Demande d'analyse

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande d'analyse

Messagede sparkle » 26 Nov 2011, 11:28

bonjour,

Je possède un PC portable Packard Bell Easy Note TM. Celui-ci est depuis quelques temps très lent au démarrage, lancement des applications, problème de son....
Je suis sous windows 7.

Je vous remercie pour votre aide.

Rapport Malware bytes :

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8245

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26/11/2011 10:52:58
mbam-log-2011-11-26 (10-52-58).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 173565
Temps écoulé: 7 minute(s), 58 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
sparkle
 
Messages: 6
Inscription: 26 Nov 2011, 11:20

Re: Demande d'analyse

Messagede sparkle » 26 Nov 2011, 11:31

Rapport OTL :

OTL logfile created on: 26/11/2011 11:02:27 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sandrine\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,75 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 63,36% Memory free
7,49 Gb Paging File | 5,86 Gb Available in Paging File | 78,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 352,61 Gb Free Space | 78,07% Space Free | Partition Type: NTFS

Computer Name: SANDRINE-PC | User Name: Sandrine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 10:32:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandrine\Desktop\OTL.exe
PRC - [2011/09/07 23:58:13 | 000,357,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/07 12:03:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 06:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/04/06 19:31:32 | 004,866,120 | ---- | M] () -- C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
PRC - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010/03/09 00:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010/03/03 14:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 14:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2010/04/06 19:31:32 | 004,866,120 | ---- | M] () -- C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
MOD - [2010/03/09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2009/12/22 08:52:20 | 007,581,696 | ---- | M] () -- c:\Program Files (x86)\Adobe\Reader 9.0\Reader\RdLang32.FRA
MOD - [2009/10/03 10:48:05 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.fra
MOD - [2009/10/03 10:44:48 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\updater.FRA
MOD - [2009/05/20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009/02/28 00:39:14 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Weblink.FRA
MOD - [2009/02/28 00:33:36 | 001,708,032 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.FRA
MOD - [2009/02/27 20:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2009/01/18 23:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/29 01:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/17 09:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/07 12:03:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/05/15 10:26:04 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/10 03:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/07 12:03:52 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/08/07 12:03:52 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/09 04:36:42 | 000,048,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/07 03:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/29 01:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/29 00:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/20 19:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/02/08 14:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/08/23 10:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f4542d218
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... 5f4542d218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f4542d218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-318668031-1002096723-1531166652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f4542d218
IE - HKU\S-1-5-21-318668031-1002096723-1531166652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-318668031-1002096723-1531166652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/17 17:28:52 | 000,000,000 | ---D | M]

[2010/08/19 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandrine\AppData\Roaming\mozilla\Extensions
[2010/08/19 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandrine\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (EOBHO Class) - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - C:\Program Files (x86)\EoRezo\EoRezoBHO.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-318668031-1002096723-1531166652-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-318668031-1002096723-1531166652-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sandrine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0B0743-4936-4D14-829A-51AB56B29EFF}: DhcpNameServer = 212.27.40.241 212.27.40.240
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/11/26 10:48:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/26 10:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/11/26 10:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/11/26 10:43:29 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Roaming\Malwarebytes
[2011/11/26 10:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/26 10:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/26 10:40:26 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/26 10:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/26 10:39:19 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sandrine\Desktop\erunt-setup.exe
[2011/11/26 10:37:50 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sandrine\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/26 10:36:16 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2011/11/26 10:32:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sandrine\Desktop\OTL.exe
[2011/11/26 10:20:57 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\Desktop\backups
[2011/11/26 09:59:48 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{407CA1D6-8DDA-4E64-A84A-BEEF863AAC75}
[2011/11/25 07:44:58 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{76A8AAAF-F7DE-43A7-8D1D-2F6232AFB9D5}
[2011/11/24 17:48:14 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{DAD05923-FA74-4C61-B3F2-44057A4E400D}
[2011/11/24 07:40:38 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{E93683E8-0DD1-4ECE-9267-1C447226C067}
[2011/11/23 20:09:34 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{C3BC13DB-4C7D-4F7C-82CA-7A7C7A4CDA22}
[2011/11/23 17:52:42 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{22F2A57B-B03C-4C5A-8417-8CE3417B16F1}
[2011/11/21 19:08:56 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{EB6AC6EB-6C4C-41EB-B0BE-F27C4C51042A}
[2011/11/21 12:26:09 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{59F49E64-9B63-456A-B3A9-FC90F56D548E}
[2011/11/21 08:00:35 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{19D99F74-E289-48F4-B384-CC856DDE2F5D}
[2011/11/20 22:39:05 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{256A609B-9212-478A-8BC8-5ECC50DED226}
[2011/11/20 18:08:49 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{DD65D7A2-5AAC-4409-A66E-CE5CB31B8459}
[2011/11/20 15:16:02 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{D5B143DF-19B7-479B-8B71-8DE369293772}
[2011/11/18 12:20:43 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{E938B3F5-BE99-450C-8671-01DA06ED1889}
[2011/11/18 07:04:24 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{DCED6393-3E21-4EF6-89AC-42EC090D3CA5}
[2011/11/17 17:56:14 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{8C5488CE-D15C-4797-B58E-CF1C3FED8C4E}
[2011/11/16 07:22:42 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{7DE3F737-2E0E-4BF7-AEA1-92B379DB7436}
[2011/11/15 20:46:03 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{CD58A776-2F66-473A-9F50-27885E5BF09B}
[2011/11/15 19:39:37 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/11/15 19:39:37 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/11/15 19:39:37 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/11/15 19:39:36 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/11/15 19:39:35 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/11/15 19:39:35 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/11/15 19:39:35 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/11/15 19:39:35 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/11/15 19:39:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/11/15 19:23:35 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{A76002A4-09F0-478A-B9C1-379485B921B6}
[2011/11/15 12:18:13 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{60C31C3D-BD15-46D6-BF04-6827DF9BCF6C}
[2011/11/15 07:54:50 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{A68F7EB0-4457-44C5-92F2-3BF0C7D81EF9}
[2011/11/14 17:47:46 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{CCD537FB-B47A-4FA0-AC52-16D955D43700}
[2011/11/14 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{DDCE54A9-AC01-4E92-81C6-91DA87A1D6E3}
[2011/11/12 18:20:34 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{77DFFA05-054E-4882-8544-59FB7E4C2CA7}
[2011/11/12 11:57:47 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{F6868823-101D-4CB7-B668-9F454DF7A6FA}
[2011/11/10 19:20:12 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{AEBBADCE-AAB3-4946-A10F-41FBED0438D6}
[2011/11/10 12:16:32 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{34592FC6-E014-4D2D-85DF-8DE049EBAAAF}
[2011/11/09 17:47:23 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{658F37F4-62B8-49A1-BF60-1900B6AF3E78}
[2011/11/09 12:18:51 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{4559D93E-DF91-430D-A817-91BD28ED036A}
[2011/11/08 18:10:41 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{217F48B2-D8B9-49AB-B7EB-BE0CCF0E81F5}
[2011/11/08 07:56:36 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{F369AFE2-FE1E-411B-97AF-95A7DA52F1CD}
[2011/11/07 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{85CA106D-AB4B-407F-AC8F-8970BFAD963C}
[2011/11/07 20:40:46 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{E621A930-7A48-4562-A166-00FC120541AA}
[2011/11/07 20:39:24 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{4D3629EF-C104-476C-A741-EB193FC0C389}
[2011/11/07 20:37:50 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{49F952A6-63FF-4736-A650-95EE5CC539F9}
[2011/11/07 20:35:16 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{68227B5E-77DA-426F-A534-3C44CE03BA06}
[2011/11/07 20:34:03 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{BB8E2F08-5F37-4DB0-A9CE-DD74B97503DD}
[2011/11/07 20:32:55 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{5178020D-F5B8-44F2-A21F-4C7716BF1C9D}
[2011/11/07 20:27:35 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{4EEFA487-468B-49D8-81B3-25A255E976C1}
[2011/11/07 20:22:38 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{22D4D574-9226-4F20-8D29-ED7478C50550}
[2011/11/07 20:21:29 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{D0534E26-D1F8-43B3-9AC8-BEA80529548F}
[2011/11/07 20:19:36 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{8699A6D8-8166-471B-9302-49F94115FBCF}
[2011/11/07 20:18:02 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{6F7CF785-82C6-4912-A730-1D7BFF005B3E}
[2011/11/07 20:14:59 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{06808986-647C-404C-B7A7-682C3525E567}
[2011/11/07 20:07:21 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{47E1A71E-59BF-4E7C-A947-FA32EA5BF0A7}
[2011/11/07 20:03:15 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{30834C12-FD76-4B4C-8008-67702BC15911}
[2011/11/07 19:57:06 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{AC34A7AB-9E27-4B51-A092-A81881DC2545}
[2011/11/07 19:36:14 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{DE19122D-540B-4B8E-86A3-E3BF70B6976C}
[2011/11/07 19:22:52 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{D6CF7DDB-FB33-4004-AA75-EEC88E4CAE5B}
[2011/11/07 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{92846806-7CBB-40E9-BD98-6327D363CAA5}
[2011/11/07 19:13:27 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{1CD73DC1-85BE-4367-A493-301A94B41DEC}
[2011/11/07 19:04:03 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{469FF32A-43A5-4DF6-B0C6-AE0A56F77F30}
[2011/11/07 19:02:05 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{E0215323-027A-482B-8359-D16022573BC6}
[2011/11/07 19:00:38 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{11FFA7AB-148A-4B7F-B2F9-FE5752369A82}
[2011/11/07 18:35:06 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{11D1181E-DEE2-4268-B4B3-9AEDDE5A8841}
[2011/11/07 18:31:07 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{C5CC46A9-EABC-4749-80A8-6C46B3408B1D}
[2011/11/07 18:07:44 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{6D47D6D4-7095-4C73-A288-3A3BBEA3D3B5}
[2011/11/07 17:48:33 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{7622419D-06B6-444F-9878-A254DE9E6F2E}
[2011/11/07 13:00:05 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{F19B3286-9FDE-46E9-9A23-E3E27024D852}
[2011/11/07 12:23:19 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{38851182-DF7F-418B-8BA7-CCD019CEE904}
[2011/11/06 23:16:43 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{652F18B7-CCDF-4C87-AB13-3554D3047E8C}
[2011/11/04 17:20:05 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{AC4A16CD-7BBE-4278-9A30-6F71247E0D50}
[2011/11/03 19:50:01 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{392CF37B-814B-4B8C-9AB2-8CE83DFCD8B5}
[2011/11/03 07:46:04 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{3B0C54DB-4FB1-49CA-BF6E-185FCE4067B1}
[2011/11/02 21:30:51 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{CF4B5F6D-5C9A-496C-8D8B-AD659C8D1002}
[2011/11/02 17:49:20 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{4CB32A7A-7548-4691-AFD0-75337E84586D}
[2011/11/02 07:45:54 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{0B98FE0D-B698-4516-9A1F-DEE3E3FBE926}
[2011/11/01 20:18:23 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{1BE5B710-E130-4042-BF2A-95EFD0D28590}
[2011/11/01 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{7E8C43EA-B156-43E0-AA5B-BD81EE69B631}
[2011/10/31 20:14:05 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{11BC6C0A-46F3-4B5D-9B3E-0C920E94B702}
[2011/10/29 17:54:10 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{43CFCD28-2B21-4033-99E2-77C92D59A22B}
[2011/10/29 16:54:51 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{342C81E0-808D-48EC-B53A-FFB74DFE804D}
[2011/10/29 08:16:21 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{4BBAB4DD-D86F-4734-BACD-94658239E5AB}
[2011/10/28 12:01:29 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{2594C72B-6467-4B54-8917-5E289293FA75}
[2011/10/28 11:55:43 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{8258CAE3-33E4-4DE0-B0A0-6F7A714DE865}
[2011/10/28 06:42:11 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{5B16A3A6-9C69-48CF-BAD7-2C285E0EB161}
[2011/10/27 11:22:29 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{77A817AE-D10D-437D-B875-E426ACAB3450}

========== Files - Modified Within 30 Days ==========

[2011/11/26 11:04:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/11/26 10:54:43 | 000,198,449 | ---- | M] () -- C:\Users\Sandrine\Desktop\00-PAD-nickW.pdf
[2011/11/26 10:54:13 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/26 10:47:39 | 000,001,116 | ---- | M] () -- C:\Users\Sandrine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/26 10:47:34 | 000,000,936 | ---- | M] () -- C:\Users\Sandrine\Desktop\NTREGOPT.lnk
[2011/11/26 10:47:34 | 000,000,917 | ---- | M] () -- C:\Users\Sandrine\Desktop\ERUNT.lnk
[2011/11/26 10:40:34 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/26 10:39:36 | 000,005,024 | ---- | M] () -- C:\Users\Sandrine\Desktop\erunt-loc_fr.zip
[2011/11/26 10:39:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sandrine\Desktop\erunt-setup.exe
[2011/11/26 10:37:56 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sandrine\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/26 10:32:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandrine\Desktop\OTL.exe
[2011/11/26 10:05:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 10:05:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 09:53:14 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/26 09:51:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 09:51:38 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/23 19:59:28 | 496,508,595 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/15 19:58:14 | 000,364,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/07 18:10:29 | 001,524,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/07 18:10:29 | 000,695,004 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/11/07 18:10:29 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/07 18:10:29 | 000,127,684 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/11/07 18:10:29 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

<End>
sparkle
 
Messages: 6
Inscription: 26 Nov 2011, 11:20

Re: Demande d'analyse

Messagede sparkle » 26 Nov 2011, 11:32

Rapport OTL-1

OTL logfile created on: 26/11/2011 11:02:27 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sandrine\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,75 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 63,36% Memory free
7,49 Gb Paging File | 5,86 Gb Available in Paging File | 78,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 352,61 Gb Free Space | 78,07% Space Free | Partition Type: NTFS

Computer Name: SANDRINE-PC | User Name: Sandrine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 10:32:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandrine\Desktop\OTL.exe
PRC - [2011/09/07 23:58:13 | 000,357,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/07 12:03:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 06:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/04/06 19:31:32 | 004,866,120 | ---- | M] () -- C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
PRC - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010/03/09 00:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010/03/03 14:21:16 | 001,300,560 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/03/03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/03/03 14:21:16 | 000,297,040 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2010/04/06 19:31:32 | 004,866,120 | ---- | M] () -- C:\Program Files (x86)\Video Web Camera\VideoWebCamera.exe
MOD - [2010/03/09 01:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2009/12/22 08:52:20 | 007,581,696 | ---- | M] () -- c:\Program Files (x86)\Adobe\Reader 9.0\Reader\RdLang32.FRA
MOD - [2009/10/03 10:48:05 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.fra
MOD - [2009/10/03 10:44:48 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\updater.FRA
MOD - [2009/05/20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009/02/28 00:39:14 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Weblink.FRA
MOD - [2009/02/28 00:33:36 | 001,708,032 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.FRA
MOD - [2009/02/27 20:52:56 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
MOD - [2009/01/18 23:50:02 | 000,417,792 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/29 01:41:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/17 09:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/07 12:03:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/21 06:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/05/15 10:26:04 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/09 00:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/03 14:21:16 | 000,325,200 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/10 03:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/07 12:03:52 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/08/07 12:03:52 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/09 04:36:42 | 000,048,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/07 03:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/29 01:51:38 | 006,405,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/29 00:46:28 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/20 19:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/02/08 14:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/02 08:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/08/23 10:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f4542d218
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.asp ... 5f4542d218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f4542d218
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-318668031-1002096723-1531166652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.asp ... 5f4542d218
IE - HKU\S-1-5-21-318668031-1002096723-1531166652-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-318668031-1002096723-1531166652-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/17 17:28:52 | 000,000,000 | ---D | M]

[2010/08/19 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandrine\AppData\Roaming\mozilla\Extensions
[2010/08/19 12:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandrine\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook64.dll (Shareaza Development Team)
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files (x86)\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (EOBHO Class) - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - C:\Program Files (x86)\EoRezo\EoRezoBHO.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-318668031-1002096723-1531166652-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-318668031-1002096723-1531166652-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Sandrine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC0B0743-4936-4D14-829A-51AB56B29EFF}: DhcpNameServer = 212.27.40.241 212.27.40.240
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
<End>
sparkle
 
Messages: 6
Inscription: 26 Nov 2011, 11:20

Re: Demande d'analyse

Messagede sparkle » 26 Nov 2011, 11:33

Rapport OTL-2/2 :

========== Files/Folders - Created Within 30 Days ==========

[2011/11/26 10:48:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/26 10:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/11/26 10:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/11/26 10:43:29 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Roaming\Malwarebytes
[2011/11/26 10:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/26 10:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/26 10:40:26 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/26 10:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/26 10:39:19 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Sandrine\Desktop\erunt-setup.exe
[2011/11/26 10:37:50 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sandrine\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/26 10:36:16 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2011/11/26 10:32:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sandrine\Desktop\OTL.exe
[2011/11/26 10:20:57 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\Desktop\backups
[2011/11/26 09:59:48 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{407CA1D6-8DDA-4E64-A84A-BEEF863AAC75}
[2011/11/25 07:44:58 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{76A8AAAF-F7DE-43A7-8D1D-2F6232AFB9D5}
[2011/11/24 17:48:14 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{DAD05923-FA74-4C61-B3F2-44057A4E400D}
[2011/11/24 07:40:38 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{E93683E8-0DD1-4ECE-9267-1C447226C067}
[2011/11/23 20:09:34 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{C3BC13DB-4C7D-4F7C-82CA-7A7C7A4CDA22}
[2011/11/23 17:52:42 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{22F2A57B-B03C-4C5A-8417-8CE3417B16F1}
[2011/11/21 19:08:56 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{EB6AC6EB-6C4C-41EB-B0BE-F27C4C51042A}
[2011/11/21 12:26:09 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{59F49E64-9B63-456A-B3A9-FC90F56D548E}
[2011/11/21 08:00:35 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{19D99F74-E289-48F4-B384-CC856DDE2F5D}
[2011/11/20 22:39:05 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{256A609B-9212-478A-8BC8-5ECC50DED226}
[2011/11/20 18:08:49 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{DD65D7A2-5AAC-4409-A66E-CE5CB31B8459}
[2011/11/20 15:16:02 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{D5B143DF-19B7-479B-8B71-8DE369293772}
[2011/11/18 12:20:43 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{E938B3F5-BE99-450C-8671-01DA06ED1889}
[2011/11/18 07:04:24 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{DCED6393-3E21-4EF6-89AC-42EC090D3CA5}
[2011/11/17 17:56:14 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{8C5488CE-D15C-4797-B58E-CF1C3FED8C4E}
[2011/11/16 07:22:42 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{7DE3F737-2E0E-4BF7-AEA1-92B379DB7436}
[2011/11/15 20:46:03 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{CD58A776-2F66-473A-9F50-27885E5BF09B}
[2011/11/15 19:39:37 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/11/15 19:39:37 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/11/15 19:39:37 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/11/15 19:39:36 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/11/15 19:39:35 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/11/15 19:39:35 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/11/15 19:39:35 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/11/15 19:39:35 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/11/15 19:39:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/11/15 19:23:35 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{A76002A4-09F0-478A-B9C1-379485B921B6}
[2011/11/15 12:18:13 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{60C31C3D-BD15-46D6-BF04-6827DF9BCF6C}
[2011/11/15 07:54:50 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{A68F7EB0-4457-44C5-92F2-3BF0C7D81EF9}
[2011/11/14 17:47:46 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{CCD537FB-B47A-4FA0-AC52-16D955D43700}
[2011/11/14 12:41:41 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{DDCE54A9-AC01-4E92-81C6-91DA87A1D6E3}
[2011/11/12 18:20:34 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{77DFFA05-054E-4882-8544-59FB7E4C2CA7}
[2011/11/12 11:57:47 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{F6868823-101D-4CB7-B668-9F454DF7A6FA}
[2011/11/10 19:20:12 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{AEBBADCE-AAB3-4946-A10F-41FBED0438D6}
[2011/11/10 12:16:32 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{34592FC6-E014-4D2D-85DF-8DE049EBAAAF}
[2011/11/09 17:47:23 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{658F37F4-62B8-49A1-BF60-1900B6AF3E78}
[2011/11/09 12:18:51 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{4559D93E-DF91-430D-A817-91BD28ED036A}
[2011/11/08 18:10:41 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{217F48B2-D8B9-49AB-B7EB-BE0CCF0E81F5}
[2011/11/08 07:56:36 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{F369AFE2-FE1E-411B-97AF-95A7DA52F1CD}
[2011/11/07 20:43:16 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{85CA106D-AB4B-407F-AC8F-8970BFAD963C}
[2011/11/07 20:40:46 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{E621A930-7A48-4562-A166-00FC120541AA}
[2011/11/07 20:39:24 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{4D3629EF-C104-476C-A741-EB193FC0C389}
[2011/11/07 20:37:50 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{49F952A6-63FF-4736-A650-95EE5CC539F9}
[2011/11/07 20:35:16 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{68227B5E-77DA-426F-A534-3C44CE03BA06}
[2011/11/07 20:34:03 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{BB8E2F08-5F37-4DB0-A9CE-DD74B97503DD}
[2011/11/07 20:32:55 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{5178020D-F5B8-44F2-A21F-4C7716BF1C9D}
[2011/11/07 20:27:35 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{4EEFA487-468B-49D8-81B3-25A255E976C1}
[2011/11/07 20:22:38 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{22D4D574-9226-4F20-8D29-ED7478C50550}
[2011/11/07 20:21:29 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{D0534E26-D1F8-43B3-9AC8-BEA80529548F}
[2011/11/07 20:19:36 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{8699A6D8-8166-471B-9302-49F94115FBCF}
[2011/11/07 20:18:02 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{6F7CF785-82C6-4912-A730-1D7BFF005B3E}
[2011/11/07 20:14:59 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{06808986-647C-404C-B7A7-682C3525E567}
[2011/11/07 20:07:21 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{47E1A71E-59BF-4E7C-A947-FA32EA5BF0A7}
[2011/11/07 20:03:15 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{30834C12-FD76-4B4C-8008-67702BC15911}
[2011/11/07 19:57:06 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{AC34A7AB-9E27-4B51-A092-A81881DC2545}
[2011/11/07 19:36:14 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{DE19122D-540B-4B8E-86A3-E3BF70B6976C}
[2011/11/07 19:22:52 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{D6CF7DDB-FB33-4004-AA75-EEC88E4CAE5B}
[2011/11/07 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{92846806-7CBB-40E9-BD98-6327D363CAA5}
[2011/11/07 19:13:27 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{1CD73DC1-85BE-4367-A493-301A94B41DEC}
[2011/11/07 19:04:03 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{469FF32A-43A5-4DF6-B0C6-AE0A56F77F30}
[2011/11/07 19:02:05 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{E0215323-027A-482B-8359-D16022573BC6}
[2011/11/07 19:00:38 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{11FFA7AB-148A-4B7F-B2F9-FE5752369A82}
[2011/11/07 18:35:06 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{11D1181E-DEE2-4268-B4B3-9AEDDE5A8841}
[2011/11/07 18:31:07 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{C5CC46A9-EABC-4749-80A8-6C46B3408B1D}
[2011/11/07 18:07:44 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{6D47D6D4-7095-4C73-A288-3A3BBEA3D3B5}
[2011/11/07 17:48:33 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{7622419D-06B6-444F-9878-A254DE9E6F2E}
[2011/11/07 13:00:05 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{F19B3286-9FDE-46E9-9A23-E3E27024D852}
[2011/11/07 12:23:19 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{38851182-DF7F-418B-8BA7-CCD019CEE904}
[2011/11/06 23:16:43 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{652F18B7-CCDF-4C87-AB13-3554D3047E8C}
[2011/11/04 17:20:05 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{AC4A16CD-7BBE-4278-9A30-6F71247E0D50}
[2011/11/03 19:50:01 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{392CF37B-814B-4B8C-9AB2-8CE83DFCD8B5}
[2011/11/03 07:46:04 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{3B0C54DB-4FB1-49CA-BF6E-185FCE4067B1}
[2011/11/02 21:30:51 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{CF4B5F6D-5C9A-496C-8D8B-AD659C8D1002}
[2011/11/02 17:49:20 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{4CB32A7A-7548-4691-AFD0-75337E84586D}
[2011/11/02 07:45:54 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{0B98FE0D-B698-4516-9A1F-DEE3E3FBE926}
[2011/11/01 20:18:23 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{1BE5B710-E130-4042-BF2A-95EFD0D28590}
[2011/11/01 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{7E8C43EA-B156-43E0-AA5B-BD81EE69B631}
[2011/10/31 20:14:05 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{11BC6C0A-46F3-4B5D-9B3E-0C920E94B702}
[2011/10/29 17:54:10 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{43CFCD28-2B21-4033-99E2-77C92D59A22B}
[2011/10/29 16:54:51 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{342C81E0-808D-48EC-B53A-FFB74DFE804D}
[2011/10/29 08:16:21 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{4BBAB4DD-D86F-4734-BACD-94658239E5AB}
[2011/10/28 12:01:29 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{2594C72B-6467-4B54-8917-5E289293FA75}
[2011/10/28 11:55:43 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{8258CAE3-33E4-4DE0-B0A0-6F7A714DE865}
[2011/10/28 06:42:11 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{5B16A3A6-9C69-48CF-BAD7-2C285E0EB161}
[2011/10/27 11:22:29 | 000,000,000 | ---D | C] -- C:\Users\Sandrine\AppData\Local\{77A817AE-D10D-437D-B875-E426ACAB3450}

========== Files - Modified Within 30 Days ==========

[2011/11/26 11:04:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/11/26 10:54:43 | 000,198,449 | ---- | M] () -- C:\Users\Sandrine\Desktop\00-PAD-nickW.pdf
[2011/11/26 10:54:13 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/26 10:47:39 | 000,001,116 | ---- | M] () -- C:\Users\Sandrine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/26 10:47:34 | 000,000,936 | ---- | M] () -- C:\Users\Sandrine\Desktop\NTREGOPT.lnk
[2011/11/26 10:47:34 | 000,000,917 | ---- | M] () -- C:\Users\Sandrine\Desktop\ERUNT.lnk
[2011/11/26 10:40:34 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/26 10:39:36 | 000,005,024 | ---- | M] () -- C:\Users\Sandrine\Desktop\erunt-loc_fr.zip
[2011/11/26 10:39:27 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Sandrine\Desktop\erunt-setup.exe
[2011/11/26 10:37:56 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sandrine\Desktop\mbam-setup-1.51.2.1300.exe
[2011/11/26 10:32:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sandrine\Desktop\OTL.exe
[2011/11/26 10:05:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 10:05:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/26 09:53:14 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/26 09:51:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/26 09:51:38 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/23 19:59:28 | 496,508,595 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/15 19:58:14 | 000,364,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/07 18:10:29 | 001,524,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/07 18:10:29 | 000,695,004 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011/11/07 18:10:29 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/07 18:10:29 | 000,127,684 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011/11/07 18:10:29 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2011/11/26 11:04:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/11/26 10:54:42 | 000,198,449 | ---- | C] () -- C:\Users\Sandrine\Desktop\00-PAD-nickW.pdf
[2011/11/26 10:47:39 | 000,001,116 | ---- | C] () -- C:\Users\Sandrine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/11/26 10:47:34 | 000,000,936 | ---- | C] () -- C:\Users\Sandrine\Desktop\NTREGOPT.lnk
[2011/11/26 10:47:34 | 000,000,917 | ---- | C] () -- C:\Users\Sandrine\Desktop\ERUNT.lnk
[2011/11/26 10:40:34 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/26 10:39:34 | 000,005,024 | ---- | C] () -- C:\Users\Sandrine\Desktop\erunt-loc_fr.zip
[2011/09/25 12:49:18 | 000,000,000 | ---- | C] () -- C:\Users\Sandrine\AppData\Local\{306031CD-A33F-422F-A9DF-A1D11156DE95}
[2011/07/04 11:19:34 | 000,000,000 | ---- | C] () -- C:\Users\Sandrine\AppData\Local\{B8CDCC27-EA84-44A9-9A20-0B7D5483FF95}
[2010/12/09 20:50:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/11/16 07:35:26 | 000,006,144 | ---- | C] () -- C:\Users\Sandrine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 10:15:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/30 15:58:05 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/09/03 11:31:32 | 000,000,000 | ---D | M] -- C:\Users\Sandrine\AppData\Roaming\Azureus
[2011/06/12 21:52:01 | 000,000,000 | ---D | M] -- C:\Users\Sandrine\AppData\Roaming\OpenOffice.org
[2010/08/17 15:28:11 | 000,000,000 | ---D | M] -- C:\Users\Sandrine\AppData\Roaming\Packard Bell
[2011/06/02 08:14:14 | 000,000,000 | ---D | M] -- C:\Users\Sandrine\AppData\Roaming\Shareaza
[2010/11/01 13:01:48 | 000,000,000 | ---D | M] -- C:\Users\Sandrine\AppData\Roaming\SNS
[2011/07/28 19:37:16 | 000,000,000 | ---D | M] -- C:\Users\Sandrine\AppData\Roaming\WildTangent
[2010/09/06 21:40:13 | 000,000,000 | ---D | M] -- C:\Users\Sandrine\AppData\Roaming\Windows Live Writer
[2011/11/02 20:12:01 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2009/07/14 02:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\SysNative\ctfmon.exe
[2009/07/14 02:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[2009/07/14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\SysWOW64\ctfmon.exe
[2009/07/14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 11:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 11:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTORV.SYS >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Sandrine\Downloads:Shareaza.GUID

< End of report >
sparkle
 
Messages: 6
Inscription: 26 Nov 2011, 11:20

Re: Demande d'analyse

Messagede sparkle » 26 Nov 2011, 11:34

Rapport Extra- 1/2 :

OTL Extras logfile created on: 26/11/2011 11:02:27 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sandrine\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,75 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 63,36% Memory free
7,49 Gb Paging File | 5,86 Gb Available in Paging File | 78,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,66 Gb Total Space | 352,61 Gb Free Space | 78,07% Space Free | Partition Type: NTFS

Computer Name: SANDRINE-PC | User Name: Sandrine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-318668031-1002096723-1531166652-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3B20226B-63ED-B863-B224-FE40401B21CA}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB06ECB-38F0-68CD-B215-94D50914C0F8}" = ccc-utility64
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01868E82-DA4F-BFF8-45CF-9B1CAE8810D9}" = Catalyst Control Center Core Implementation
"{01CC7DB7-909B-E630-A44A-8118036CAF3C}" = CCC Help Korean
"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07367450-E3E6-B4A1-E19C-A07429026680}" = CCC Help Swedish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1C42AA63-B354-56AF-69CA-FA73285368BE}" = CCC Help German
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FFDACFC-898C-FC99-0140-AE2FC18B710E}" = Catalyst Control Center Graphics Full New
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{268E2A87-470B-118B-B3AD-6F2615B86623}" = CCC Help Greek
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{3601754A-C72B-E4B3-CE39-78CCD0B58DC9}" = CCC Help Russian
"{3A69B28B-6E44-E512-C395-EEDCB5BCB485}" = CCC Help Danish
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3BA616F8-F969-4DE7-0C85-35BE954DDB8A}" = CCC Help Hungarian
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3EED6569-D845-F8D1-9648-84729711590E}" = CCC Help Italian
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A41156A-0669-F7B5-B24C-5E25C69F1E68}" = CCC Help Turkish
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Video Web Camera
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63ADFC07-D92A-670C-3826-BB0C9CC41D8A}" = CCC Help Polish
"{6488561D-83C8-6987-6163-744E60680139}" = CCC Help Japanese
"{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CA5A5F-7541-5216-6433-DE69E4245116}" = Catalyst Control Center Graphics Light
"{69F214C9-507D-7EB5-FF08-926CFD0D5EC6}" = Catalyst Control Center Localization All
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{762CB899-DF14-EB84-78F5-888C83AA7DC3}" = Catalyst Control Center Graphics Previews Common
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7E0610A2-E336-40B3-B685-C4905E97EC9A}" = OpenOffice.org 3.3
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83E4C065-91B9-20DD-74DA-90A71242CE18}" = CCC Help Norwegian
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEAE107-B186-4EA8-5F84-3AAA3158FEB1}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ee45d5d-1457-4038-92ac-099af5b2ea86}" = Nero 9 Essentials
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2007
"{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CCDA3DD6-E33D-4D75-B7C9-FF585580CE83}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_OMUI.fr-fr_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2007
"{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2007
"{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{975B24AC-8CB7-B4E1-E666-37964657576E}" = CCC Help Chinese Traditional
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A45B7A40-694C-BAB8-EE69-4240ADFEA1FF}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{AD768FF7-E329-886C-D88E-585F26BB8738}" = CCC Help Dutch
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B8F5BACE-194E-0203-023E-2FFEF68EE290}" = CCC Help English
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C450D07C-3914-5481-A068-29975DA5C596}" = CCC Help French
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9165CF3-A14D-A281-B62E-37312AA9E63D}" = CCC Help Spanish
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E16961-E6FA-4689-AD09-3DB7E5770167}" = Catalyst Control Center InstallProxy
"{D65F8E34-C050-4E6C-86DB-D2B9075749A0}" = Windows Live Sync ActiveX Control for Remote Connections
"{D6B1E149-790E-3B60-07F9-07A40ECAFBA0}" = Catalyst Control Center Graphics Full Existing
"{DBF91CC3-41F6-0D99-3D2D-686C59865652}" = ccc-core-static
"{DD49AC0F-E08A-F77D-AB38-2EE9CD5D8F0B}" = CCC Help Thai
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DECEFADB-0486-6252-C312-49DDAC71DF33}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F7425F93-2071-A946-008A-6ACA60B43FB2}" = CCC Help Czech
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC635D8E-FFBA-4B2C-BE68-A37D56BDFB74}" = Catalyst Control Center - Branding
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"AbiWord2" = AbiWord 2.8.6
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Metaboli" = Metaboli
"OMUI.fr-fr" = Microsoft Office Language Pack 2007 - French/Français
"Packard Bell Game Console" = Packard Bell Game Console
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"VLC media player" = VLC media player 1.0.1
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WildTangent packardbell Master Uninstall" = Packard Bell Games
"WinLiveSuite" = Windows Live
"WT078791" = Bejeweled 2 Deluxe
"WT078806" = Insaniquarium Deluxe
"WT078833" = Zuma Deluxe
"WT078960" = Blasterball 3
"WT078964" = Bob the Builder Can-Do-Zoo
"WT079020" = Faerie Solitaire
"WT079024" = FATE - The Traitor Soul
"WT079064" = Jewel Quest
"WT079068" = Jewel Quest Solitaire 3
"WT079108" = Penguins!
"WT079116" = Polar Bowler
"WT079120" = Polar Golfer
"WT079124" = Polar Pool
"WT079177" = Virtual Villagers - A New Home
"WT079184" = Yahtzee
"WT079363" = Build-a-lot 2
"WT079366" = Chicken Invaders 3 - Revenge of the Yolk
"WT079395" = Escape Rosecliff Island
"WT079397" = Mahjongg Artifacts
"WT079421" = Virtual Families

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-318668031-1002096723-1531166652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Notification de cadeaux MSN" = Notification de cadeaux MSN
<End>
sparkle
 
Messages: 6
Inscription: 26 Nov 2011, 11:20

Re: Demande d'analyse

Messagede sparkle » 26 Nov 2011, 11:35

Rapport Extra 2/2 :

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/06/2011 05:58:19 | Computer Name = Sandrine-PC | Source = SideBySide | ID = 16842785
Description = La création du contexte d’activation a échoué pour « c:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ».
Assembly
dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.

Error - 17/06/2011 14:33:01 | Computer Name = Sandrine-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante iexplore.exe, version : 8.0.7600.16800,
horodatage : 0x4db1bf6e Nom du module défaillant : mshtml.dll, version : 8.0.7600.16821,
horodatage : 0x4de07aca Code d’exception : 0xc0000005 Décalage d’erreur : 0x001bb14f
ID
du processus défaillant : 0xe5c Heure de début de l’application défaillante : 0x01cc2d1ce7919215
Chemin
d’accès de l’application défaillante : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Chemin
d’accès du module défaillant: C:\Windows\SysWOW64\mshtml.dll ID de rapport : 3aaaf6fc-9910-11e0-bd4d-8d854e90e315

Error - 17/06/2011 17:40:31 | Computer Name = Sandrine-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante iexplore.exe, version : 8.0.7600.16800,
horodatage : 0x4db1bf6e Nom du module défaillant : mshtml.dll, version : 8.0.7600.16821,
horodatage : 0x4de07aca Code d’exception : 0xc0000005 Décalage d’erreur : 0x001bb14f
ID
du processus défaillant : 0x137c Heure de début de l’application défaillante : 0x01cc2d370f23a746
Chemin
d’accès de l’application défaillante : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Chemin
d’accès du module défaillant: C:\Windows\SysWOW64\mshtml.dll ID de rapport : 6c32b4bd-992a-11e0-bd4d-8d854e90e315

Error - 19/06/2011 00:16:08 | Computer Name = Sandrine-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante iexplore.exe, version : 8.0.7600.16800,
horodatage : 0x4db1bf6e Nom du module défaillant : mshtml.dll, version : 8.0.7600.16821,
horodatage : 0x4de07aca Code d’exception : 0xc0000005 Décalage d’erreur : 0x001bb14f
ID
du processus défaillant : 0xdf0 Heure de début de l’application défaillante : 0x01cc2e3783dc0a69
Chemin
d’accès de l’application défaillante : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Chemin
d’accès du module défaillant: C:\Windows\SysWOW64\mshtml.dll ID de rapport : dad8dcb4-9a2a-11e0-9da7-fbb431893d12

Error - 19/06/2011 13:50:04 | Computer Name = Sandrine-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante iexplore.exe, version : 8.0.7600.16800,
horodatage : 0x4db1bf6e Nom du module défaillant : mshtml.dll, version : 8.0.7600.16821,
horodatage : 0x4de07aca Code d’exception : 0xc0000005 Décalage d’erreur : 0x001bb14f
ID
du processus défaillant : 0x101c Heure de début de l’application défaillante : 0x01cc2ea947850003
Chemin
d’accès de l’application défaillante : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Chemin
d’accès du module défaillant: C:\Windows\SysWOW64\mshtml.dll ID de rapport : 8f978218-9a9c-11e0-98f6-91d9446ff214

Error - 19/06/2011 14:03:06 | Computer Name = Sandrine-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante iexplore.exe, version : 8.0.7600.16800,
horodatage : 0x4db1bf6e Nom du module défaillant : mshtml.dll, version : 8.0.7600.16821,
horodatage : 0x4de07aca Code d’exception : 0xc0000005 Décalage d’erreur : 0x001bb14f
ID
du processus défaillant : 0x11c0 Heure de début de l’application défaillante : 0x01cc2eaafcb239db
Chemin
d’accès de l’application défaillante : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Chemin
d’accès du module défaillant: C:\Windows\SysWOW64\mshtml.dll ID de rapport : 61b473e9-9a9e-11e0-98f6-91d9446ff214

Error - 20/06/2011 15:25:14 | Computer Name = Sandrine-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante iexplore.exe, version : 8.0.7600.16800,
horodatage : 0x4db1bf6e Nom du module défaillant : mshtml.dll, version : 8.0.7600.16821,
horodatage : 0x4de07aca Code d’exception : 0xc0000005 Décalage d’erreur : 0x001bb14f
ID
du processus défaillant : 0xdb8 Heure de début de l’application défaillante : 0x01cc2f7fa01d0db7
Chemin
d’accès de l’application défaillante : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Chemin
d’accès du module défaillant: C:\Windows\SysWOW64\mshtml.dll ID de rapport : 055a5674-9b73-11e0-b49b-f1cf933cad09

Error - 21/06/2011 06:38:55 | Computer Name = Sandrine-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante iexplore.exe, version : 8.0.7600.16800,
horodatage : 0x4db1bf6e Nom du module défaillant : mshtml.dll, version : 8.0.7600.16821,
horodatage : 0x4de07aca Code d’exception : 0xc0000005 Décalage d’erreur : 0x001bb14f
ID
du processus défaillant : 0x95c Heure de début de l’application défaillante : 0x01cc2fff19b29b7e
Chemin
d’accès de l’application défaillante : C:\Program Files (x86)\Internet Explorer\iexplore.exe
Chemin
d’accès du module défaillant: C:\Windows\SysWOW64\mshtml.dll ID de rapport : a94ab8cb-9bf2-11e0-ab61-c75e176d2d14

Error - 24/06/2011 01:42:17 | Computer Name = Sandrine-PC | Source = SignInAssistant | ID = 0
Description =

Error - 24/06/2011 01:42:47 | Computer Name = Sandrine-PC | Source = SignInAssistant | ID = 0
Description =

[ System Events ]
Error - 26/11/2011 04:29:02 | Computer Name = Sandrine-PC | Source = Service Control Manager | ID = 7011
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la réponse transactionnelle du service BITS.

Error - 26/11/2011 04:29:32 | Computer Name = Sandrine-PC | Source = Service Control Manager | ID = 7011
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la réponse transactionnelle du service AeLookupSvc.

Error - 26/11/2011 04:29:32 | Computer Name = Sandrine-PC | Source = Service Control Manager | ID = 7000
Description = Le service Expérience d’application n’a pas pu démarrer en raison
de l’erreur : %%1053

Error - 26/11/2011 04:30:02 | Computer Name = Sandrine-PC | Source = Service Control Manager | ID = 7011
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la réponse transactionnelle du service ShellHWDetection.

Error - 26/11/2011 04:30:32 | Computer Name = Sandrine-PC | Source = Service Control Manager | ID = 7011
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la réponse transactionnelle du service gpsvc.

Error - 26/11/2011 04:30:47 | Computer Name = Sandrine-PC | Source = Ntfs | ID = 262281
Description = Le gestionnaire des ressources de la transaction par défaut sur le
volume Packard Bell a rencontré une erreur non renouvelable et n’a pas pu démarrer.
Les données contiennent le code de l’erreur.

Error - 26/11/2011 04:30:49 | Computer Name = Sandrine-PC | Source = Service Control Manager | ID = 7000
Description = Le service Expérience d’application n’a pas pu démarrer en raison
de l’erreur : %%1115

Error - 26/11/2011 04:51:49 | Computer Name = Sandrine-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Le module d’extensibilité WLAN n’a pas pu démarrer. Chemin d’accès
du module : C:\Windows\system32\athExt.dll Code d’erreur : 126

Error - 26/11/2011 04:55:26 | Computer Name = Sandrine-PC | Source = Service Control Manager | ID = 7022
Description = Le service Connaissance des emplacements réseau est en attente de
démarrage.

Error - 26/11/2011 04:57:59 | Computer Name = Sandrine-PC | Source = Service Control Manager | ID = 7011
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la réponse transactionnelle du service Dnscache.


< End of report >
sparkle
 
Messages: 6
Inscription: 26 Nov 2011, 11:20

Re: Demande d'analyse

Messagede nickW » 28 Nov 2011, 00:36

Bonsoir,

Peux-tu désinstaller Vuze Remote Toolbar?


Que s'est-il passé lors du démarrage du PC le 26/11/2011 04h29?
(erreurs sur plusieurs services)


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 59 invités