011/03/18 19:58:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/27 15:22:00 | 002,356,848 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oaui.exe
PRC - [2010/08/27 15:21:58 | 003,638,240 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\oasrv.exe
PRC - [2010/08/27 15:21:58 | 000,969,944 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAhlp.exe
PRC - [2010/08/27 15:21:58 | 000,432,344 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAreg.exe
PRC - [2010/08/27 15:21:56 | 000,380,272 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAcat.exe
PRC - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009/12/11 00:03:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/11/09 00:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2009/07/13 23:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/04/01 15:46:04 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/03 04:38:13 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2009/03/02 13:09:54 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/03/02 13:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/30 17:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008/05/20 12:06:00 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/11/06 22:58:20 | 000,294,912 | ---- | M] () -- C:\Program Files\HomePlayer\HomePlayer.exe
PRC - [2007/05/31 09:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe


========== Modules (SafeList) ==========

MOD - [2011/03/27 20:15:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lorenz du web\Desktop\OTL.exe
MOD - [2010/08/31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2010/08/27 15:22:02 | 001,087,400 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Online Armor\OAwatch.dll
MOD - [2008/11/13 17:23:00 | 000,612,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
MOD - [2008/01/21 04:25:01 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2008/01/21 04:24:47 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2008/01/21 04:24:46 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2008/01/21 04:24:35 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2008/01/21 04:24:02 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2008/01/21 04:23:45 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/27 15:21:58 | 003,638,240 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2010/08/27 15:21:56 | 000,380,272 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Online Armor\OAcat.exe -- (OAcat)
SRV - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/12/11 00:03:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/07/13 23:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/04/01 15:46:04 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/03/02 13:09:54 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2010/08/27 15:22:36 | 000,038,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2010/08/27 15:22:16 | 000,029,120 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)
DRV - [2010/08/27 15:22:16 | 000,025,000 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/08/27 15:22:14 | 000,201,168 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/12 06:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009/11/11 16:11:30 | 000,181,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/08/04 18:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009/06/29 01:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009/06/17 10:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 10:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/24 16:07:58 | 000,055,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/02/13 12:49:30 | 000,028,376 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/14 18:46:04 | 000,077,824 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2008/12/10 16:56:26 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/11/13 17:23:00 | 007,580,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/30 13:44:42 | 000,146,944 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2008/05/26 15:13:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/03/27 09:06:59 | 000,542,976 | ---- | M] (LiteOn) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)
DRV - [2007/12/16 17:57:20 | 000,075,776 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2007/12/13 21:13:02 | 000,017,264 | ---- | M] (FSPro Labs) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\DRIVERS\MPRIFL.SYS -- (MPRIFL)
DRV - [2007/03/28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_7530g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_7530g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://homepage.acer.com/rdr.aspx?b=ACA ... pire_7530g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/firefox"
FF - prefs.js..extensions.enabledItems: gazopa@hitachi.com:0.13
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.4
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: tineye@ideeinc.com:1.1
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: "resource:/browserconfig.properties"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/22 20:05:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/22 20:05:42 | 000,000,000 | ---D | M]

[2008/11/05 18:50:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Extensions
[2011/03/23 13:04:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions
[2010/08/27 20:04:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/30 16:06:07 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2011/03/12 04:29:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/03/12 04:29:35 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2011/03/12 04:29:41 | 000,000,000 | ---D | M] ("Flash Video Downloader (Youtube Downloader)") -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\artur.dubovoy@gmail.com
[2011/03/12 17:12:21 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\foxyproxy@eric.h.jung
[2011/02/01 23:49:41 | 000,000,000 | ---D | M] (GazoPa Similar Image Search) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\gazopa@hitachi.com
[2011/03/12 04:29:40 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\personas@christopher.beard
[2010/01/17 05:39:16 | 000,000,000 | ---D | M] (Save Session) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\savesession@noasobi.net
[2011/03/12 04:29:39 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\SkipScreen@SkipScreen
[2011/03/12 04:29:35 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Lorenz du web\AppData\Roaming\mozilla\Firefox\Profiles\2hl3ezz5.default\extensions\tineye@ideeinc.com
[2011/01/01 21:50:16 | 000,001,992 | ---- | M] () -- C:\Users\Lorenz du web\AppData\Roaming\Mozilla\Firefox\Profiles\2hl3ezz5.default\searchplugins\hotfilesearch.xml
[2011/03/22 20:05:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/03/17 18:56:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\LORENZ DU WEB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2HL3EZZ5.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2011/03/18 19:58:47 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/17 18:56:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 10:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2011/02/28 18:00:12 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 10:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 10:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/01/01 10:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 10:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HomePlayer] C:\Program Files\HomePlayer\HomePlayer.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - Startup: C:\Users\Lorenz du web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/ms ... b56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messenger ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Lorenz du web\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lorenz du web\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\PROGRA~1\Online Armor\oaevent.dll (Emsi Software GmbH)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{43625bb8-9e26-11dd-a134-001e68e237e8}\Shell - "" = AutoRun
O33 - MountPoints2\{43625bb8-9e26-11dd-a134-001e68e237e8}\Shell\AutoRun\command - "" = F:\cdstart.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/27 20:24:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/27 20:15:08 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Lorenz du web\Desktop\OTL.exe
[2011/03/22 20:23:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/22 20:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/03/22 20:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/22 13:15:14 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/03/21 01:26:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/20 14:42:36 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\Desktop\freeboxV6_valid.pl_fichiers
[2011/03/17 18:56:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/17 18:56:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/17 18:56:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/14 13:20:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/03/14 02:28:23 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\Desktop\banque postale
[2011/03/14 02:25:55 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\Desktop\divers
[2011/03/12 02:29:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/12 02:28:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/03/12 02:27:43 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/03/12 02:27:43 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/03/12 02:27:43 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/03/12 02:27:42 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/03/12 02:27:42 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/03/12 02:27:40 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/03/12 02:27:40 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/03/12 02:27:40 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/03/12 02:27:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/03/12 02:27:39 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/03/12 02:27:36 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/03/12 02:27:36 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/03/12 02:27:36 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/03/12 02:27:36 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/03/12 02:27:36 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/03/12 02:26:24 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/03/12 02:26:24 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/03/12 02:26:24 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/03/12 02:26:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/03/12 02:26:24 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/03/12 02:26:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/03/12 02:26:23 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/03/12 02:26:23 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/03/12 02:26:22 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/03/12 02:26:21 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/03/12 02:26:20 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/03/12 02:26:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/03/12 02:26:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/03/12 02:26:19 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/03/12 02:26:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/03/12 02:26:18 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/03/12 02:26:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/03/12 02:26:05 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/03/12 02:26:05 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011/03/12 02:26:05 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/03/12 02:26:05 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011/03/12 02:26:01 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/03/12 02:26:00 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/03/12 02:25:58 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/03/12 02:25:58 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/03/12 02:25:58 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/03/12 02:25:55 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/03/12 02:25:55 | 003,550,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/03/12 02:25:48 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/03/12 02:25:46 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/03/12 02:25:45 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/03/12 02:25:42 | 002,038,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/03/12 02:25:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/03/12 02:24:41 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/03/12 02:24:41 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/03/12 02:24:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/03/09 02:04:44 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Lorenz du web\Desktop\HiJackThis.exe
[2011/03/03 01:00:08 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\Desktop\nouvelles preuves
[2011/02/28 18:00:28 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011/02/28 18:00:10 | 000,000,000 | ---D | C] -- C:\Users\Lorenz du web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JMHL Loader
[2011/02/28 18:00:09 | 000,000,000 | ---D | C] -- C:\Program Files\JMHL Loader
[2011/02/28 01:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celestia
[2011/02/28 01:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Celestia
[2008/07/22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[Laurent3131]

========== Files - Modified Within 30 Days ==========

[2011/03/27 20:45:43 | 027,103,290 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/03/27 20:45:43 | 009,411,080 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/03/27 20:45:42 | 008,886,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/27 20:45:41 | 008,070,888 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/27 20:43:57 | 000,028,599 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/03/27 20:41:10 | 000,028,599 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/03/27 20:38:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/27 20:38:08 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/27 20:38:05 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2011/03/27 20:15:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Lorenz du web\Desktop\OTL.exe
[2011/03/24 21:22:09 | 000,468,027 | ---- | M] () -- C:\Users\Lorenz du web\Desktop\TarifsRésumé_Part_FM_noirETblanc.pdf
[2011/03/23 00:33:04 | 000,192,485 | ---- | M] () -- C:\Users\Lorenz du web\Desktop\PECV_ouverture_2011.pdf
[2011/03/22 20:22:36 | 000,000,917 | ---- | M] () -- C:\Users\Lorenz du web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/22 20:05:45 | 000,000,874 | ---- | M] () -- C:\Users\Lorenz du web\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/22 20:05:44 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/20 14:42:37 | 000,020,285 | ---- | M] () -- C:\Users\Lorenz du web\Desktop\freeboxV6_valid.pl.htm
[2011/03/17 18:56:28 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/03/17 18:56:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/03/17 18:56:28 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/17 18:56:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/03/12 19:46:08 | 000,014,140 | ---- | M] () -- C:\Users\Lorenz du web\.recently-used.xbel
[2011/03/12 15:18:22 | 000,296,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/11 17:56:28 | 004,285,785 | ---- | M] () -- C:\Users\Lorenz du web\Desktop\ComboFix.exe
[2011/03/09 02:04:46 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Lorenz du web\Desktop\HiJackThis.exe
[2011/03/05 02:27:58 | 000,103,837 | ---- | M] () -- C:\Users\Lorenz du web\a786a84826cad0f158139584feb29f25.flv
[2011/02/26 16:06:36 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

========== Files Created - No Company Name ==========

[2011/03/27 20:41:06 | 000,028,599 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/03/27 20:41:04 | 000,028,599 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2011/03/26 13:58:37 | 001,503,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\usbsvc.exe
[2011/03/24 21:22:08 | 000,468,027 | ---- | C] () -- C:\Users\Lorenz du web\Desktop\TarifsRésumé_Part_FM_noirETblanc.pdf
[2011/03/23 00:33:04 | 000,192,485 | ---- | C] () -- C:\Users\Lorenz du web\Desktop\PECV_ouverture_2011.pdf
[2011/03/22 20:22:36 | 000,000,917 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/22 20:05:44 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/20 14:42:36 | 000,020,285 | ---- | C] () -- C:\Users\Lorenz du web\Desktop\freeboxV6_valid.pl.htm
[2011/03/12 19:46:08 | 000,014,140 | ---- | C] () -- C:\Users\Lorenz du web\.recently-used.xbel
[2011/03/12 19:40:04 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/03/12 02:27:37 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/12 02:27:37 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/12 02:27:37 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/03/11 17:56:16 | 004,285,785 | ---- | C] () -- C:\Users\Lorenz du web\Desktop\ComboFix.exe
[2011/03/05 02:27:58 | 000,103,837 | ---- | C] () -- C:\Users\Lorenz du web\a786a84826cad0f158139584feb29f25.flv
[2011/02/05 01:32:48 | 000,065,536 | ---- | C] () -- C:\Windows\TADSUINS.EXE
[2010/10/31 01:07:05 | 000,000,029 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Roaming\boot.bat
[2010/10/31 01:07:01 | 000,000,006 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Roaming\start
[2010/10/25 13:41:45 | 000,000,000 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Roaming\wklnhst.dat
[2010/09/01 21:35:06 | 000,201,168 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2010/09/01 21:35:06 | 000,038,856 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2010/05/29 23:10:45 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010/03/09 17:28:32 | 000,000,021 | ---- | C] () -- C:\Windows\kit.ini
[2010/03/06 02:29:46 | 000,147,456 | R--- | C] () -- C:\Windows\System32\pppoe32.dll
[2009/11/23 18:03:47 | 000,093,000 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/10/27 21:14:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2009/10/02 18:03:28 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2009/08/14 22:56:08 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/28 03:59:38 | 000,000,702 | ---- | C] () -- C:\Windows\NewsRover.INI
[2009/04/19 21:08:02 | 000,040,715 | ---- | C] () -- C:\Windows\4ormulatorVE.ini
[2009/03/14 18:06:05 | 000,000,004 | ---- | C] () -- C:\Windows\System32\vm.exe
[2009/02/28 13:47:28 | 000,010,281 | ---- | C] () -- C:\Windows\wclock.ini
[2008/12/30 02:38:33 | 000,000,063 | ---- | C] () -- C:\Windows\yesmessenger.ini
[2008/11/06 19:15:06 | 000,000,137 | ---- | C] () -- C:\Windows\oports.INI
[2008/10/26 17:40:30 | 000,000,230 | ---- | C] () -- C:\Windows\wininit.ini
[2008/10/24 03:46:18 | 005,480,452 | ---- | C] () -- C:\ProgramData\2-4-03.mpg
[2008/10/21 02:00:36 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008/10/21 02:00:03 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/10/21 02:00:02 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/10/21 02:00:00 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/21 01:59:54 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/10/20 14:07:21 | 000,002,032 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Local\d3d9caps.dat
[2008/10/19 03:16:51 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/10/19 03:16:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/10/18 23:24:33 | 000,244,224 | ---- | C] () -- C:\Users\Lorenz du web\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/17 22:38:31 | 000,000,550 | ---- | C] () -- C:\Windows\mozver.dat
[2008/10/17 22:33:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/08 15:08:44 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/09/08 15:08:44 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2008/09/08 15:08:44 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/08/14 04:25:02 | 000,129,604 | ---- | C] () -- C:\Windows\Set_Resolution_2.0.exe
[2008/04/01 19:26:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008/04/01 19:26:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008/04/01 19:03:52 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008/04/01 18:49:19 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2008/04/01 18:49:19 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2008/04/01 18:49:19 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008/01/21 10:40:50 | 027,103,290 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2008/01/21 10:40:50 | 009,411,080 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2008/01/21 10:40:50 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2008/01/21 10:40:50 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 14:57:28 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,296,128 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 008,886,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 008,070,888 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:8173A019

< End of report >