Assiste.Forums

Sécurité informatique et protection de la vie privée sur Internet

Vers le contenu

premier forum d'habitude je m'en sors seul et là ... ?

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée
Sujet verrouillé

premier forum d'habitude je m'en sors seul et là ... ?

Messagede paracelse62 » 20 Nov 2011, 16:00

Bonjour ,
Je viens de lire et d'appliquer les consignes j'attends patiemment que OTL finisse le boulot.
Description :
à l'ouverture de Vista et ce malgré cleaner et autre superantispyware, antivir (avira) m'ouvre une bonne quinzaine de popup avec à chaque fois le bruit stressant qui va avec pour me signaler une ribambelle de Dll infecté par TR/Vundo.by.550.
j'ai cru m'en sortir hier et aujourd'hui rebelote du coup je lance ma bouée de suavetage et comme le hijackthis est une panacée pour beaucoup de gens mais que j'y comprends rien j'ai suivi votre protocole. Les messages à suivre sont donc les comptes rendus des différents outils présentés. j'espère que vous aurez la possibilité de m'aider.
Paracelse
paracelse62
 
Messages: 19
Inscription: 20 Nov 2011, 15:19
Haut

Re: premier forum d'habitude je m'en sors seul et là ... ?

Messagede paracelse62 » 20 Nov 2011, 16:11

rapport otl.txt
OTL logfile created on: 20/11/2011 15:40:39 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Benoit BERQUIN\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 44,10% Memory free
6,22 Gb Paging File | 4,28 Gb Available in Paging File | 68,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457,67 Gb Total Space | 24,72 Gb Free Space | 5,40% Space Free | Partition Type: NTFS
Drive D: | 8,09 Gb Total Space | 1,01 Gb Free Space | 12,52% Space Free | Partition Type: NTFS
Drive G: | 243,70 Mb Total Space | 213,27 Mb Free Space | 87,51% Space Free | Partition Type: FAT

Computer Name: SUPERBOSS | User Name: Benoit BERQUIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 15:22:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Benoit BERQUIN\Desktop\OTL.exe
PRC - [2011/11/11 23:05:14 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/11 14:38:50 | 001,630,992 | ---- | M] () -- C:\Windows\System32\sysperf.exe
PRC - [2011/09/29 08:19:26 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/12 21:50:12 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/05/25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Benoit BERQUIN\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/02/18 15:30:32 | 007,233,952 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe
PRC - [2011/02/18 15:30:26 | 000,428,088 | ---- | M] () -- C:\Program Files\Samsung\AllShare\AllShareDMS\http_ss_win_pro.exe
PRC - [2010/07/04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/06/24 14:00:14 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/06/21 13:34:10 | 000,306,480 | ---- | M] (eInstruction Corporation) -- C:\Program Files\eInstruction\Device Manager\Launch.exe
PRC - [2009/08/25 14:13:07 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/26 20:17:17 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:11 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/10/10 19:24:46 | 000,726,336 | ---- | M] (SFR) -- C:\Program Files\SFR\Media Center\MediaCenter.exe
PRC - [2008/09/08 20:18:36 | 002,641,920 | ---- | M] (pdfforge http://www.pdfforge.org/) -- C:\Program Files\PDFCreator\PDFCreator.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007/09/05 07:59:02 | 000,024,635 | ---- | M] (Apache Software Foundation) -- C:\Program Files\SFR\Media Center\httpd\httpd.exe
PRC - [2006/09/03 09:32:28 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/20 14:40:17 | 000,020,480 | ---- | M] () -- C:\Users\Benoit BERQUIN\AppData\Local\Temp\abt74121\BTCheckMS.dll
MOD - [2011/11/11 23:05:13 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/27 11:58:16 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ab1a41d184118635218d38da3f4bcae8\System.Management.ni.dll
MOD - [2011/10/27 11:56:08 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dabeb21f09f88576c2cce838280c7f44\System.Runtime.Remoting.ni.dll
MOD - [2011/10/27 11:55:55 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2b0b477db8f5a19d6365b93106b26651\System.Xaml.ni.dll
MOD - [2011/10/27 11:39:54 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\401a9dbeaad6b6ca70c90ae4fbd2e0b8\PresentationFramework.ni.dll
MOD - [2011/10/27 11:39:42 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\fa45e7d581b80c34cb0d5518491c7387\System.Windows.Forms.ni.dll
MOD - [2011/10/27 11:39:29 | 011,470,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b540398c49e7c32ab58666de7f09f645\PresentationCore.ni.dll
MOD - [2011/10/27 11:39:18 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\fd0f015bc4324d8b9716ae38083a4e4d\System.Drawing.ni.dll
MOD - [2011/10/27 11:39:16 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\90223e809b1ff291a7f65509702e2fa1\System.Core.ni.dll
MOD - [2011/10/27 11:39:13 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a48e483c6b13da563725d72ec518a0bb\System.Xml.ni.dll
MOD - [2011/10/27 11:39:13 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\af091a68303117ca2166aa13bcbfbbd0\PresentationFramework.Aero.ni.dll
MOD - [2011/10/27 11:39:08 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0afb5fbfbc7a8d670b430672c5fd578\WindowsBase.ni.dll
MOD - [2011/10/27 11:39:01 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\69adb8f9940fa1330f6f1b706e3dc31e\System.ni.dll
MOD - [2011/10/27 11:38:48 | 014,409,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll
MOD - [2011/10/27 11:38:44 | 000,115,137 | ---- | M] () -- C:\Users\Benoit BERQUIN\AppData\Local\Temp\ae201572-4813-4010-9ed2-ee29ddec066a\CliSecureRT.dll
MOD - [2011/10/17 07:07:46 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/29 08:19:26 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2010/07/04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/04 22:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/21 13:34:10 | 000,095,744 | ---- | M] () -- C:\Program Files\eInstruction\Device Manager\NativeSupport.dll
MOD - [2010/06/21 13:33:06 | 000,057,344 | ---- | M] () -- C:\Program Files\eInstruction\Device Manager\jspWin.dll
MOD - [2007/11/28 17:59:42 | 003,702,784 | ---- | M] () -- C:\Program Files\PDFCreator\GS8.61\gs8.61\Bin\gsdll32.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (uvnc_service)
SRV - [2011/11/11 14:38:50 | 001,630,992 | ---- | M] () [Auto | Running] -- C:\Windows\System32\sysperf.exe -- (sysperf.exe)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/12 21:50:12 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/02/18 15:30:32 | 007,233,952 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung\AllShare\AllShareDMS\WiselinkPro.exe -- (SamsungAllShare)
SRV - [2011/02/18 15:30:22 | 000,022,464 | ---- | M] (Samsung Electronics) [Auto | Stopped] -- C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)
SRV - [2010/06/24 14:00:14 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/25 14:13:07 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/26 20:17:17 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/12 08:34:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/05/31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/09/11 15:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2006/09/11 15:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2006/09/11 14:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2006/09/11 14:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2006/09/03 09:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/08/31 22:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2006/05/10 08:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
paracelse62
 
Messages: 19
Inscription: 20 Nov 2011, 15:19
Haut

Re: premier forum d'habitude je m'en sors seul et là ... ?

Messagede paracelse62 » 20 Nov 2011, 16:12

rapport suite :
========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/09 21:44:11 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/09 21:44:10 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/04/27 13:19:28 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/06/24 14:00:14 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/04/27 03:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010/04/27 03:25:16 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2010/04/27 03:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010/04/27 03:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2010/02/25 13:51:17 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/12/11 21:37:43 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/26 20:17:18 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/06/26 21:01:00 | 009,777,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/11 05:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/03/30 09:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 11:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/02/08 12:12:50 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/01/22 16:06:34 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/12/07 12:44:54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008/05/28 11:33:14 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/03/07 12:39:50 | 000,045,848 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/26 08:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2008/01/15 00:56:30 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/11/30 16:23:02 | 000,097,216 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/07/16 11:28:06 | 000,088,320 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr)
DRV - [2007/07/06 19:26:34 | 003,033,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spc1300.sys -- (SPC1300) USB2.0 PC Camera (SPC1300)
DRV - [2005/12/12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 DF A9 3B 96 A4 CC 01 [binary data]
IE - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - No CLSID value found
IE - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.laposte.net/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={798335B0-69FA-29ED-46A9-D38DEC793439}&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.6.0: C:\Users\Benoit BERQUIN\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/19 20:13:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 23:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/14 15:25:43 | 000,000,000 | ---D | M]

[2008/08/27 21:18:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benoit BERQUIN\AppData\Roaming\mozilla\Extensions
[2011/11/10 21:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benoit BERQUIN\AppData\Roaming\mozilla\Firefox\Profiles\1r61jjw5.default\extensions
[2011/03/07 17:57:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Benoit BERQUIN\AppData\Roaming\mozilla\Firefox\Profiles\1r61jjw5.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/10 21:49:18 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Benoit BERQUIN\AppData\Roaming\mozilla\Firefox\Profiles\1r61jjw5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/12/12 13:39:08 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Benoit BERQUIN\AppData\Roaming\mozilla\Firefox\Profiles\1r61jjw5.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/09/05 15:06:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Users\Benoit BERQUIN\AppData\Roaming\mozilla\Firefox\Profiles\1r61jjw5.default\extensions\quickstores@quickstores.de
[2010/08/30 20:09:50 | 000,001,819 | ---- | M] () -- C:\Users\Benoit BERQUIN\AppData\Roaming\Mozilla\Firefox\Profiles\1r61jjw5.default\searchplugins\bing.xml
[2011/11/11 23:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/27 23:09:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2010/09/04 12:43:15 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
() (No name found) -- C:\USERS\BENOIT BERQUIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1R61JJW5.DEFAULT\EXTENSIONS\{398E77B8-2304-11DC-8314-0800200C9A66}.XPI
() (No name found) -- C:\USERS\BENOIT BERQUIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1R61JJW5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\BENOIT BERQUIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1R61JJW5.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011/11/11 23:05:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 09:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 09:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/09/06 18:00:20 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/09/06 18:00:21 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2010/01/01 09:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 09:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\pdf.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\ppGoogleNaClPluginChrome.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\11.0.696.65\gears.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.6.0 (Enabled) = C:\Users\Benoit BERQUIN\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins\npybrowserplus_2.6.0.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Benoit BERQUIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001\..\Toolbar\WebBrowser: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PC Cleaners] C:\Program Files\PC Cleaners\PCCleaners.exe (PC Cleaners Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001..\Run: [Neuf Media Center] C:\Program Files\SFR\Media Center\MediaCenter.exe (SFR)
O4 - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001..\Run: [Shareaza] C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_fr;_rv:1.9.1.7)_Gecko/20091221_Firefox/3.5.7_(.NET_CLR_3.5.30729)_FBSMTWB" -"http://pbskids.org/caillou_french/games/dresscaillou/index.html" File not found
O4 - Startup: C:\Users\Benoit BERQUIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Benoit BERQUIN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Benoit BERQUIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: Télécharger avec Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .csm - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .csml - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cub - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .cube - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .dx - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .emb - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .embl - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .gau - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .jdx - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mol - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .mop - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .pdb - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .rxn - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .scr - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .skc - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .spt - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .tgf - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O12 - Plugin for: .xyz - C:\Program Files\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc (Elsevier MDL))
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab (QuickTime Object)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFA543A3-B428-4FEB-85BC-B39FF003487B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F269576C-6660-4226-B035-4C4BC807206D}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (aacext.dll) -C:\Windows\System32\aacext.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Benoit BERQUIN\Pictures\2010_07_28\IMG_4918.JPG
O24 - Desktop BackupWallPaper: C:\Users\Benoit BERQUIN\Pictures\2010_07_28\IMG_4918.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/27 17:50:58 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3f758e10-aa97-11df-854d-001bfcc41d10}\Shell\Shell00\Command - "" = F:\Start.exe
O33 - MountPoints2\{ec4ba948-6127-11dc-8955-001bfcc41d10}\Shell\AutoRun\command - "" = L:\Delivery\DeliveryReader.exe
O33 - MountPoints2\{ec4ba94b-6127-11dc-8955-001bfcc41d10}\Shell - "" = AutoRun
O33 - MountPoints2\{ec4ba94b-6127-11dc-8955-001bfcc41d10}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/11/20 15:28:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/20 15:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/11/20 15:26:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/11/20 15:21:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Benoit BERQUIN\Desktop\OTL.exe
[2011/11/20 14:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/11/20 14:50:07 | 000,000,000 | ---D | C] -- C:\rsit
[2011/11/19 17:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Multi Virus Cleaner 2011
[2011/11/19 17:19:07 | 000,000,000 | ---D | C] -- C:\Users\Benoit BERQUIN\AppData\Roaming\PC Cleaners
[2011/11/19 17:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
[2011/11/19 17:19:01 | 005,359,888 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/11/19 17:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2011/11/19 17:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\PC Cleaners
[2011/11/19 15:54:35 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/11/19 11:57:01 | 000,000,000 | ---D | C] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Malwarebytes
[2011/11/19 11:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/19 11:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/19 11:56:51 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/19 11:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/13 15:12:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\FEB5AE06E59209DD765AAADF8E7B6660
[2011/10/27 23:09:01 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/27 23:09:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/27 23:09:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/27 11:41:58 | 000,000,000 | ---D | C] -- C:\Users\Benoit BERQUIN\{a352e744-845d-4576-946d-ab47b1323ecf}
[2011/10/27 11:36:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\System32
[2007/12/27 11:09:06 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx
[34 C:\Users\Benoit BERQUIN\AppData\Roaming\*.tmp files -> C:\Users\Benoit BERQUIN\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/20 15:44:04 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/11/20 15:27:00 | 000,000,875 | ---- | M] () -- C:\Users\Benoit BERQUIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/20 15:26:57 | 000,000,695 | ---- | M] () -- C:\Users\Benoit BERQUIN\Desktop\NTREGOPT.lnk
[2011/11/20 15:26:57 | 000,000,676 | ---- | M] () -- C:\Users\Benoit BERQUIN\Desktop\ERUNT.lnk
[2011/11/20 15:22:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Benoit BERQUIN\Desktop\OTL.exe
[2011/11/20 14:53:01 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/20 14:40:21 | 000,001,139 | ---- | M] () -- C:\Users\Benoit BERQUIN\.eInstructionDeviceManagerPreferences.xml
[2011/11/20 14:40:17 | 000,000,049 | ---- | M] () -- C:\Users\Benoit BERQUIN\DeviceManagerState.properties
[2011/11/20 14:36:15 | 000,032,726 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/11/20 14:36:14 | 000,032,726 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/11/20 14:36:13 | 000,459,264 | ---- | M] () -- C:\Windows\System32\aacext.dll
[2011/11/20 14:36:11 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/20 14:36:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 14:36:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 14:35:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/19 23:15:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/19 16:44:09 | 005,359,888 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[2011/11/19 15:44:45 | 000,027,077 | ---- | M] () -- C:\Windows\System32\GnuHashes.ini
[2011/11/19 11:56:56 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/19 11:38:32 | 000,000,396 | ---- | M] () -- C:\Users\Benoit BERQUIN\Documents\cc_20111119_113826.reg
[2011/11/19 11:38:04 | 000,109,538 | ---- | M] () -- C:\Users\Benoit BERQUIN\Documents\cc_20111119_113743.reg
[2011/11/15 21:57:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/11 14:44:27 | 000,001,466 | ---- | M] () -- C:\Users\Benoit BERQUIN\.recently-used.xbel
[2011/11/11 14:38:50 | 001,630,992 | ---- | M] () -- C:\Windows\System32\sysperf.exe
[2011/11/05 11:12:59 | 000,305,218 | ---- | M] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112582.jpg
[2011/11/05 11:12:58 | 000,333,447 | ---- | M] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112581.jpg
[2011/11/05 11:12:55 | 000,331,024 | ---- | M] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112551.jpg
[2011/11/05 11:12:55 | 000,321,584 | ---- | M] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112552.jpg
[2011/11/05 11:12:55 | 000,303,359 | ---- | M] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112553.jpg
[2011/11/05 11:12:46 | 000,331,024 | ---- | M] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112461.jpg
[2011/11/05 11:12:46 | 000,321,584 | ---- | M] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112462.jpg
[2011/11/05 11:12:46 | 000,303,359 | ---- | M] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112463.jpg
[2011/11/02 09:28:23 | 000,098,816 | ---- | M] () -- C:\Users\Benoit BERQUIN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/02 09:24:02 | 000,725,536 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2011/11/02 09:24:02 | 000,637,106 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/02 09:24:02 | 000,147,284 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2011/11/02 09:24:02 | 000,120,610 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/26 13:42:37 | 000,000,361 | ---- | M] () -- C:\Windows\Flash.ini
[34 C:\Users\Benoit BERQUIN\AppData\Roaming\*.tmp files -> C:\Users\Benoit BERQUIN\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 15:44:04 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/11/20 15:27:00 | 000,000,875 | ---- | C] () -- C:\Users\Benoit BERQUIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/20 15:26:57 | 000,000,695 | ---- | C] () -- C:\Users\Benoit BERQUIN\Desktop\NTREGOPT.lnk
[2011/11/20 15:26:57 | 000,000,676 | ---- | C] () -- C:\Users\Benoit BERQUIN\Desktop\ERUNT.lnk
[2011/11/20 14:36:13 | 000,459,264 | ---- | C] () -- C:\Windows\System32\aacext.dll
[2011/11/19 15:44:45 | 000,027,077 | ---- | C] () -- C:\Windows\System32\GnuHashes.ini
[2011/11/19 11:56:56 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/19 11:38:29 | 000,000,396 | ---- | C] () -- C:\Users\Benoit BERQUIN\Documents\cc_20111119_113826.reg
[2011/11/19 11:37:49 | 000,109,538 | ---- | C] () -- C:\Users\Benoit BERQUIN\Documents\cc_20111119_113743.reg
[2011/11/13 15:12:35 | 001,630,992 | ---- | C] () -- C:\Windows\System32\sysperf.exe
[2011/11/11 14:44:27 | 000,001,466 | ---- | C] () -- C:\Users\Benoit BERQUIN\.recently-used.xbel
[2011/11/05 11:12:59 | 000,305,218 | ---- | C] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112582.jpg
[2011/11/05 11:12:58 | 000,333,447 | ---- | C] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112581.jpg
[2011/11/05 11:12:55 | 000,331,024 | ---- | C] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112551.jpg
[2011/11/05 11:12:55 | 000,321,584 | ---- | C] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112552.jpg
[2011/11/05 11:12:55 | 000,303,359 | ---- | C] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112553.jpg
[2011/11/05 11:12:46 | 000,331,024 | ---- | C] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112461.jpg
[2011/11/05 11:12:46 | 000,321,584 | ---- | C] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112462.jpg
[2011/11/05 11:12:46 | 000,303,359 | ---- | C] () -- C:\Users\Benoit BERQUIN\Documents\Capt-1112463.jpg
[2011/05/21 12:29:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/05/21 12:29:10 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2011/04/27 13:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/04/27 13:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/04/27 13:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/04/27 13:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/04/27 13:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010/10/06 13:56:40 | 000,344,160 | ---- | C] () -- C:\Windows\System32\RASWIN.EXE
[2010/10/05 09:38:58 | 000,000,548 | ---- | C] () -- C:\Program Files\Common Files\eInstruction.ini
[2010/09/04 16:44:09 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/08/23 11:28:06 | 000,000,291 | ---- | C] () -- C:\Windows\DeVisu.ini
[2010/02/21 22:50:01 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/01/21 13:22:44 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010/01/17 17:53:01 | 000,000,361 | ---- | C] () -- C:\Windows\Flash.ini
[2009/12/24 09:13:09 | 000,032,726 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/23 09:03:58 | 000,032,726 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/10/06 08:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/09/17 13:19:56 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/17 13:19:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 18:58:36 | 000,171,780 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2009/08/31 13:45:43 | 000,000,102 | ---- | C] () -- C:\Users\Benoit BERQUIN\AppData\Local\fusioncache.dat
[2009/05/25 19:22:27 | 000,169,648 | ---- | C] () -- C:\Windows\hpqins00.dat
[2009/02/15 13:35:07 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/02/08 12:12:50 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009/01/30 19:56:31 | 000,000,048 | ---- | C] () -- C:\Windows\wininit.ini
[2009/01/18 18:58:47 | 000,000,043 | ---- | C] () -- C:\Windows\System32\calibration.dat
[2009/01/15 18:57:22 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/01/01 13:31:00 | 000,000,000 | ---- | C] () -- C:\Windows\plclient.INI
[2008/12/29 12:37:36 | 000,004,761 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/12/07 12:44:54 | 000,030,088 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2008/11/29 20:04:08 | 000,004,096 | -H-- | C] () -- C:\Users\Benoit BERQUIN\AppData\Local\keyfile3.drm
[2008/09/18 20:01:25 | 000,000,240 | ---- | C] () -- C:\Users\Benoit BERQUIN\AppData\Roaming\Solve Elec 2.1 Prefs
[2008/09/09 07:21:13 | 000,145,689 | ---- | C] () -- C:\Windows\hpoins18.dat.temp
[2008/09/09 07:21:13 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat.temp
[2008/08/19 07:30:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/20 18:26:34 | 000,618,496 | ---- | C] () -- C:\Windows\System32\stlpmt45.dll
[2008/07/20 18:26:33 | 000,204,800 | ---- | C] () -- C:\Windows\System32\LPNG.DLL
[2008/06/01 08:27:08 | 000,159,991 | ---- | C] () -- C:\Windows\Sqirlz Morph Uninstaller.exe
[2008/05/18 19:52:56 | 000,001,024 | ---- | C] () -- C:\Users\Benoit BERQUIN\AppData\Roaming\WavCodec.wff
[2008/04/14 08:55:46 | 000,105,220 | ---- | C] () -- C:\Windows\hpqins16.dat
[2008/02/05 12:37:59 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1300c.sys
[2008/02/05 12:37:58 | 003,033,856 | ---- | C] () -- C:\Windows\System32\drivers\spc1300.sys
[2007/12/28 11:39:28 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2007/12/02 16:24:37 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007/12/02 16:03:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/08/30 18:15:29 | 000,000,000 | ---- | C] () -- C:\Windows\Videodeluxe.INI
[2007/08/30 18:00:54 | 000,006,423 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007/08/30 07:45:34 | 000,003,654 | ---- | C] () -- C:\Windows\System32\drivers\Sonyhcp.dll
[2007/08/27 08:56:53 | 000,098,816 | ---- | C] () -- C:\Users\Benoit BERQUIN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/25 20:54:35 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007/08/25 20:01:22 | 000,145,689 | ---- | C] () -- C:\Windows\hpoins18.dat
[2007/06/28 03:12:59 | 000,725,536 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2007/06/28 03:12:59 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2007/06/28 03:12:59 | 000,147,284 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2007/06/28 03:12:59 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2007/06/27 17:43:22 | 000,111,416 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/06/27 17:28:44 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
[2007/06/27 17:25:49 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/06/27 17:25:49 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/03/06 09:47:24 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/01/12 06:07:48 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/01/12 06:07:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,463,568 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,637,106 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,120,610 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2003/12/09 14:09:26 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Nmea.dll
[2003/11/27 14:50:26 | 000,139,264 | ---- | C] () -- C:\Windows\System32\ConversApi.dll
[2003/10/03 10:18:40 | 000,049,152 | ---- | C] () -- C:\Windows\System32\OgcDrvSilva.dll
[2003/10/03 10:18:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\OgcDrvSena.dll
[2003/10/03 10:18:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OgcDrvMlr.dll
[2003/10/03 10:18:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\OgcDrvMagellan.dll
[2003/10/03 10:18:12 | 000,086,016 | ---- | C] () -- C:\Windows\System32\OgcDrvGarmin.dll
[2003/10/03 07:13:40 | 000,036,864 | ---- | C] () -- C:\Windows\System32\Ogc.dll
[2002/11/25 14:11:22 | 000,688,128 | ---- | C] () -- C:\Windows\System32\BCGCB474.dll
[2002/01/13 16:12:02 | 000,188,416 | ---- | C] () -- C:\Windows\System32\CP30FW.DLL
[2001/12/19 08:07:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\BCGCBResFRA.dll

========== LOP Check ==========

[2010/04/05 10:37:11 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\2020 Fusion
[2009/05/24 08:30:53 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Advanced Chemistry Development
[2010/12/08 14:42:50 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Delivery
[2011/11/20 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Dropbox
[2008/01/02 21:38:32 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\eMule
[2011/08/28 11:11:01 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\eTeks
[2009/09/06 17:32:09 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\GTCO CalComp
[2011/11/11 14:44:27 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\gtk-2.0
[2008/08/28 13:39:13 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Généatique2009
[2010/09/03 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Image Zone Express
[2008/03/08 11:42:33 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Inkscape
[2009/10/20 09:40:25 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\IObit
[2011/08/28 10:39:15 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\LiveCAD3
[2011/10/27 08:43:57 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Mipony
[2010/12/27 16:21:50 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\MP-Manager
[2010/12/27 14:53:38 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\MPMAN
[2007/09/01 08:59:57 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\muvee Technologies
[2010/01/21 12:40:04 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\NCH Swift Sound
[2007/12/23 10:06:40 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Nvu
[2009/02/11 16:23:41 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\OpenOffice.org
[2009/09/16 20:26:27 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Overlook
[2011/11/19 17:19:07 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\PC Cleaners
[2007/09/16 13:46:56 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Printer Info Cache
[2007/08/30 19:21:17 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Publish Providers
[2010/09/04 13:13:08 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\QuickStoresToolbar
[2011/05/25 19:42:00 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Samsung
[2009/01/01 13:30:51 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\ScanSoft
[2010/12/03 14:46:40 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Shareaza
[2008/05/27 15:10:35 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\Sony
[2009/05/03 20:17:24 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\TeamViewer
[2007/11/07 17:07:23 | 000,000,000 | ---D | M] -- C:\Users\Benoit BERQUIN\AppData\Roaming\WinBatch
[2011/11/15 21:57:00 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/11/19 23:15:43 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/24 09:36:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/24 09:36:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/24 09:36:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\System32\ctfmon.exe
[2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/17 09:53:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/17 09:53:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\hp\DRIVERS\Intel_raid_ICH9\iastor.sys
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
paracelse62
 
Messages: 19
Inscription: 20 Nov 2011, 15:19
Haut

Re: premier forum d'habitude je m'en sors seul et là ... ?

Messagede paracelse62 » 20 Nov 2011, 16:18

rapport fin (ouf!)
< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/24 09:36:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/24 09:36:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/24 09:36:58 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\System32\ctfmon.exe
[2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/17 09:53:59 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/17 09:53:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\hp\DRIVERS\Intel_raid_ICH9\iastor.sys
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/03/21 13:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/11/20 14:36:13 | 000,459,264 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\aacext.dll
[2011/05/24 21:47:20 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011/05/24 21:47:20 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011/05/24 21:47:18 | 000,580,608 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msfeeds.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Benoit BERQUIN\Documents\sansbonus.dmsd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Benoit BERQUIN\Documents\cléophée.dmsd:Roxio EMC Stream
@Alternate Data Stream - 16 bytes -> C:\Users\Benoit BERQUIN\Downloads:Shareaza.GUID
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:1CD23587
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
paracelse62
 
Messages: 19
Inscription: 20 Nov 2011, 15:19
Haut

Re: premier forum d'habitude je m'en sors seul et là ... ?

Messagede paracelse62 » 20 Nov 2011, 16:20

rapport extras :
OTL Extras logfile created on: 20/11/2011 15:40:39 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Benoit BERQUIN\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 44,10% Memory free
6,22 Gb Paging File | 4,28 Gb Available in Paging File | 68,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457,67 Gb Total Space | 24,72 Gb Free Space | 5,40% Space Free | Partition Type: NTFS
Drive D: | 8,09 Gb Total Space | 1,01 Gb Free Space | 12,52% Space Free | Partition Type: NTFS
Drive G: | 243,70 Mb Total Space | 213,27 Mb Free Space | 87,51% Space Free | Partition Type: FAT

Computer Name: SUPERBOSS | User Name: Benoit BERQUIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3017553372-3954341448-1392868311-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8CABBD-A615-4F91-B7EA-FD8D79CDEFB0}" = lport=8002 | protocol=17 | dir=in | name=axon virtual pbx rtp incoming audio (udp) |
"{1AE171F0-1827-48FF-99FE-364C0FF359A3}" = lport=8007 | protocol=17 | dir=in | name=axon virtual pbx rtp incoming audio (udp) |
"{1EF7CE51-8ADC-49A0-9811-CD5D88DED876}" = lport=8004 | protocol=17 | dir=in | name=axon virtual pbx rtp incoming audio (udp) |
"{3F6A1E5F-2240-4A20-A7B0-666C55DC2044}" = lport=8006 | protocol=17 | dir=in | name=axon virtual pbx rtp incoming audio (udp) |
"{41D8BE30-FF73-4612-BCE5-979799B90E53}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{48CCB06A-96D0-4A4E-8F68-DD1335C67768}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{593BB9BB-230D-4E12-A136-847496E33FCA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{5AFA1FCA-75AA-44E3-A855-46B7B88C9AD0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5EAC8D86-4DEA-4A83-AE92-944669962BE1}" = rport=2869 | protocol=6 | dir=out | app=system |
"{69076CF0-FF59-4EF1-AD49-225BE305B212}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6E3B098F-B894-4294-A8C9-FBB278576CCD}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{6E886679-C273-4772-A937-5C4FC41B86E7}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{729AB1ED-E097-4031-BE51-5F1669D4BAB7}" = lport=94 | protocol=6 | dir=in | name=vrs recording system web control panel |
"{8361345E-55D6-43F3-A0D7-A145B5DC792B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8C1CA8EE-E9EB-4538-8E16-008753CB5E69}" = lport=8003 | protocol=17 | dir=in | name=axon virtual pbx rtp incoming audio (udp) |
"{8D4D8491-C80B-4A1D-9CED-BFAA0993430E}" = lport=8000 | protocol=17 | dir=in | name=axon virtual pbx rtp incoming audio (udp) |
"{900C73E4-D163-4845-A989-F2D5DC6097AC}" = lport=8008 | protocol=17 | dir=in | name=axon virtual pbx rtp incoming audio (udp) |
"{A85E6DAF-9589-4F4B-8FEE-0FE891ECB678}" = lport=81 | protocol=6 | dir=in | name=axon virtual pbx web server |
"{B06FB420-B0D3-497D-97CD-A053DD74931D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B5078D7E-BF35-47BB-AC31-AA0A22484B4B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DE2790D7-3BB2-4CC0-8963-76114DC5DEBE}" = lport=8009 | protocol=17 | dir=in | name=axon virtual pbx rtp incoming audio (udp) |
"{EC418F37-841E-45D5-A76E-69F8FC5D33B4}" = lport=5060 | protocol=17 | dir=in | name=axon virtual pbx sip incoming calls (udp) |
"{EF70E0FD-C465-4F84-B7A5-19BD36885B7C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F08E2551-38DA-4D50-A91A-25E72385998D}" = lport=8001 | protocol=17 | dir=in | name=axon virtual pbx rtp incoming audio (udp) |
"{F566013C-34D3-46F5-96F9-D17946C2EFFC}" = lport=8005 | protocol=17 | dir=in | name=axon virtual pbx rtp incoming audio (udp) |
"{FD0C30F7-F314-4FFE-9D51-E80EA6620520}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08794B9B-B801-4313-B5CB-8FFAD2FD4321}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0EEAB346-3025-4396-B715-966C21E4C0B9}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{0FFCF050-3B9C-425C-8276-5AC0B771AB21}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1154BA23-179C-4F40-A3ED-D17DCE23F828}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1D786DD6-AF3D-4F06-813B-8AD45606AD97}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F6F4430-97D1-4A36-9660-C9D0DC0CBEEC}" = protocol=6 | dir=in | app=c:\program files\sfr\media center\httpd\httpd.exe |
"{20074FEF-A979-471E-8CA5-F6A6129EA4D5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2E6412E3-FCC3-4483-9CA6-7309757F86E9}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{34C5FE2A-5D0C-414A-BA78-9133F64997E9}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{3873A211-FB39-4D1E-BF4D-D44309007EEE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3A19D804-9682-46D1-BB23-553BD8D2F611}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3E9CC69F-C5B3-4FC0-BB06-5EFB04F4E7A7}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{4042B348-9D4B-4A67-A161-C516E3D236E0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{434A17D6-61CC-4792-A59D-C9BCF973D118}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{43F1EA86-CFBF-4BF5-BC41-9CD5C61BAF67}" = protocol=6 | dir=in | app=c:\program files\sfr\media center\httpd\httpd.exe |
"{51D9F111-335F-473B-900F-B0CFA0207D0D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{55449CFF-AA7B-4E39-AE7C-8155E4224CB4}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{565AD2E9-4E03-4DC0-AEA7-762FFEAEE8E9}" = protocol=17 | dir=in | app=c:\program files\sfr\media center\httpd\httpd.exe |
"{6310C40D-7D39-404B-BA0B-A268D66EA234}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{65D9131F-A6D0-409A-852B-5FC40B324F6D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{67ABC034-6D59-4E29-97AB-4533F0D05B9D}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{701D3C70-6709-43BB-B1FC-857CB439DB73}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B463A04-F5F7-400D-AFB8-FD8322900D87}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E4072D2-9268-43B2-B218-7DD26CA8F469}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8077D905-B00A-4B48-8FAF-497DDF56EA14}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8AA92129-1A2E-4BF5-9775-BCE35DB8E7A9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8B215A07-2ACC-4C87-B7FD-BC587CF8D847}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9BA7E6F0-230A-47D7-AD50-EFD6C467E712}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9EF76B8C-7EE2-449C-87F8-E9054660A77C}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{A07059DE-F555-4D13-9130-119152292200}" = protocol=17 | dir=in | app=c:\program files\sfr\media center\httpd\httpd.exe |
"{A1B53AFC-3E9A-4DD7-86FC-BFDCE20214DD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A37677EA-4E39-4950-9A40-660D20D03640}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A474DF8A-6B7E-46C6-9F57-9E4950648FEB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A5249A20-E2D6-41CD-AC37-413516098640}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AA8D3F67-5D81-4F34-A157-FBE1D85B5902}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{AF761581-26BD-4E8A-9F4D-4E6EE839901B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B325125C-79F5-43E0-B18B-F2684418564B}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{B3D2DD59-291B-406E-A1F7-D91F20525EE2}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{B782CB27-C5A2-44C0-8388-ED425584C2DF}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{BDE08AB3-D918-4EC4-9E07-51BA63B9CFE7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BDF2736A-2583-4AC2-8158-DB1B9979E140}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{C041EEC0-92B8-49CD-BC4E-79F911C0ECCA}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{C265DE6C-9A15-48C1-A096-F5C94915371D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D677FE51-3730-4D55-AA37-3C3AD87A4E82}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D79300EF-78C8-40E2-8E3C-F1727801F535}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DBB5010B-6349-46FE-AB34-407192DE875E}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{DD8A864F-3C87-4669-BDC2-9391310064AE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DF72699E-ED35-464B-B5A4-112B0508C6B6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DFD78E87-439B-4641-9D1A-F28C325E2B19}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E1DA5CFD-6BCB-4C0C-89D3-476D3FCC3444}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E4C12399-0F95-4E0A-858F-CC03BB8C163F}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{E534112A-0D5D-42E3-8C20-2C2097A615A0}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{F3380DF8-AC9A-4A0B-BC4A-8588A80DA534}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F7BD6DFE-373C-48BB-A3B8-1E501061EE17}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F95E4109-886E-4797-BDE2-EB3860276AA9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FB99E727-A2A9-41BF-B5C3-C41FD8CD4990}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"TCP Query User{8C6851AC-0B1B-4EB4-B4C4-BCF8C18572ED}C:\program files\einstruction\device manager\launch.exe" = protocol=6 | dir=in | app=c:\program files\einstruction\device manager\launch.exe |
"UDP Query User{0A574A0B-7753-4560-AEA2-A6129B156ABF}C:\program files\einstruction\device manager\launch.exe" = protocol=17 | dir=in | app=c:\program files\einstruction\device manager\launch.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048B7EB5-977B-4444-B3F8-B8C2D2675314}" = Clean Up
"{05653DE1-6567-40C6-B930-39D399B64369}" = OpenOffice.org 3.3
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = RemoteCapture 2.7.5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2126F1EE-8326-40C0-9A34-FB4C66DA067F}" = Sony DVD Architect Studio 4.5
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = File Viewer Utility 1.3.2
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{37ED8114-95B4-4603-B58B-5E315DFB38C2}" = Sony Vegas Movie Studio 8.0b
"{3B0CFB08-515C-4AD4-89DF-997BF8545622}" = Enregistreur vocal ScanSoft
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{46761278-BF32-4008-833B-93487FF0A06E}" = MDL Chime/Chime Pro for Internet Explorer
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F9EF11C-A91A-42D0-BDAC-BB9695237075}" = Canon Camera TWAIN Driver
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{57DB3FC4-FB4F-48F8-A290-1C22FB349277}" = ScanSoft Voice Recorder
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A0DBAA6-4FEC-41B7-858E-99EF59B9173C}" = CIG
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
"{6DB284D6-4B8A-4F66-A48B-655E5EE580C9}" = Interwrite Workspace
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B}" = Logiciel Intel® Viiv™
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{822586CA-0B15-428C-859A-64B3728F28E7}" = RemoteCapture Task
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C4A333-DD44-3431-B1BF-6A66B971D07B}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{888019C0-54D4-40C2-9274-27B9DAB17017}" = Intel(R) Network Connections 14.0.40.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Gestionnaire pour appareils Windows Mobile
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B30D1C5-229F-4934-A781-DFBFB171D91D}" = MP Manager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Camera Window
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1036-7B44-A83000000003}" = Adobe Reader 8.3.1 - Français
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}" = EclipseCrossword
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEE31344-B227-4EE3-9D0C-74B7A52AC82E}_is1" = Généatique 2009
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D076E06B-F74B-454F-A56E-7510D7B6C9F0}" = RAW Image Task
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB371786-9449-4ED8-B47A-032467A58CAD}" = CamStudio
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FCFBA290-CB48-4AF1-A241-2685AEDEDD66}" = Windows Live Family Safety
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bigle 3D" = Bigle 3D
"c357087100659ec38ee2c7129d8b7375863953844" = Workspace Content
"Capturino 1.4" = Capturino 1.4
"CCleaner" = CCleaner (remove only)
"Chaoscope_is1" = Chaoscope 0.3.1
"CHROMA v.2.5" = CHROMA v.2.5
"CleanUp!" = CleanUp!
"DebugMode Wink" = DebugMode Wink
"DeviceManager" = DeviceManager
"Didapages" = Didapages 1.2
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"GIMP-2_is1" = GIMP 2.6.10
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hotpot_is1" = HotPotatoes v 6.2.4.0
"InstallShield_{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}" = Canon Utilities File Viewer Utility 1.3
"InstallShield_{4F9EF11C-A91A-42D0-BDAC-BB9695237075}" = Canon EOS Kiss REBEL 300D Pilote TWAIN
"InstallShield_{6A0DBAA6-4FEC-41B7-858E-99EF59B9173C}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{822586CA-0B15-428C-859A-64B3728F28E7}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{D076E06B-F74B-454F-A56E-7510D7B6C9F0}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare
"InstallShield_{EB371786-9449-4ED8-B47A-032467A58CAD}" = CamStudio
"InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
"Intel(R) Configuration Center" = Logiciel Intel® Viiv™
"JClic (offline)" = JClic (offline)
"LameACM" = Lame ACM MP3 Codec
"L'oeil et la vision_is1" = L'oeil et la vision version 1.06a.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"MiPony" = MiPony 1.5.1
"Mozilla Firefox 8.0 (x86 fr)" = Mozilla Firefox 8.0 (x86 fr)
"Multi Virus Cleaner 2010_is1" = Multi Virus Cleaner 2010
"Multi Virus Cleaner 2011_is1" = Multi Virus Cleaner 2011
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"OptGeo_is1" = OptGeo 1.25
"OPTIKOS v.1.0" = OPTIKOS v.1.0
"Oscillo_is1" = Oscillo v.3.5
"Overlook Fing 1.2" = Overlook Fing
"PC Cleaners" = PC Cleaners
"PC-Doctor 5 for Windows" = Outils de diagnostic du matériel
"PDF-to-Word 2.5 Demo" = PDF-to-Word 2.5 Demo
"PDF-XChange 3_is1" = PDF-XChange 3
"PFPortChecker" = PFPortChecker 1.0.39
"Planètes 3D_is1" = Planètes 3D version 1.02
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSetDX" = Intel(R) Network Connections 14.0.40.0
"QCad" = QCad
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.89
"SFR_Media Center" = SFR - Media Center
"Shadows 2.0" = Shadows 2.0
"Shareaza_is1" = Shareaza 2.5.5.0
"Skype_is1" = Skype 2.5
"Solve Elec_is1" = Solve Elec 2.1
"sp41121" = sp41121
"Sqirlz Morph" = Sqirlz Morph
"ST6UNST #1" = RgPapiers
"Stellarium_is1" = Stellarium 0.9.0
"Sweet Home 3D_is1" = Sweet Home 3D version 3.3
"TBSB07183.TBSB07183Toolbar" = Fast Browser Search
"Unlocker" = Unlocker 1.9.0
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Vision" = Vision
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WavePad" = WavePad Uninstall
"WinAVI Video Capture_is1" = WinAVI Video Capture 2.0
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.42-3
"WinLiveSuite" = Windows Live
"WinOscillo" = WinOscillo 0.85
"winpcap-overlook" = winpcap-overlook 4.02
"WinRAR archiver" = Archiveur WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3017553372-3954341448-1392868311-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"QUICKMEDIACONVERTER" = Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
paracelse62
 
Messages: 19
Inscription: 20 Nov 2011, 15:19
Haut

Re: premier forum d'habitude je m'en sors seul et là ... ?

Messagede paracelse62 » 20 Nov 2011, 16:28

rapport de malwarebytes anti :
lorsque je clique sur quitter il me dit qu'une analyse est en cours ...
le rapport n'apparait pas dans log du coup !
je fais un autre essai.
paracelse62
 
Messages: 19
Inscription: 20 Nov 2011, 15:19
Haut

Re: premier forum d'habitude je m'en sors seul et là ... ?

Messagede paracelse62 » 20 Nov 2011, 16:59

pour malwarebytes : même soucis après redémarrage, il repère trois choses :
Backdoor.FKulead dans C:\windows\system32\aacext.dll
le même dans : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windowsNT\currentversion\windows\applnit_DLLs
et trojan.tracur dans c:\windows\system32\gnuhashes.ini
je ne sais pas pourquoi ça ne fonctionne pas!
merci pour votre aide potentielle!
paracelse62
 
Messages: 19
Inscription: 20 Nov 2011, 15:19
Haut

Re: premier forum d'habitude je m'en sors seul et là ... ?

Messagede paracelse62 » 20 Nov 2011, 17:08

maintenant il a bien voulu faire le rapport :
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8199

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

20/11/2011 17:06:14
mbam-log-2011-11-20 (17-06-14).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 193836
Temps écoulé: 4 minute(s), 5 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)



mais là il me dit que plus rien n'est infecté !!!!!
paracelse62
 
Messages: 19
Inscription: 20 Nov 2011, 15:19
Haut

Re: premier forum d'habitude je m'en sors seul et là ... ?

Messagede paracelse62 » 20 Nov 2011, 17:25

refais une analyse re soucis pour avoir le rapport impossible
Il trouve alors un pb :
trojan.tracur dans C:\system32\gunhashes.ini
voilà !! Je suis prêt à balancer un parpaing dans l'écran!
paracelse62
 
Messages: 19
Inscription: 20 Nov 2011, 15:19
Haut

Re: premier forum d'habitude je m'en sors seul et là ... ?

Messagede nickW » 21 Nov 2011, 02:07

Bonsoir,

Premiers nettoyages:

Étape 1: TDSSKiller (de Kaspersky), installation
Télécharger tdsskiller.zip depuis le lien ci-dessous:
http://support.kaspersky.com/downloads/ ... killer.zip

Extraire de l'archive téléchargée le fichier TDSSKiller.exe et le placer sur le Bureau.


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Avira Antivir: voir viewtopic.php?f=70&t=27097
SUPERAntiSpyware: voir viewtopic.php?f=70&t=27096


Étape 3: TDSSKiller (de Kaspersky), exécution
Faire un double clic sur TDSSKiller.exe pour le lancer.

L'écran de TDSSKiller s'affiche:
Image

Cliquer sur Start scan pour lancer l'analyse.

Lorsque l'outil a terminé son travail d'inspection,

Si des nuisibles ("Malicious objects") ont été détectés, le programme sélectionne automatiquement l'action à effectuer:
*- soit Cure
*- soit Skip. Dans ce cas, cliquer sur la petite flèche vers le bas située à coté de Skip afin d'ouvrir la liste des options disponibles. Si Cure est présent, il faut le sélectionner, mais il ne faut pas choisir Delete ni Quarantine


Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifier l'action à entreprendre et indiquer Quarantine (au lieu de Skip).

Puis cliquer sur le bouton Image (Continue),

Attendre l'affichage du fichier rapport.

Si l'outil a besoin d'un redémarrage pour finaliser le nettoyage, cliquer sur le bouton Image (Reboot computer)

Dans tous les cas, faire redémarrer le PC.


Étape 4: Pas de processus de contrôle en temps réel
Comme le PC a redémarré, et si l'antivirus et l'antispyware ont été réactivés, il faut de nouveau les désactiver.


Étape 5: Désinstallation
Démarrer-->Panneau de configuration-->Programmes-->Programmes et fonctionnalités
Sélectionner (si trouvé) Fast Browser Search puis cliquer sur Désinstaller
Sélectionner (si trouvé) QuickStores Toolbar puis cliquer sur Désinstaller
Sélectionner (si trouvé) PC Cleaners puis cliquer sur Désinstaller
Sélectionner (si trouvé) CleanUp! puis cliquer sur Désinstaller


Étape 6: OTL (de OldTimer), correction

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Sélectionner toutes les lignes ci-dessous comprises entre les deux lignes ------- (qu'il ne faut pas sélectionner), puis appuyer simultanément sur les touches Ctrl et C
Note importante: ne pas oublier de sélectionner le caractère "deux points" en début de première ligne.

-----------------------------------------------------

:Services
sysperf.exe

:otl
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={798335B0-69FA-29ED-46A9-D38DEC793439}&q="
[2010/09/05 15:06:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Users\Benoit BERQUIN\AppData\Roaming\mozilla\Firefox\Profiles\1r61jjw5.default\extensions\quickstores@quickstores.de
[2010/09/04 12:43:15 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2009/09/06 18:00:20 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/09/06 18:00:21 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
O2 - BHO: (XBTBPos00 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKU\S-1-5-21-3017553372-3954341448-1392868311-1001\..\Toolbar\WebBrowser: (Fast Browser Search) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O4 - HKLM..\Run: [PC Cleaners] C:\Program Files\PC Cleaners\PCCleaners.exe (PC Cleaners Inc.)
O20 - AppInit_DLLs: (aacext.dll) -C:\Windows\System32\aacext.dll ()

:Files
C:\Windows\System32\aacext.dll
C:\Windows\System32\System32
C:\Windows\System32\GnuHashes.ini
C:\Windows\System32\sysperf.exe

:Commands
[emptytemp]



-----------------------------------------------------

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: paracelse62.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.

Retourner dans la fenêtre de OTL, faire un clic droit dans la zone blanche sous "Personnalisation" Image et choisir Coller (les lignes sélectionnées ci-dessus doivent apparaître dans la zone "Personnalisation").

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 7: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 8: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 9: Résultats
Envoyer en réponse:
*- le rapport de TDSSKiller (contenu du fichier %SystemDrive%\TDSSKiller.Version_Date_Heure_log.txt)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France
Haut
Suivante
Sujet verrouillé

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 35 invités

Développé par phpBB® Forum Software © phpBB Group
Traduction par phpBB-fr.com