problemes aves security phere 2012

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

problemes aves security phere 2012

Messagede 360panos » 23 Oct 2011, 11:50

Bonjour,
J'ai été infecté par security sphere 2012 en allant sur le bon coin
depuis en tentant de m'en sortir, j'ai l'impression que j'ai encore dégradé la situation en installant puis desinstallation spy hunter

j'ai suivi a la lettre votre procédure et j'espère que ca va passer, votre aide me sera utile et appréciée

voici le contenu du log mbam-log-2011-10-23 (12-03-34).txt:

Malwarebytes' Anti-Malware 1.51.2.1300
http://www.malwarebytes.org

Version de la base de données: 8004

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23/10/2011 12:04:11
mbam-log-2011-10-23 (12-03-34).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 188586
Temps écoulé: 35 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jC32111EmJiG32111 (Rogue.RemovalTool.M) -> Value: jC32111EmJiG32111 -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\programdata\Carbon (Stolen.Data) -> No action taken.
c:\programdata\jc32111emjig32111\jc32111emjig32111.exe (Rogue.RemovalTool.M) -> No action taken.
__________________________________________

je vais poursuivre maintenant la suite de votre procédure
360panos
 
Messages: 8
Inscription: 23 Oct 2011, 11:41

Re: problemes aves security phere 2012

Messagede 360panos » 23 Oct 2011, 11:55

début du fichier OTL.txt

OTL logfile created on: 23/10/2011 12:10:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Christian\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

15,98 Gb Total Physical Memory | 13,71 Gb Available Physical Memory | 85,83% Memory free
31,95 Gb Paging File | 29,55 Gb Available in Paging File | 92,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 97,93 Gb Free Space | 42,05% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1587,83 Gb Free Space | 85,23% Space Free | Partition Type: NTFS
Drive H: | 1862,92 Gb Total Space | 1800,69 Gb Free Space | 96,66% Space Free | Partition Type: NTFS

Computer Name: PC_APPART | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/23 11:37:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2011/09/10 11:12:52 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/12/02 04:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/03 11:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
PRC - [2010/10/21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/17 18:38:13 | 008,522,400 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/10 11:12:52 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/02 04:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/11/03 11:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2010/10/27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/10/21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/11/22 09:09:06 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/10/27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/10/27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/10/27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/10/27 15:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010/10/27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/10/27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/10/26 05:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/08/17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel(R) Watchdog Timer Driver (Intel(R) WDT)
DRV:64bit: - [2010/08/10 11:29:15 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4






IE - HKU\S-1-5-21-3421002263-2182283910-677782048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3421002263-2182283910-677782048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3421002263-2182283910-677782048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3421002263-2182283910-677782048-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E DF 39 02 2C 64 CC 01 [binary data]
IE - HKU\S-1-5-21-3421002263-2182283910-677782048-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-3421002263-2182283910-677782048-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3421002263-2182283910-677782048-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/28 10:19:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/10/08 22:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/10 11:12:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/09/03 21:57:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/28 10:19:28 | 000,000,000 | ---D | M]

[2011/08/26 22:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2011/10/19 20:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions
[2011/09/23 22:16:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/09/23 22:16:12 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/10/19 20:49:12 | 000,000,000 | ---D | M] (FbxRev_downloader) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions\FbxRev_downloader@vincent-at-waouh.net
[2011/08/28 21:39:21 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions\ffxtlbr@Facemoods.com
[2011/08/26 23:03:34 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2011/08/31 20:33:15 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions\support@predictad.com
[2011/08/28 21:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/28 21:42:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/09/10 11:12:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/12 06:52:47 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2011/08/12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/12 06:52:48 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/08/12 06:52:48 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011/08/28 21:45:01 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/08/12 06:52:48 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/08/12 06:52:48 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/10/23 10:43:25 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3421002263-2182283910-677782048-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3421002263-2182283910-677782048-1000..\RunOnce: [jC32111EmJiG32111] C:\ProgramData\jC32111EmJiG32111\jC32111EmJiG32111.exe ()
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 [2011/09/27 20:58:42 | 000,000,000 | ---D | M]
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0257D2E0-CE73-41BE-A962-08FA580A0C35}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50A6FCAD-E380-44E0-82E4-E34E4E40DBD8}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/23 10:43:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c856e348-d04c-11e0-846f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c856e348-d04c-11e0-846f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/10/23 11:53:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/23 11:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/23 11:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/10/23 11:42:13 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2011/10/23 11:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/23 11:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/23 11:41:44 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/23 11:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/23 11:40:36 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Christian\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/23 11:37:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011/10/23 11:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Martau
[2011/10/23 11:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Uninstall 5
[2011/10/23 10:43:17 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/10/23 10:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/10/22 22:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\jC32111EmJiG32111
[2011/10/22 19:04:48 | 000,000,000 | R--D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2011/10/21 22:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolor Panotour Pro 1.7
[2011/10/20 20:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolor Autopano Giga 2.5
[2011/10/18 22:03:12 | 000,000,000 | ---D | C] -- C:\Panini-Pro
[2011/10/15 10:13:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/10/15 10:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/10/15 10:12:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Notepad++
[2011/10/15 10:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2011/10/13 01:20:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/13 01:20:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 01:20:29 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/13 01:20:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 01:20:28 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/13 01:20:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 01:20:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 01:20:27 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/13 01:20:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/12 22:14:22 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/12 22:14:22 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/12 22:14:22 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/12 22:14:22 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/12 22:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/12 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Apple Computer
[2011/10/12 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Apple Computer
[2011/10/12 22:12:56 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/10/12 22:12:56 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/10/12 22:12:56 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/10/12 22:12:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/10/12 22:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/12 22:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/12 22:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/12 22:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/10/12 22:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/12 22:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/12 22:12:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/12 22:11:54 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/12 22:11:53 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/10 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\piw
[2011/10/09 22:07:33 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\piwigo
[2011/10/08 22:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/10/08 22:13:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\Adobe Flash Builder 4
[2011/10/08 22:12:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2011/10/08 22:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2011/10/08 22:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/10/08 22:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
[2011/10/08 21:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2011/10/08 21:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/10/08 21:48:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/07 23:57:41 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\SWiSH Max4 FRA
[2011/10/07 23:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWiSH Max4
[2011/10/07 23:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LameACM
[2011/10/07 23:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LameACM
[2011/10/07 23:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWiSHzone.com
[2011/10/07 23:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SWiSH Max4
[2011/10/03 21:57:12 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\XnConvert
[2011/10/03 21:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnConvert
[2011/10/03 21:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\XnConvert
[2011/09/27 20:58:42 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\3
[2011/09/23 16:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolor Panotour Pro 1.6
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/23 12:11:30 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/10/23 11:47:31 | 000,001,104 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/23 11:46:16 | 000,000,924 | ---- | M] () -- C:\Users\Christian\Desktop\NTREGOPT.lnk
[2011/10/23 11:46:16 | 000,000,905 | ---- | M] () -- C:\Users\Christian\Desktop\ERUNT.lnk
[2011/10/23 11:41:47 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 11:40:56 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Christian\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/23 11:37:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011/10/23 11:15:10 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Total Uninstall 5.lnk
[2011/10/23 10:43:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/23 10:43:25 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/10/23 10:42:17 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/23 10:42:17 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/23 10:39:24 | 001,438,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/23 10:39:24 | 000,721,588 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/23 10:39:24 | 000,464,528 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/23 10:39:24 | 000,409,134 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/10/23 10:39:24 | 000,063,982 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/10/23 10:35:15 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2011/10/23 10:35:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/23 10:35:11 | 4276,695,038 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/21 22:59:51 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Kolor Panotour Pro 1.7.lnk
[2011/10/20 20:21:46 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Kolor Autopano Giga 2.5.lnk
[2011/10/18 22:03:12 | 000,000,874 | ---- | M] () -- C:\Users\Christian\Desktop\Panini-Pro b5.lnk
[2011/10/17 18:38:14 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/15 20:59:13 | 000,000,047 | ---- | M] () -- C:\Users\Christian\Desktop\.htaccess
[2011/10/15 10:13:00 | 000,001,059 | ---- | M] () -- C:\Users\Christian\Desktop\Notepad++.lnk
[2011/10/13 22:10:03 | 000,000,658 | ---- | M] () -- C:\Users\Christian\Desktop\chs.swf - Raccourci.lnk
[2011/10/13 20:35:16 | 000,001,193 | ---- | M] () -- C:\Users\Christian\Desktop\source CHS - Raccourci.lnk
[2011/10/13 17:55:55 | 000,000,016 | ---- | M] () -- C:\Users\Christian\Desktop\htacccess
[2011/10/13 17:46:27 | 005,043,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/12 22:47:46 | 000,015,590 | ---- | M] () -- C:\Users\Christian\Documents\Notes de mise à jour de l’iPad.rtf
[2011/10/12 22:32:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/10/12 22:12:59 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/09 23:26:01 | 000,007,974 | ---- | M] () -- C:\Users\Christian\Desktop\config.sql
[2011/10/09 23:25:53 | 000,001,795 | ---- | M] () -- C:\Users\Christian\Desktop\index.php
[2011/10/09 21:26:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbz.DAT
[2011/10/09 21:26:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2011/10/09 21:26:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbw.DAT
[2011/10/09 14:06:08 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2011/10/09 14:05:11 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/10/07 23:57:38 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\SWiSH Max4.lnk
[2011/10/06 22:36:00 | 000,000,600 | ---- | M] () -- C:\Users\Christian\winscp.RND
[2011/10/03 21:56:29 | 000,001,640 | ---- | M] () -- C:\Users\Christian\Desktop\XnConvert.lnk
[2011/09/23 16:40:30 | 000,001,035 | ---- | M] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Kolor Panotour Pro 1.6.lnk
[2011/09/23 16:40:30 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Kolor Panotour Pro 1.6.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/23 12:11:30 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/10/23 11:50:22 | 000,002,035 | ---- | C] () -- C:\Users\Christian\Desktop\NTREGOPT.LOC
[2011/10/23 11:49:39 | 000,004,613 | ---- | C] () -- C:\Users\Christian\Desktop\ERUNT.LOC
[2011/10/23 11:49:39 | 000,003,491 | ---- | C] () -- C:\Users\Christian\Desktop\ERDNTWIN.LOC
[2011/10/23 11:49:39 | 000,003,042 | ---- | C] () -- C:\Users\Christian\Desktop\ERDNTDOS.LOC
[2011/10/23 11:47:31 | 000,001,104 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/23 11:46:16 | 000,000,924 | ---- | C] () -- C:\Users\Christian\Desktop\NTREGOPT.lnk
[2011/10/23 11:46:16 | 000,000,905 | ---- | C] () -- C:\Users\Christian\Desktop\ERUNT.lnk
[2011/10/23 11:41:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 11:15:10 | 000,001,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 5.lnk
[2011/10/23 11:15:10 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Total Uninstall 5.lnk
[2011/10/23 10:43:25 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/10/21 22:59:51 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Kolor Panotour Pro 1.7.lnk
[2011/10/20 20:21:46 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Kolor Autopano Giga 2.5.lnk
[2011/10/18 22:03:12 | 000,000,874 | ---- | C] () -- C:\Users\Christian\Desktop\Panini-Pro b5.lnk
[2011/10/15 20:59:13 | 000,000,047 | ---- | C] () -- C:\Users\Christian\Desktop\.htaccess
[2011/10/15 10:13:00 | 000,001,059 | ---- | C] () -- C:\Users\Christian\Desktop\Notepad++.lnk
[2011/10/13 22:10:03 | 000,000,658 | ---- | C] () -- C:\Users\Christian\Desktop\chs.swf - Raccourci.lnk
[2011/10/13 20:35:16 | 000,001,193 | ---- | C] () -- C:\Users\Christian\Desktop\source CHS - Raccourci.lnk
[2011/10/13 17:54:36 | 000,000,016 | ---- | C] () -- C:\Users\Christian\Desktop\htacccess
[2011/10/12 22:47:46 | 000,015,590 | ---- | C] () -- C:\Users\Christian\Documents\Notes de mise à jour de l’iPad.rtf
[2011/10/12 22:32:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/10/12 22:12:59 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/09 23:26:00 | 000,007,974 | ---- | C] () -- C:\Users\Christian\Desktop\config.sql
[2011/10/09 23:25:53 | 000,001,795 | ---- | C] () -- C:\Users\Christian\Desktop\index.php
[2011/10/07 23:57:38 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\SWiSH Max4.lnk
[2011/10/03 21:56:29 | 000,001,640 | ---- | C] () -- C:\Users\Christian\Desktop\XnConvert.lnk
[2011/09/23 16:40:30 | 000,001,035 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Kolor Panotour Pro 1.6.lnk
[2011/09/09 16:54:54 | 000,000,132 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/31 22:31:41 | 000,001,456 | ---- | C] () -- C:\Users\Christian\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
[2011/08/29 22:24:59 | 001,062,960 | ---- | C] () -- C:\Windows\PE_File.dll
[2011/08/29 22:20:20 | 001,016,768 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2011/08/28 18:01:14 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll
[2011/08/28 17:55:47 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/08/28 17:55:43 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/08/28 10:11:42 | 000,231,680 | ---- | C] () -- C:\Windows\hpoins49.dat
[2011/08/27 23:00:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\CIOSupport
[2011/08/27 23:00:59 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Breath Pad
[2011/08/27 22:58:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2011/08/27 22:30:57 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Funk Animals
[2011/08/27 22:30:57 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fruit
[2011/08/27 22:30:57 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Frameworks
[2011/08/27 22:30:57 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Fonts
[2011/08/27 22:30:57 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Font Book
[2011/08/27 22:30:57 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Folder Actions Handlers
[2011/08/27 22:30:57 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbw.DAT
[2011/08/27 22:30:16 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2011/08/27 22:26:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011/08/27 21:41:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Breath Pad
[2011/08/27 21:41:56 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Bass Amp
[2011/08/27 21:41:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/08/27 21:35:55 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\CMMs
[2011/08/27 21:35:55 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\CIOSupport
[2011/08/27 21:35:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Channel
[2011/08/27 21:35:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Carbon
[2011/08/27 21:35:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Calibrators
[2011/08/27 21:35:55 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Bundle
[2011/08/27 21:35:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/08/27 21:35:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/08/27 21:35:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/08/27 00:31:29 | 000,456,672 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/26 23:53:16 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/26 21:50:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/08/26 21:49:55 | 000,030,859 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/08/03 07:21:24 | 000,014,464 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/04/23 10:51:58 | 000,001,241 | ---- | C] () -- C:\Windows\hpomdl49.dat
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/01/04 07:34:42 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
360panos
 
Messages: 8
Inscription: 23 Oct 2011, 11:41

Re: problemes aves security phere 2012

Messagede 360panos » 23 Oct 2011, 11:56

OTL.txt fin du fichier


========== LOP Check ==========

[2011/10/08 21:48:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/30 17:55:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\com.adobe.dmp.contentviewer
[2011/08/30 21:37:06 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DxO Labs
[2011/10/16 00:04:29 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FileZilla
[2011/08/27 23:49:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\GardenGnomeSoftware
[2011/09/11 19:41:15 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ImmerVision
[2011/09/03 18:05:58 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\inkscape
[2011/09/06 21:20:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\kompozer.net
[2011/08/27 22:30:59 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Nikon
[2011/10/15 10:17:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Notepad++
[2011/08/30 21:05:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Oloneo
[2011/08/30 21:30:22 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PACE Anti-Piracy
[2011/10/07 23:57:42 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\SWiSH Max4 FRA
[2011/08/27 23:39:46 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Thunderbird
[2011/08/31 20:33:26 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\VDownloader
[2011/10/03 21:57:12 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\XnConvert
[2011/10/07 07:25:51 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2009/07/14 03:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\SysNative\ctfmon.exe
[2009/07/14 03:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\SysWOW64\ctfmon.exe
[2009/07/14 03:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTOR.SYS >
[2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/08/29 04:22:51 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011/08/29 04:22:51 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011/09/01 04:33:10 | 009,704,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2010/11/20 14:19:56 | 001,236,992 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msxml3.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 1281 bytes -> C:\ProgramData\Microsoft:3D6SicDb91xH4mu2kElI7nn
@Alternate Data Stream - 1267 bytes -> C:\ProgramData\Microsoft:O1KOuYjgiq43mZUAHFWo7MU8
@Alternate Data Stream - 1256 bytes -> C:\Users\Christian\AppData\Local\Temp:OzSw9JF1UxvmxHiQlhBzpZZJpTQ2
@Alternate Data Stream - 1239 bytes -> C:\Users\Christian\AppData\Local\Temp:xCc40gvmjbCiZhmkHSuC
@Alternate Data Stream - 1174 bytes -> C:\Users\Christian\AppData\Local\zYSGiRF9:fRqysb8PUSREGdjaeahPIG7hnM
@Alternate Data Stream - 1074 bytes -> C:\Program Files (x86)\Common Files\System:HQFskiWPrWYsn0hZ2ITnaPlua2

< End of report >
360panos
 
Messages: 8
Inscription: 23 Oct 2011, 11:41

Re: problemes aves security phere 2012

Messagede 360panos » 23 Oct 2011, 11:57

Fichier extras.txt :

OTL Extras logfile created on: 23/10/2011 12:10:15 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Christian\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

15,98 Gb Total Physical Memory | 13,71 Gb Available Physical Memory | 85,83% Memory free
31,95 Gb Paging File | 29,55 Gb Available in Paging File | 92,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 97,93 Gb Free Space | 42,05% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1587,83 Gb Free Space | 85,23% Space Free | Partition Type: NTFS
Drive H: | 1862,92 Gb Total Space | 1800,69 Gb Free Space | 96,66% Space Free | Partition Type: NTFS

Computer Name: PC_APPART | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3421002263-2182283910-677782048-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}" = Microsoft Antimalware Service FR-FR Language Pack
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4E484899-4F93-4086-88BA-56BDDF47A776}" = HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pilote vidéo Pinnacle
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client FR-FR Language Pack
"{EDD77481-AE13-4849-B120-AF1ABCE8737E}" = Microsoft Camera Codec Pack
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AutopanoGiga2.5" = Kolor Autopano Giga 2.5
"AutopanoGiga2.6" = Kolor Autopano Giga 2.6
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Oloneo PhotoEngine" = Oloneo PhotoEngine
"Panotour Pro 1.6" = Kolor Panotour Pro 1.6
"Panotour Pro 1.7" = Kolor Panotour Pro 1.7
"PanotourPro15" = Kolor Panotour Pro 1.5
"PROSetDX" = Intel(R) Network Connections 15.6.25.0
"XnConvert_is1" = XnConvert 1.10

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18F7C517-4870-4b6a-93E0-09CB4AC4FFB7}" = NKRemote
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E4763D3-A605-44ED-82D6-5908B4E027EE}" = Adobe Photoshop Lightroom 3.5 RC
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{582BA1F1-FAB4-41AD-A5E3-4A9535343461}" = PS_AIO_07_C310_SW_Min
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730807CC-8D94-486C-9DFC-E242A423B918}" = DxO FilmPack 3
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8147EEAA-532E-B929-5159-C629DE2BF87F}" = Adobe Story
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A20A58C4-6784-4B4B-86CC-94E2E3671036}" = Nero 7 Premium
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.10.509.2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1 - Français
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B2670B9D-A2D7-425B-83ED-728767906D04}" = DxO Optics Pro 6
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D709005F-D8DC-42A8-8435-5AE880ECAF82}" = ASUS PC Diagnostics
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE651900-D014-482F-AEBC-2928F57D1FB0}" = C310
"{FE96C49B-DB90-405E-A00E-09E38372F880}" = Camera Control Pro 2
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutocompletePro3_is1" = AutocompletePro
"Capture NX 2" = Capture NX 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"ERUNT_is1" = ERUNT 1.1j
"facemoods" = Facemoods Toolbar
"FileZilla Client" = FileZilla Client 3.5.1
"Inkscape" = Inkscape 0.48.2
"LameACM" = LameACM
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Marvell Miniport Driver" = Marvell Miniport Driver
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 6.0.2 (x86 fr)" = Mozilla Firefox 6.0.2 (x86 fr)
"Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0)
"Notepad++" = Notepad++
"Object2VR" = Object2VR - Garden Gnome Software
"Pano2VR" = Pano2VR - Garden Gnome Software
"PPFW" = PURE Player for Windows
"PURE Screensaver" = PURE Screensaver
"SWiSH Max4" = SWiSH Max4
"Total Uninstall 5_is1" = Total Uninstall 5.10.1
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/10/2011 15:55:15 | Computer Name = PC_APPART | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 21/10/2011 16:09:20 | Computer Name = PC_APPART | Source = SideBySide | ID = 16842824
Description = La création du contexte d’activation a échoué pour « c:\program files\microsoft
security client\MSESysprep.dll ». Erreur dans le fichier de manifeste ou de stratégie
« c:\program files\microsoft security client\MSESysprep.dll » à la ligne 10. L’élément
imaging apparaît comme un enfant de l’élément urn:schemas-microsoft-com:asm.v1^assembly ;
cette situation n’est pas prise en charge par cette version de Windows.

Error - 21/10/2011 16:46:31 | Computer Name = PC_APPART | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 22/10/2011 13:09:19 | Computer Name = PC_APPART | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 22/10/2011 13:23:14 | Computer Name = PC_APPART | Source = SideBySide | ID = 16842824
Description = La création du contexte d’activation a échoué pour « c:\program files\microsoft
security client\MSESysprep.dll ». Erreur dans le fichier de manifeste ou de stratégie
« c:\program files\microsoft security client\MSESysprep.dll » à la ligne 10. L’élément
imaging apparaît comme un enfant de l’élément urn:schemas-microsoft-com:asm.v1^assembly ;
cette situation n’est pas prise en charge par cette version de Windows.

Error - 22/10/2011 19:47:45 | Computer Name = PC_APPART | Source = SideBySide | ID = 16842824
Description = La création du contexte d’activation a échoué pour « c:\program files\microsoft
security client\MSESysprep.dll ». Erreur dans le fichier de manifeste ou de stratégie
« c:\program files\microsoft security client\MSESysprep.dll » à la ligne 10. L’élément
imaging apparaît comme un enfant de l’élément urn:schemas-microsoft-com:asm.v1^assembly ;
cette situation n’est pas prise en charge par cette version de Windows.

Error - 23/10/2011 04:39:24 | Computer Name = PC_APPART | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 23/10/2011 05:16:37 | Computer Name = PC_APPART | Source = MsiInstaller | ID = 11721
Description =

Error - 23/10/2011 05:16:50 | Computer Name = PC_APPART | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Impossible de redémarrer l’application ou le service « SpyHunter 4
Service ».

Error - 23/10/2011 06:11:26 | Computer Name = PC_APPART | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Les services de chiffrement ont échoué lors du traitement de l’appel
OnIdentity() dans l’objet System Writer. Details: AddLegacyDriverFiles: Unable to
back up image of binary esgiguard. System Error: Le fichier spécifié est introuvable.
.

[ Media Center Events ]
Error - 16/10/2011 10:43:43 | Computer Name = PC_APPART | Source = MCUpdate | ID = 0
Description = 16:43:42 - Erreur de connexion à Internet. 16:43:43 - Impossible
de contacter le service..

Error - 16/10/2011 10:43:50 | Computer Name = PC_APPART | Source = MCUpdate | ID = 0
Description = 16:43:48 - Erreur de connexion à Internet. 16:43:48 - Impossible
de contacter le service..

[ System Events ]
Error - 23/10/2011 04:35:14 | Computer Name = PC_APPART | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error - 23/10/2011 04:35:15 | Computer Name = PC_APPART | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error - 23/10/2011 04:35:18 | Computer Name = PC_APPART | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error - 23/10/2011 04:35:18 | Computer Name = PC_APPART | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error - 23/10/2011 04:35:21 | Computer Name = PC_APPART | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error - 23/10/2011 04:35:21 | Computer Name = PC_APPART | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Une erreur s’est produite lors de la lecture du fichier d’hôtes local.

Error - 23/10/2011 04:36:45 | Computer Name = PC_APPART | Source = DCOM | ID = 10010
Description =

Error - 23/10/2011 04:41:02 | Computer Name = PC_APPART | Source = Service Control Manager | ID = 7034
Description = Le service hpqcxs08 s’est terminé de façon inattendue pour la 1ème
fois.

Error - 23/10/2011 04:41:02 | Computer Name = PC_APPART | Source = Service Control Manager | ID = 7034
Description = Le service Service HP CUE DeviceDiscovery s’est terminé de façon inattendue
pour la 1ème fois.

Error - 23/10/2011 05:16:50 | Computer Name = PC_APPART | Source = Service Control Manager | ID = 7000
Description = Le service SpyHunter 4 Service n’a pas pu démarrer en raison de l’erreur :
%%2


< End of report >
360panos
 
Messages: 8
Inscription: 23 Oct 2011, 11:41

Re: problemes aves security phere 2012

Messagede nickW » 24 Oct 2011, 01:01

Bonsoir,

Premiers essais de nettoyage:


Étape 1: Téléchargement des outils

1/ Soit tu as accès à un autre PC "sain" qui te permettra de télécharger les outils ci-dessous (puis de les transférer via une clé USB)

2/ Soit tu fais redémarrer le PC en mode sans échec avec prise en charge réseau pour les télécharger
http://windows.microsoft.com/fr-FR/wind ... -safe-mode

Tous ces fichiers doivent être enregistrés sur le Bureau.

exeHelper:
http://www.raktor.net/exeHelper/exeHelper.com
RKill:
Lien 1
Lien 2




Il faut faire démarrer le PC en mode sans échec avec prise en charge réseau.
http://windows.microsoft.com/fr-FR/wind ... -safe-mode


Étape 2: exeHelper (de Raktor)
Faire un double clic sur exeHelper.com pour lancer l'outil.
Une fenêtre à fond noir va s'ouvrir.
Appuyer sur une touche quelconque lorsque cela sera demandé pour fermer l'outil.
Note importante:
Si dans la fenêtre s'affiche(nt) un(des) message(s) "Error deleting file", re-lancer l'outil une seconde fois (le fichier rapport contiendra alors le résultat de ces deux exécutions du programme).

Si et seulement si exeHelper ne fonctionne pas (même au second lancement), faire ceci:
Étape 2bis: rkill (de Grinler), exécution
Faire un clic droit sur le fichier rkill.scr téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.[/color]

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, essayer d'utiliser le fichier rkill.com

Ne pas faire redémarrer le PC.


Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: Redémarrage
Si ce n'est déjà fait, faire redémarrer le PC en mode normal.


Étape 5: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de exeHelper (contenu du fichier exehelperlog.txt situé sur le Bureau).
*- si présent, le rapport de rkill (contenu du fichier rkill.log situé dans le dossier %SystemDrive%\)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier %SystemDrive%\Users\<tonprofil>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-**-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas
*- de
décrire les symptômes d'infection
*- de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation de ces symptômes d'infection.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: problemes aves security phere 2012

Messagede 360panos » 24 Oct 2011, 13:03

Je sens que l'on touche au but ;-)

voici le fichier exehelperlog.txt:

exeHelper by Raktor
Build 20100414
Run at 13:46:14 on 10/24/11
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Pas eu besoin de rkill
360panos
 
Messages: 8
Inscription: 23 Oct 2011, 11:41

Re: problemes aves security phere 2012

Messagede 360panos » 24 Oct 2011, 13:35

curieusement il semble que malwarebytes n'a pas créé le fichier de log (pas été foutu de le retrouver... )

pour le OTL.txt voici le contenu:


OTL logfile created on: 24/10/2011 13:56:28 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Christian\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

15,98 Gb Total Physical Memory | 14,07 Gb Available Physical Memory | 88,05% Memory free
31,95 Gb Paging File | 29,86 Gb Available in Paging File | 93,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 96,80 Gb Free Space | 41,57% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1580,59 Gb Free Space | 84,84% Space Free | Partition Type: NTFS
Drive H: | 1862,92 Gb Total Space | 1800,69 Gb Free Space | 96,66% Space Free | Partition Type: NTFS

Computer Name: PC_APPART | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/23 11:37:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
PRC - [2010/12/07 16:32:24 | 001,097,344 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2010/12/02 10:37:22 | 001,425,536 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2010/12/02 04:15:14 | 000,915,584 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
PRC - [2010/11/26 21:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010/11/16 10:38:22 | 000,654,464 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
PRC - [2010/11/10 11:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010/11/09 10:34:26 | 002,529,920 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/03 11:30:14 | 000,918,144 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
PRC - [2010/10/21 11:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2010/10/12 16:39:50 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
PRC - [2010/09/28 15:47:10 | 000,252,544 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
PRC - [2010/09/24 21:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/05/16 09:27:38 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/05/16 09:27:16 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 19:35:58 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ffea70edf9aa81cba6a5be8070d3dd9\IAStorUtil.ni.dll
MOD - [2011/10/13 19:35:58 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll
MOD - [2011/10/13 17:47:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 17:47:01 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 17:46:57 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 17:46:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 17:46:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 17:46:44 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 17:46:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 17:46:41 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/30 22:15:40 | 001,656,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGO.dll
MOD - [2010/12/03 16:12:48 | 001,027,072 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2010/12/02 17:28:36 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2010/12/01 12:33:32 | 001,244,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2010/11/19 10:55:00 | 001,246,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2010/11/19 10:53:34 | 000,963,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2010/11/16 10:37:20 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll
MOD - [2010/11/13 02:54:34 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/11 03:09:26 | 000,703,488 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll
MOD - [2010/10/15 17:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
MOD - [2010/09/27 20:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2010/09/27 20:51:12 | 000,881,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2010/09/19 21:52:50 | 000,094,208 | ---- | M] () -- C:\Windows\SysWOW64\IccLibDll.dll
MOD - [2010/08/23 04:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll
MOD - [2010/08/06 18:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2010/08/06 18:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2010/07/30 11:28:32 | 000,670,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\asacpiex.dll
MOD - [2010/07/15 20:04:40 | 000,661,504 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll
MOD - [2010/07/15 20:04:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll
MOD - [2010/07/15 20:04:40 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll
MOD - [2010/06/23 05:54:36 | 000,114,688 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll
MOD - [2010/06/21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
MOD - [2010/06/21 15:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2010/02/24 10:56:40 | 000,661,504 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll
MOD - [2009/08/12 20:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2009/07/14 17:23:30 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/05/21 10:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
MOD - [2009/05/21 04:14:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
MOD - [2007/10/31 11:51:00 | 000,061,440 | R--- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/08/12 15:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/02 04:15:14 | 000,915,584 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/11/03 11:30:14 | 000,918,144 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe -- (asComSvc)
SRV - [2010/10/27 16:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010/10/21 11:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/22 09:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/11/22 09:09:06 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/27 15:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010/10/27 15:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010/10/27 15:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010/10/27 15:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010/10/27 15:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010/10/27 15:50:28 | 000,055,336 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010/10/27 15:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010/10/27 15:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010/10/26 05:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/09/30 07:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 07:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/21 08:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/08/17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT) Intel(R) Watchdog Timer Driver (Intel(R) WDT)
DRV:64bit: - [2010/08/10 11:29:15 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E DF 39 02 2C 64 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/28 10:19:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/10/08 22:10:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/10 11:12:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/09/03 21:57:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/08/28 10:19:28 | 000,000,000 | ---D | M]

[2011/08/26 22:12:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2011/10/19 20:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions
[2011/09/23 22:16:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/09/23 22:16:12 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/10/19 20:49:12 | 000,000,000 | ---D | M] (FbxRev_downloader) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions\FbxRev_downloader@vincent-at-waouh.net
[2011/08/28 21:39:21 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions\ffxtlbr@Facemoods.com
[2011/08/26 23:03:34 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2011/08/31 20:33:15 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\uc1u2vl0.default\extensions\support@predictad.com
[2011/08/28 21:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/28 21:42:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/09/10 11:12:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/12 06:52:47 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2011/08/12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/08/12 06:52:48 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011/08/12 06:52:48 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011/08/28 21:45:01 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/08/12 06:52:48 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011/08/12 06:52:48 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/10/23 10:43:25 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 [2011/09/27 20:58:42 | 000,000,000 | ---D | M]
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0257D2E0-CE73-41BE-A962-08FA580A0C35}: DhcpNameServer = 192.168.2.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50A6FCAD-E380-44E0-82E4-E34E4E40DBD8}: DhcpNameServer = 192.168.2.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/23 10:43:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c856e348-d04c-11e0-846f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c856e348-d04c-11e0-846f-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/24 13:54:13 | 000,000,000 | R--D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2011/10/23 11:53:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/23 11:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/10/23 11:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/10/23 11:42:13 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes
[2011/10/23 11:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/23 11:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/23 11:41:44 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/23 11:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/23 11:40:36 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Christian\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/23 11:37:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011/10/23 11:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Martau
[2011/10/23 11:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Uninstall 5
[2011/10/23 10:43:17 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011/10/23 10:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/10/22 22:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\jC32111EmJiG32111
[2011/10/21 22:59:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolor Panotour Pro 1.7
[2011/10/20 20:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kolor Autopano Giga 2.5
[2011/10/18 22:03:12 | 000,000,000 | ---D | C] -- C:\Panini-Pro
[2011/10/15 10:13:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/10/15 10:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011/10/15 10:12:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Notepad++
[2011/10/15 10:12:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2011/10/13 01:20:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/13 01:20:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 01:20:29 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/13 01:20:29 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 01:20:28 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/10/13 01:20:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 01:20:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 01:20:27 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/10/13 01:20:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/10/12 22:14:22 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/12 22:14:22 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/12 22:14:22 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/12 22:14:22 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/12 22:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/12 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Apple Computer
[2011/10/12 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Apple Computer
[2011/10/12 22:12:56 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011/10/12 22:12:56 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011/10/12 22:12:56 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011/10/12 22:12:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/10/12 22:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/10/12 22:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/10/12 22:12:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/12 22:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011/10/12 22:12:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/10/12 22:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/12 22:12:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/10/12 22:11:54 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/12 22:11:53 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/10/10 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\piw
[2011/10/09 22:07:33 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\piwigo
[2011/10/08 22:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/10/08 22:13:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\Adobe Flash Builder 4
[2011/10/08 22:12:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2011/10/08 22:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2011/10/08 22:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/10/08 22:07:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5
[2011/10/08 21:50:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Story
[2011/10/08 21:50:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/10/08 21:48:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/07 23:57:41 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\SWiSH Max4 FRA
[2011/10/07 23:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SWiSH Max4
[2011/10/07 23:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LameACM
[2011/10/07 23:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LameACM
[2011/10/07 23:57:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWiSHzone.com
[2011/10/07 23:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SWiSH Max4
[2011/10/03 21:57:12 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\XnConvert
[2011/10/03 21:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnConvert
[2011/10/03 21:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\XnConvert
[2011/09/27 20:58:42 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/24 13:54:13 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2011/10/24 13:54:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/24 13:54:08 | 4276,695,038 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/24 13:48:34 | 001,450,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/24 13:48:34 | 000,733,768 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/24 13:48:34 | 000,464,528 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/24 13:48:34 | 000,409,134 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/10/24 13:48:34 | 000,063,982 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/10/24 13:36:28 | 001,008,092 | ---- | M] () -- C:\Users\Christian\Desktop\rkill.scr
[2011/10/24 13:35:36 | 000,294,400 | ---- | M] () -- C:\Users\Christian\Desktop\exeHelper.com
[2011/10/24 12:31:27 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 12:31:27 | 000,015,008 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/23 12:11:30 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/10/23 11:47:31 | 000,001,104 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/23 11:46:16 | 000,000,924 | ---- | M] () -- C:\Users\Christian\Desktop\NTREGOPT.lnk
[2011/10/23 11:46:16 | 000,000,905 | ---- | M] () -- C:\Users\Christian\Desktop\ERUNT.lnk
[2011/10/23 11:41:47 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 11:40:56 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Christian\Desktop\mbam-setup-1.51.2.1300.exe
[2011/10/23 11:37:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe
[2011/10/23 11:15:10 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\Total Uninstall 5.lnk
[2011/10/23 10:43:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/23 10:43:25 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/10/21 22:59:51 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Kolor Panotour Pro 1.7.lnk
[2011/10/20 20:21:46 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Kolor Autopano Giga 2.5.lnk
[2011/10/18 22:03:12 | 000,000,874 | ---- | M] () -- C:\Users\Christian\Desktop\Panini-Pro b5.lnk
[2011/10/17 18:38:14 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/15 20:59:13 | 000,000,047 | ---- | M] () -- C:\Users\Christian\Desktop\.htaccess
[2011/10/15 10:13:00 | 000,001,059 | ---- | M] () -- C:\Users\Christian\Desktop\Notepad++.lnk
[2011/10/13 22:10:03 | 000,000,658 | ---- | M] () -- C:\Users\Christian\Desktop\chs.swf - Raccourci.lnk
[2011/10/13 20:35:16 | 000,001,193 | ---- | M] () -- C:\Users\Christian\Desktop\source CHS - Raccourci.lnk
[2011/10/13 17:55:55 | 000,000,016 | ---- | M] () -- C:\Users\Christian\Desktop\htacccess
[2011/10/13 17:46:27 | 005,043,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/12 22:47:46 | 000,015,590 | ---- | M] () -- C:\Users\Christian\Documents\Notes de mise à jour de l’iPad.rtf
[2011/10/12 22:32:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/10/12 22:12:59 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/09 23:26:01 | 000,007,974 | ---- | M] () -- C:\Users\Christian\Desktop\config.sql
[2011/10/09 23:25:53 | 000,001,795 | ---- | M] () -- C:\Users\Christian\Desktop\index.php
[2011/10/09 21:26:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbz.DAT
[2011/10/09 21:26:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbx.DAT
[2011/10/09 21:26:13 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLbw.DAT
[2011/10/09 14:06:08 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2011/10/09 14:05:11 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/10/07 23:57:38 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\SWiSH Max4.lnk
[2011/10/06 22:36:00 | 000,000,600 | ---- | M] () -- C:\Users\Christian\winscp.RND
[2011/10/03 21:56:29 | 000,001,640 | ---- | M] () -- C:\Users\Christian\Desktop\XnConvert.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
360panos
 
Messages: 8
Inscription: 23 Oct 2011, 11:41

Re: problemes aves security phere 2012

Messagede 360panos » 24 Oct 2011, 13:36

fin du fichier OTL.txt :

========== Files Created - No Company Name ==========

[2011/10/24 13:36:26 | 001,008,092 | ---- | C] () -- C:\Users\Christian\Desktop\rkill.scr
[2011/10/24 13:35:35 | 000,294,400 | ---- | C] () -- C:\Users\Christian\Desktop\exeHelper.com
[2011/10/23 12:11:30 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/10/23 11:47:31 | 000,001,104 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/10/23 11:46:16 | 000,000,924 | ---- | C] () -- C:\Users\Christian\Desktop\NTREGOPT.lnk
[2011/10/23 11:46:16 | 000,000,905 | ---- | C] () -- C:\Users\Christian\Desktop\ERUNT.lnk
[2011/10/23 11:41:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/23 11:15:10 | 000,001,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 5.lnk
[2011/10/23 11:15:10 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\Total Uninstall 5.lnk
[2011/10/23 10:43:25 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/10/21 22:59:51 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Kolor Panotour Pro 1.7.lnk
[2011/10/20 20:21:46 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Kolor Autopano Giga 2.5.lnk
[2011/10/18 22:03:12 | 000,000,874 | ---- | C] () -- C:\Users\Christian\Desktop\Panini-Pro b5.lnk
[2011/10/15 20:59:13 | 000,000,047 | ---- | C] () -- C:\Users\Christian\Desktop\.htaccess
[2011/10/15 10:13:00 | 000,001,059 | ---- | C] () -- C:\Users\Christian\Desktop\Notepad++.lnk
[2011/10/13 22:10:03 | 000,000,658 | ---- | C] () -- C:\Users\Christian\Desktop\chs.swf - Raccourci.lnk
[2011/10/13 20:35:16 | 000,001,193 | ---- | C] () -- C:\Users\Christian\Desktop\source CHS - Raccourci.lnk
[2011/10/13 17:54:36 | 000,000,016 | ---- | C] () -- C:\Users\Christian\Desktop\htacccess
[2011/10/12 22:47:46 | 000,015,590 | ---- | C] () -- C:\Users\Christian\Documents\Notes de mise à jour de l’iPad.rtf
[2011/10/12 22:32:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/10/12 22:12:59 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/09 23:26:00 | 000,007,974 | ---- | C] () -- C:\Users\Christian\Desktop\config.sql
[2011/10/09 23:25:53 | 000,001,795 | ---- | C] () -- C:\Users\Christian\Desktop\index.php
[2011/10/07 23:57:38 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\SWiSH Max4.lnk
[2011/10/03 21:56:29 | 000,001,640 | ---- | C] () -- C:\Users\Christian\Desktop\XnConvert.lnk
[2011/09/09 16:54:54 | 000,000,132 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/31 22:31:41 | 000,001,456 | ---- | C] () -- C:\Users\Christian\AppData\Local\Adobe Enregistrer pour le Web 12.0 Prefs
[2011/08/29 22:24:59 | 001,062,960 | ---- | C] () -- C:\Windows\PE_File.dll
[2011/08/29 22:20:20 | 001,016,768 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2011/08/28 18:01:14 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll
[2011/08/28 17:55:47 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/08/28 17:55:43 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/08/28 10:11:42 | 000,231,680 | ---- | C] () -- C:\Windows\hpoins49.dat
[2011/08/27 23:00:59 | 000,000,268 | RH-- | C] () -- C:\ProgramData\CIOSupport
[2011/08/27 23:00:59 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Breath Pad
[2011/08/27 22:58:46 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdy.DAT
[2011/08/27 22:30:57 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Funk Animals
[2011/08/27 22:30:57 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Fruit
[2011/08/27 22:30:57 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Frameworks
[2011/08/27 22:30:57 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Fonts
[2011/08/27 22:30:57 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Font Book
[2011/08/27 22:30:57 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Folder Actions Handlers
[2011/08/27 22:30:57 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbw.DAT
[2011/08/27 22:30:16 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbz.DAT
[2011/08/27 22:26:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT
[2011/08/27 21:41:56 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Breath Pad
[2011/08/27 21:41:56 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Bass Amp
[2011/08/27 21:41:56 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/08/27 21:35:55 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\CMMs
[2011/08/27 21:35:55 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\CIOSupport
[2011/08/27 21:35:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Channel
[2011/08/27 21:35:55 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Calibrators
[2011/08/27 21:35:55 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Bundle
[2011/08/27 21:35:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/08/27 21:35:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/08/27 21:35:55 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/08/27 00:31:29 | 000,456,672 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/26 23:53:16 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/26 21:50:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/08/26 21:49:55 | 000,030,859 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010/08/03 07:21:24 | 000,014,464 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2010/04/23 10:51:58 | 000,001,241 | ---- | C] () -- C:\Windows\hpomdl49.dat
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/04/02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/01/04 07:34:42 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 1281 bytes -> C:\ProgramData\Microsoft:3D6SicDb91xH4mu2kElI7nn
@Alternate Data Stream - 1267 bytes -> C:\ProgramData\Microsoft:O1KOuYjgiq43mZUAHFWo7MU8
@Alternate Data Stream - 1256 bytes -> C:\Users\Christian\AppData\Local\Temp:OzSw9JF1UxvmxHiQlhBzpZZJpTQ2
@Alternate Data Stream - 1239 bytes -> C:\Users\Christian\AppData\Local\Temp:xCc40gvmjbCiZhmkHSuC
@Alternate Data Stream - 1174 bytes -> C:\Users\Christian\AppData\Local\zYSGiRF9:fRqysb8PUSREGdjaeahPIG7hnM
@Alternate Data Stream - 1074 bytes -> C:\Program Files (x86)\Common Files\System:HQFskiWPrWYsn0hZ2ITnaPlua2

< End of report >
360panos
 
Messages: 8
Inscription: 23 Oct 2011, 11:41

Re: problemes aves security phere 2012

Messagede 360panos » 24 Oct 2011, 13:53

Les symptômes d'infection étaient le démarrage intempestif et répété de Security Sphere 2012 et le verrouillage de firefox + la suppression de la personnalisation du fond du bureau

je viens de redémarrer plusieurs fois le PC et les ennuis sont désormais finis .... GRACE A VOUS

je crois que je vais garder sous le coude cette procedure et les outils téléchargés.

Vraiment merci pour cette aide, ce forum est désormais dans mes favoris
360panos
 
Messages: 8
Inscription: 23 Oct 2011, 11:41

Re: problemes aves security phere 2012

Messagede nickW » 26 Oct 2011, 00:24

Bonsoir,

je crois que je vais garder sous le coude cette procedure et les outils téléchargés.


A mon avis, c'est une double mauvaise idée - mis à part MBAM (Malwarebytes' Anti-Malware):

*- cette procédure est valable pour ce type de logiciel fallacieux (alias "rogue" en anglais), mais pas pour un autre type de nuisible
*- les outils comme exeHelper ou rkill sont mis à jour très souvent. Il faut toujours les télécharger juste avant de les utiliser.


Par contre MBAM doit être conservé pour des analyses à la demande, toujours après avoir fait une Mise à jour.


Autres commentaires:

Java (JRE), Adobe Reader, Mozilla Firefox, Mozilla Thunderbird : Tous ces logiciels ne sont pas à jour!


S'il existe encore, il faudrait mettre en Type de démarrage "Désactivé" le service SpyHunter 4 Service.


Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 52 invités