une description détaillée des symptômes d'infection

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

une description détaillée des symptômes d'infection

Messagede isma1974 » 09 Déc 2011, 23:52

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8344

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

9/12/2011 22:46:48
mbam-log-2011-12-09 (22-46-48).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 178903
Temps écoulé: 3 minute(s), 54 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
isma1974
 
Messages: 7
Inscription: 09 Déc 2011, 23:24

Re: une description détaillée des symptômes d'infection

Messagede isma1974 » 09 Déc 2011, 23:57

OTL logfile created on: 9-12-2011 23:05:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\isma\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

3,80 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 74,46% Memory free
7,60 Gb Paging File | 6,74 Gb Available in Paging File | 88,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 908,81 Gb Total Space | 592,74 Gb Free Space | 65,22% Space Free | Partition Type: NTFS
Drive D: | 22,41 Gb Total Space | 3,24 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
Drive E: | 1,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 98,71 Mb Total Space | 88,08 Mb Free Space | 89,23% Space Free | Partition Type: FAT32

Computer Name: ISMAEL | User Name: isma | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-12-09 22:27:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\isma\Desktop\OTL.exe
PRC - [2011-11-08 20:27:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2011-11-08 20:27:22 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-12-04 01:32:57 | 001,936,040 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV:64bit: - [2011-12-04 01:32:50 | 000,062,512 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2011-10-14 23:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2011-09-13 11:22:50 | 000,074,336 | ---- | M] (BitDefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2011-02-02 15:25:24 | 000,468,096 | ---- | M] (Genie-Soft) [Auto | Stopped] -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV:64bit: - [2010-06-22 06:57:44 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010-06-18 15:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010-06-18 06:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009-12-08 19:25:45 | 005,009,920 | ---- | M] (Native Instruments GmbH) [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-08 11:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009-03-03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011-12-09 12:42:41 | 000,246,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-02-28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011-02-25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010-11-27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010-10-22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010-06-29 18:00:08 | 000,027,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010-05-04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-05-01 02:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010-05-01 02:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010-04-04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-12-04 01:33:00 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2011-12-04 01:32:54 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2011-12-04 01:32:51 | 000,675,416 | ---- | M] (BitDefender) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2011-12-04 01:32:50 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011-10-07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011-09-29 16:09:50 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011-09-13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-09-01 11:15:10 | 000,553,280 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2011-08-08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-07-15 16:12:44 | 000,258,224 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011-07-11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011-07-11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011-07-11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011-07-11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011-05-10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-04-25 01:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011-03-24 14:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011-03-11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-08-19 00:54:27 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010-06-24 21:32:52 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010-06-22 08:17:52 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-06-22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010-06-22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010-06-22 06:24:12 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-06-18 06:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010-05-28 00:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010-05-06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010-05-01 02:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010-04-13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-03-05 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-01-19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009-10-26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009-10-08 13:01:59 | 000,044,624 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a4djavs_x64.sys -- (a4djavs_x64)
DRV:64bit: - [2009-10-08 13:01:56 | 000,300,112 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a4djusb_x64.sys -- (a4djusb_x64)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009-07-08 11:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009-07-08 11:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009-06-10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009-06-10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009-06-10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009-06-10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009-06-10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007-10-24 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found
IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.be/"
FF - prefs.js..extensions.enabledItems: belgiumeid@eid.belgium.be:1.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100007
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.5.1.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\isma\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\isma\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2011-12-04 01:35:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-05 18:48:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\belgiumeid@eid.belgium.be: C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011-12-09 12:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-11-12 09:05:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-12-08 00:26:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2011-12-04 01:35:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-05 18:48:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-11-12 09:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-12-08 00:26:54 | 000,000,000 | ---D | M]

[2011-01-01 07:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isma\AppData\Roaming\mozilla\Extensions
[2011-12-09 12:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isma\AppData\Roaming\mozilla\Firefox\Profiles\qz0i190o.default\extensions
[2011-11-09 22:10:23 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\isma\AppData\Roaming\mozilla\Firefox\Profiles\qz0i190o.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2011-12-09 12:42:56 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\isma\AppData\Roaming\mozilla\Firefox\Profiles\qz0i190o.default\extensions\avg@toolbar
[2011-08-12 22:55:58 | 000,000,000 | ---D | M] (eID België) -- C:\Users\isma\AppData\Roaming\mozilla\Firefox\Profiles\qz0i190o.default\extensions\belgiumeid@eid.belgium.be
[2011-07-24 00:06:10 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\isma\AppData\Roaming\mozilla\Firefox\Profiles\qz0i190o.default\extensions\plugin@yontoo.com
[2011-11-30 17:05:24 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\isma\AppData\Roaming\mozilla\Firefox\Profiles\qz0i190o.default\extensions\toolbar@ask.com
[2011-07-05 15:54:14 | 000,000,941 | ---- | M] () -- C:\Users\isma\AppData\Roaming\Mozilla\Firefox\Profiles\qz0i190o.default\searchplugins\conduit.xml
[2011-11-08 20:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-10-23 12:30:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011-03-12 00:57:37 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
[2011-12-09 12:42:57 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011-11-08 20:27:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-04-25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011-04-25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011-04-25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011-04-25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011-10-03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011-04-25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011-04-25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2011-09-29 02:59:56 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2011-09-29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-09-29 02:59:56 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011-09-29 02:59:56 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011-09-29 02:59:56 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011-09-29 02:59:56 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\isma\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\isma\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\isma\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\isma\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\isma\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: BrotherSoft Extreme = C:\Users\isma\AppData\Local\Google\Chrome\User Data\Default\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj\2.2.0.5_0\
CHR - Extension: BrotherSoft Extreme = C:\Users\isma\AppData\Local\Google\Chrome\User Data\Default\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj\2.2.0.5_0\CRX_INSTALL\

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\..\Toolbar\WebBrowser: (no name) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No CLSID value found.
O3 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [beid] C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe (Belgian Government)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe (Genie-soft)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001..\Run: [iLibs] C:\Users\isma\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\iLibs.exe (WindSolutions)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [{90120000-0011-0000-0000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [{90120000-0011-0000-0000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\..Trusted Domains: am-gruppe.de ([belgium] https in Sites de confiance)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA52CCB9-769C-4979-BFC1-74111CEE3299}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
isma1974
 
Messages: 7
Inscription: 09 Déc 2011, 23:24

Re: une description détaillée des symptômes d'infection

Messagede isma1974 » 09 Déc 2011, 23:59

OTL logfile created on: 9-12-2011 23:05:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\isma\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

3,80 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 74,46% Memory free
7,60 Gb Paging File | 6,74 Gb Available in Paging File | 88,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 908,81 Gb Total Space | 592,74 Gb Free Space | 65,22% Space Free | Partition Type: NTFS
Drive D: | 22,41 Gb Total Space | 3,24 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
Drive E: | 1,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 98,71 Mb Total Space | 88,08 Mb Free Space | 89,23% Space Free | Partition Type: FAT32

Computer Name: ISMAEL | User Name: isma | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-12-09 22:27:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\isma\Desktop\OTL.exe
PRC - [2011-11-08 20:27:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2011-11-08 20:27:22 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011-12-04 01:32:57 | 001,936,040 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (VSSERV)
SRV:64bit: - [2011-12-04 01:32:50 | 000,062,512 | ---- | M] (Bitdefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2011-10-14 23:57:26 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2011-09-13 11:22:50 | 000,074,336 | ---- | M] (BitDefender) [Auto | Stopped] -- C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2011-02-02 15:25:24 | 000,468,096 | ---- | M] (Genie-Soft) [Auto | Stopped] -- C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV:64bit: - [2010-06-22 06:57:44 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010-06-18 15:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010-06-18 06:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009-12-08 19:25:45 | 005,009,920 | ---- | M] (Native Instruments GmbH) [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009-07-08 11:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009-03-03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011-12-09 12:42:41 | 000,246,624 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011-10-12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011-08-02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011-06-06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-02-28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011-02-25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010-11-27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010-10-22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010-06-29 18:00:08 | 000,027,192 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010-05-04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-05-01 02:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010-05-01 02:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010-04-04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011-12-04 01:33:00 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2011-12-04 01:32:54 | 000,090,192 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2011-12-04 01:32:51 | 000,675,416 | ---- | M] (BitDefender) [File_System | Boot | Stopped] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2011-12-04 01:32:50 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011-10-07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011-09-29 16:09:50 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011-09-13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011-09-01 11:15:10 | 000,553,280 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2011-08-08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011-07-15 16:12:44 | 000,258,224 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011-07-11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011-07-11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011-07-11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011-07-11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011-05-10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-04-25 01:49:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011-03-24 14:36:22 | 000,431,176 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011-03-11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-08-19 00:54:27 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010-06-24 21:32:52 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010-06-22 08:17:52 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010-06-22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010-06-22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010-06-22 06:24:12 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010-06-18 06:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010-05-28 00:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010-05-06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010-05-01 02:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010-04-13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-03-05 06:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010-01-19 19:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009-10-26 21:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009-10-08 13:01:59 | 000,044,624 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a4djavs_x64.sys -- (a4djavs_x64)
DRV:64bit: - [2009-10-08 13:01:56 | 000,300,112 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\a4djusb_x64.sys -- (a4djusb_x64)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009-07-08 11:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009-07-08 11:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009-06-10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009-06-10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009-06-10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009-06-10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009-06-10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007-10-24 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCON/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found
IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.be/"
FF - prefs.js..extensions.enabledItems: belgiumeid@eid.belgium.be:1.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100007
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:6.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {51a86bb3-6602-4c85-92a5-130ee4864f13}:3.5.1.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\isma\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\isma\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2012\BDTBEXT\ [2011-12-04 01:35:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-05 18:48:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\belgiumeid@eid.belgium.be: C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011-12-09 12:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-11-12 09:05:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-12-08 00:26:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2011-12-04 01:35:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-05 18:48:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011-11-12 09:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011-12-08 00:26:54 | 000,000,000 | ---D | M]

[2011-01-01 07:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isma\AppData\Roaming\mozilla\Extensions
[2011-12-09 12:42:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\isma\AppData\Roaming\mozilla\Firefox\Profiles\qz0i190o.default\extensions
[2011-11-09 22:10:23 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Users\isma\AppData\Roaming\mozilla\Firefox\Profiles\qz0i190o.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2011-12-09 12:42:56 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\isma\AppData\Roaming\mozilla\Firefox\Profiles\qz0i190o.default\extensions\avg@toolbar
[2011-08-12 22:55:58 | 000,000,000 | ---D | M] (eID België) -- C:\Users\isma\AppData\Roaming\mozilla\Firefox\Profiles\qz0i190o.default\extensions\belgiumeid@eid.belgium.be
[2011-07-24 00:06:10 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\isma\AppData\Roaming\mozilla\Firefox\Profiles\qz0i190o.default\extensions\plugin@yontoo.com
[2011-11-30 17:05:24 | 000,000,000 | ---D | M] (Nero Toolbar) -- C:\Users\isma\AppData\Roaming\mozilla\Firefox\Profiles\qz0i190o.default\extensions\toolbar@ask.com
[2011-07-05 15:54:14 | 000,000,941 | ---- | M] () -- C:\Users\isma\AppData\Roaming\Mozilla\Firefox\Profiles\qz0i190o.default\searchplugins\conduit.xml
[2011-11-08 20:27:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011-10-23 12:30:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011-03-12 00:57:37 | 000,000,000 | ---D | M] (eID België) -- C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
[2011-12-09 12:42:57 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2011-11-08 20:27:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011-04-25 01:58:10 | 000,124,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2011-04-25 02:00:08 | 000,071,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2011-04-25 01:59:06 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2011-04-25 01:58:38 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011-10-03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011-04-25 02:49:00 | 000,485,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011-04-25 02:00:04 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2011-09-29 02:59:56 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2011-09-29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011-09-29 02:59:56 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2011-09-29 02:59:56 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2011-09-29 02:59:56 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2011-09-29 02:59:56 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\isma\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\isma\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\isma\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\isma\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\isma\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: BrotherSoft Extreme = C:\Users\isma\AppData\Local\Google\Chrome\User Data\Default\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj\2.2.0.5_0\
CHR - Extension: BrotherSoft Extreme = C:\Users\isma\AppData\Local\Google\Chrome\User Data\Default\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj\2.2.0.5_0\CRX_INSTALL\

O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\..\Toolbar\WebBrowser: (no name) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No CLSID value found.
O3 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [beid] C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe (Belgian Government)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKLM..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe (Genie-soft)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001..\Run: [GBMLite8AgentLaCie] C:\Program Files (x86)\LaCie\Genie Backup Assistant\GBMAgent.exe (Genie-soft)
O4 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001..\Run: [iLibs] C:\Users\isma\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\iLibs.exe (WindSolutions)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [{90120000-0011-0000-0000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [{90120000-0011-0000-0000-0000000FF1CE}] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3182394124-1979399216-3936946612-1001\..Trusted Domains: am-gruppe.de ([belgium] https in Sites de confiance)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA52CCB9-769C-4979-BFC1-74111CEE3299}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
isma1974
 
Messages: 7
Inscription: 09 Déc 2011, 23:24

Re: une description détaillée des symptômes d'infection

Messagede isma1974 » 10 Déc 2011, 00:01

CREATERESTOREPOINT
Error creating restore point.
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011-12-09 22:39:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011-12-09 22:36:37 | 000,000,000 | ---D | C] -- C:\Users\isma\AppData\Roaming\Malwarebytes
[2011-12-09 22:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-12-09 22:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011-12-09 22:31:44 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011-12-09 22:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011-12-09 22:30:47 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\isma\Desktop\mbam-setup-1.51.2.1300.exe
[2011-12-09 22:27:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\isma\Desktop\OTL.exe
[2011-12-09 16:55:22 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011-12-09 12:49:28 | 000,000,000 | ---D | C] -- C:\Users\isma\AppData\Roaming\AVG2012
[2011-12-09 12:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011-12-09 12:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011-12-09 12:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011-12-09 12:42:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2011-12-09 12:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011-12-09 12:41:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2011-12-09 12:40:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011-12-09 12:37:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011-12-09 12:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011-12-04 01:33:00 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2011-12-04 01:32:54 | 000,090,192 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\bdfndisf6.sys
[2011-12-04 01:32:51 | 000,675,416 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2011-12-04 01:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2012
[2011-12-04 01:30:37 | 000,000,000 | ---D | C] -- C:\Users\isma\AppData\Roaming\Bitdefender
[2011-12-04 01:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2011-12-04 01:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2011-12-04 01:24:03 | 000,431,176 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2011-12-04 01:15:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2011-12-02 13:31:11 | 000,000,000 | ---D | C] -- C:\Users\isma\AppData\Roaming\HPAppData
[2011-11-28 16:33:19 | 000,000,000 | ---D | C] -- C:\Users\isma\Desktop\traktor
[2011-11-28 14:00:16 | 000,000,000 | ---D | C] -- C:\Users\isma\Documents\Native Instruments
[2011-11-28 13:58:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{849DD083-B349-4E44-A4E6-B8E8DCED3B0A}
[2011-11-28 13:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments
[2011-11-28 13:57:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4E70D107-00B1-4793-A17B-C6B6D7EF3151}
[2011-11-28 13:54:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1E8C7AE2-4367-4069-9771-8176841822C4}
[2011-11-28 13:53:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D7CFB71A-972A-44FF-AE44-8780EB53ABB2}
[2011-11-28 13:53:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
[2011-11-28 13:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2011-11-28 13:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2011-11-27 11:07:10 | 000,000,000 | ---D | C] -- C:\Users\isma\AppData\Local\{63CA1EE4-EF4C-4459-855E-4C0EBA9F4BB2}
[2011-11-27 11:06:58 | 000,000,000 | ---D | C] -- C:\Users\isma\AppData\Local\{82DC54E6-056C-48B8-B729-D58B6DB0173D}
[2011-11-25 13:13:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011-11-19 12:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011-11-19 12:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-11-18 14:23:41 | 000,000,000 | ---D | C] -- C:\Users\isma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011-11-18 14:22:10 | 000,000,000 | ---D | C] -- C:\Users\isma\AppData\Local\Deployment
[2011-11-18 14:15:20 | 000,000,000 | ---D | C] -- C:\Users\isma\.jnlp-applet
[2011-11-12 09:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011-11-12 09:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011-11-11 18:13:09 | 000,000,000 | ---D | C] -- C:\Users\isma\Citrix
[2011-11-11 18:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2011-11-11 18:02:49 | 000,000,000 | ---D | C] -- C:\Users\isma\AppData\Roaming\ICAClient
[2011-11-11 18:02:49 | 000,000,000 | ---D | C] -- C:\Users\isma\AppData\Local\Citrix
[2011-11-11 18:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-12-09 23:06:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011-12-09 22:31:47 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-12-09 22:31:11 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\isma\Desktop\mbam-setup-1.51.2.1300.exe
[2011-12-09 22:28:25 | 000,000,417 | ---- | M] () -- C:\Users\isma\Desktop\scan.zip
[2011-12-09 22:27:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\isma\Desktop\OTL.exe
[2011-12-09 22:05:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-12-09 22:05:01 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2011-12-09 21:28:10 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3182394124-1979399216-3936946612-1001UA.job
[2011-12-09 20:17:03 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-12-09 20:17:03 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-12-09 14:28:13 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3182394124-1979399216-3936946612-1001Core.job
[2011-12-09 13:28:10 | 072,226,883 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011-12-09 12:42:57 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011-12-09 12:42:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011-12-09 12:42:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011-12-07 20:52:00 | 001,549,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011-12-07 20:52:00 | 000,704,510 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2011-12-07 20:52:00 | 000,616,038 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011-12-07 20:52:00 | 000,130,784 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2011-12-07 20:52:00 | 000,106,418 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011-12-04 01:33:00 | 000,329,800 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2011-12-04 01:32:54 | 000,090,192 | ---- | M] (BitDefender LLC) -- C:\Windows\SysNative\drivers\bdfndisf6.sys
[2011-12-04 01:32:51 | 000,675,416 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2011-12-04 01:32:00 | 000,235,601 | ---- | M] () -- C:\ProgramData\1322958234.bdinstall.bin
[2011-12-04 01:31:18 | 000,000,270 | -H-- | M] () -- C:\bdr-conf
[2011-12-04 01:30:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2011-12-04 01:30:39 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk
[2011-12-04 01:19:51 | 000,592,277 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2011-11-28 16:39:14 | 000,001,391 | ---- | M] () -- C:\Users\isma\Desktop\CopyTrans Control Center.lnk
[2011-11-25 20:32:00 | 552,325,182 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-11-25 13:13:19 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011-11-19 12:08:57 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-11-18 17:20:15 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForisma.job
[2011-11-18 14:23:44 | 000,002,309 | ---- | M] () -- C:\Users\isma\Desktop\Google Chrome.lnk
[2011-11-12 09:05:08 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011-11-10 23:16:43 | 000,001,205 | ---- | M] () -- C:\Users\isma\Desktop\AVS Video Editor.lnk
[2011-11-10 03:23:26 | 000,452,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-12-09 22:58:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011-12-09 22:31:47 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011-12-09 22:28:25 | 000,000,417 | ---- | C] () -- C:\Users\isma\Desktop\scan.zip
[2011-12-09 13:28:10 | 072,226,883 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011-12-09 12:42:57 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011-12-09 12:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2011-12-09 12:42:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2011-12-04 01:32:00 | 000,235,601 | ---- | C] () -- C:\ProgramData\1322958234.bdinstall.bin
[2011-12-04 01:31:18 | 036,832,238 | -H-- | C] () -- C:\bdrescue.gz
[2011-12-04 01:31:18 | 002,510,608 | -H-- | C] () -- C:\bdrescue.vm
[2011-12-04 01:31:18 | 000,217,769 | -H-- | C] () -- C:\bdrescue
[2011-12-04 01:31:18 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr
[2011-12-04 01:31:18 | 000,000,270 | -H-- | C] () -- C:\bdr-conf
[2011-12-04 01:30:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2011-12-04 01:30:39 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2012.lnk
[2011-11-19 12:08:57 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011-11-18 14:23:44 | 000,002,309 | ---- | C] () -- C:\Users\isma\Desktop\Google Chrome.lnk
[2011-11-18 14:23:16 | 000,001,074 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3182394124-1979399216-3936946612-1001UA.job
[2011-11-18 14:23:09 | 000,001,022 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3182394124-1979399216-3936946612-1001Core.job
[2011-11-12 09:05:08 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011-07-15 23:04:32 | 000,004,608 | ---- | C] () -- C:\Users\isma\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-06 18:17:37 | 000,719,313 | ---- | C] () -- C:\Windows\SysWow64\unins000.exe
[2011-04-06 18:17:36 | 000,032,454 | ---- | C] () -- C:\Windows\SysWow64\unins000.dat
[2011-02-20 22:16:28 | 001,578,010 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011-02-08 18:58:52 | 000,001,854 | ---- | C] () -- C:\Users\isma\AppData\Roaming\GhostObjGAFix.xml
[2011-01-30 00:52:23 | 000,000,131 | ---- | C] () -- C:\ProgramData\search_result.xml
[2011-01-18 19:15:36 | 000,007,595 | ---- | C] () -- C:\Users\isma\AppData\Local\Resmon.ResmonCfg
[2011-01-05 18:40:00 | 000,233,772 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011-01-05 16:11:26 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\beidmdrv32.dll
[2010-12-31 16:14:54 | 000,592,277 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010-12-31 05:33:37 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010-08-19 00:57:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010-08-19 00:50:23 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2010-08-19 00:47:58 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010-08-19 00:47:58 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010-08-19 00:47:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010-08-19 00:47:56 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010-08-19 00:47:56 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010-08-19 00:47:55 | 000,002,189 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010-08-19 00:47:42 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010-08-19 00:47:42 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010-08-16 17:07:46 | 000,000,211 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010-08-16 16:14:59 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010-08-16 16:04:36 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010-06-03 13:12:04 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\belpicppgui.dll
[2010-04-01 00:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2010-02-09 17:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009-07-14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009-07-14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009-07-14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009-07-13 22:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009-07-13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009-06-10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007-11-14 12:38:12 | 004,014,080 | ---- | C] () -- C:\Windows\SysWow64\qt-mt334.dll

========== LOP Check ==========

[2011-10-08 19:29:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Genie-Soft
[2011-10-08 19:29:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Genie-Soft
[2011-12-09 12:49:28 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\AVG2012
[2011-05-06 18:43:19 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\beid-cache
[2011-12-04 01:33:09 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\Bitdefender
[2011-10-08 18:38:16 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\Genie-Soft
[2011-07-24 00:02:39 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\GetRightToGo
[2011-06-13 09:50:32 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\GHISLER
[2011-11-11 18:27:30 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\ICAClient
[2011-01-01 19:45:54 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\magentictb
[2011-07-17 13:49:51 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\PhotoFiltre
[2010-12-31 16:15:35 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\QuickScan
[2011-06-13 09:57:47 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\SoftGrid Client
[2011-05-06 23:49:18 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\TP
[2011-01-29 07:58:48 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\Ulead Systems
[2011-01-01 20:05:22 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\WildTangent
[2011-04-04 18:33:16 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\Windows Live Writer
[2011-11-28 22:09:03 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\WindSolutions
[2011-01-01 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\isma\AppData\Roaming\_MDLogs
[2011-10-10 05:12:26 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\GBM - Tache de sauvegarde-Plein.job
[2011-11-02 09:10:16 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007-05-29 09:09:02 | 000,930,816 | ---- | M] () -- C:\hb32.exe


< MD5 for: AGP440.SYS >
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_0dbde3119acb22ca\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_dab2e93700ba2683\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009-07-14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009-07-14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009-07-14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2009-07-14 02:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\SysNative\ctfmon.exe
[2009-07-14 02:39:02 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=42B6A94DD747DF2B5F628A2752E62A98 -- C:\Windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[2009-07-14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\SysWOW64\ctfmon.exe
[2009-07-14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2011-10-14 23:57:26 | 000,007,840 | ---- | M] () MD5=A8B15EC290C2F28AF39A6FE02F0ACF0D -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[2008-06-06 13:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2011-02-26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011-02-26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011-02-26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009-07-14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011-02-26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010-08-16 23:16:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011-02-26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011-02-26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011-02-25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-02-26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-08-16 23:10:45 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-08-16 23:16:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010-08-16 23:10:45 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010-08-16 23:16:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010-08-16 23:10:45 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009-07-14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010-08-16 23:16:38 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011-02-26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010-08-16 23:10:45 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IASTOR.SYS >
[2010-04-13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2010-04-13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) MD5=1384872112E8E7FD5786ECEB8BDDF4C9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_d085c8f0cb5c2856\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010-08-16 23:24:21 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011-03-11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011-03-11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011-03-11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011-03-11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011-03-11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011-03-11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009-07-14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010-08-16 23:24:21 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009-07-14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009-07-14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009-07-14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2010-08-16 23:24:21 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009-07-14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011-03-11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011-03-11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011-03-11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011-03-11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010-08-16 23:24:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011-03-11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011-03-11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-07-14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009-07-14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009-07-14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009-07-14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USERINIT.EXE >
[2009-07-14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009-07-14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009-07-14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009-07-14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WININIT.EXE >
[2009-07-14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009-07-14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009-07-14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010-08-16 23:16:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010-08-16 23:16:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010-08-16 23:16:38 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
isma1974
 
Messages: 7
Inscription: 09 Déc 2011, 23:24

Re: une description détaillée des symptômes d'infection

Messagede isma1974 » 10 Déc 2011, 00:03

OTL Extras logfile created on: 9-12-2011 23:05:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\isma\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

3,80 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 74,46% Memory free
7,60 Gb Paging File | 6,74 Gb Available in Paging File | 88,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 908,81 Gb Total Space | 592,74 Gb Free Space | 65,22% Space Free | Partition Type: NTFS
Drive D: | 22,41 Gb Total Space | 3,24 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
Drive E: | 1,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 98,71 Mb Total Space | 88,08 Mb Free Space | 89,23% Space Free | Partition Type: FAT32

Computer Name: ISMAEL | User Name: isma | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Doorbladeren met Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Doorbladeren met Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ Driver
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23401053-03B3-845A-A946-32BEB58AB5AC}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Total Security 2012
"{34DA4817-68E1-CC8B-A9A5-392095FA28C9}" = ATI Catalyst Install Manager
"{37851337-DFBF-4FCC-AAEE-F5D1252F6A85}" = HP 3D DriveGuard
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5472B943-1C3F-46F9-91D1-C0E2FEE9ABFB}" = AVG 2012
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{824563DE-75AD-4166-9DC0-B6482F206870}" = Belgium e-ID middleware 3.5.5 (build 6870)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E3BC5E1-C394-43F9-AA13-25619E396A9B}" = HP Wireless Assistant
"{BEC69493-1732-4F85-B559-CC99CB30665C}" = AVG 2012
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"Bitdefender" = Bitdefender Total Security 2012
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"C22EC48700B9B9C08DDC2C12DA3BD6F8EA0DFFDE" = Package de pilotes Windows - Fedict SmartCard (12/08/2009 4.0.0.3)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A653E82-9056-A08A-8262-62F59FF285C7}" = CCC Help Korean
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D542538-335E-08BA-21C5-62E9A7B2BE60}" = Catalyst Control Center InstallProxy
"{11A63D4E-6512-6D57-8690-3D656A483AB0}" = CCC Help French
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{147D8BB7-FEE8-5D53-390D-7FB94FC26BC8}" = CCC Help Italian
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{16734097-34B9-C5E3-7863-7A9CAAEB391F}" = ccc-core-static
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{35772A32-7A3D-A8FC-840C-B84B536E62FD}" = CCC Help Swedish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{42C095E5-4CE2-A376-9893-93431C6A236E}" = CCC Help Dutch
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{543F949F-2B95-448F-9F2E-56F0C5FF8E2C}" = Catalyst Control Center - Branding
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BA6D86E-AA0D-05FF-09B5-ED3CD5277A42}" = CCC Help German
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65FF00DC-FB93-4C0B-8906-56412A3C5A59}" = HP Software Framework
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6B65BA9C-2E00-3BCB-8EA5-94A7841B39C1}" = CCC Help Thai
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70743ADB-DD63-DA15-1E6C-32D88C54E04D}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix Online Plug-in (DV)
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{778E3C06-48EB-79CA-775E-BEA3086896AD}" = CCC Help Japanese
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A083F0E-189D-9100-8883-3B7E75B53E3F}" = CCC Help Chinese Traditional
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D4318AC-9560-46F0-910F-0B38D6CDC009}" = HP Documentation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE4C1DF-D685-56CB-4B4E-181A12FFAF55}" = CCC Help Turkish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{925BC35B-CA11-577E-95C7-67C5BD4776BA}" = Catalyst Control Center Graphics Previews Common
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93138715-2252-4107-C3C6-D7F8ACAD4956}" = CCC Help Finnish
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95A73EEC-18CA-0C70-2E88-C6F901C69583}" = CCC Help Russian
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C7243A7-5C0E-3190-A042-01D88F7BB791}" = CCC Help Portuguese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA6F75E4-1807-4AAF-8CCC-4B9A48476BA5}" = Catalyst Control Center Localization All
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Français
"{ACF5C43A-3E69-ED63-FCF9-831B3B9D1516}" = CCC Help Polish
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix Online Plug-in (HDX)
"{AF144D2F-E890-B537-DC7C-DE01A8AC5405}" = CCC Help Norwegian
"{B4201487-FA15-8BCC-6833-E355A43CCCDB}" = Catalyst Control Center Graphics Previews Vista
"{B5DE2511-C5D3-0AAC-0470-606067398EBB}" = CCC Help Chinese Standard
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C77A8D2F-DE6E-E548-FA06-C56251441D95}" = CCC Help Spanish
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D1F80EFD-A032-4E8E-A367-70C44AD4DCE0}" = ISCOM
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E93EAD24-E483-52AA-2E6F-C792E51E3F92}" = CCC Help Czech
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECB2E743-BFBD-7C77-6C62-F54ACD0ECE6D}" = CCC Help Hungarian
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0A06BEC-E4BA-DB4F-C3DF-37A3C77780EF}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F90DE865-1A3D-D6D6-0638-F1D2EFCB5C29}" = PX Profile Update
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix Online Plug-in (Web)
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FD7DDB2A-445B-78D3-EAFB-6F7BE425285E}" = CCC Help Greek
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE661711-E392-4B3F-A4A7-02C747C09134}" = ISCOM
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Audio Editor_is1" = AVS Audio Editor version 6.1
"AVS Audio Recorder 3.9_is1" = AVS Audio Recorder version 3.9
"AVS Disc Creator_is1" = AVS Disc Creator version 3.5
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.2
"AVS Image Converter_is1" = AVS Image Converter 1.3.1.136
"AVS Media Player_is1" = AVS Media Player 4.1.8.93
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS Video ReMaker_is1" = AVS Video ReMaker 3.1.2.102
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"conduitEngine" = Conduit Engine
"DV CIG Guide" = Guide d'enregistrement CANON iMAGE GATEWAY
"eMule" = eMule
"Genie Timeline" = LaCie Genie Timeline 2.1
"Hema Album Software be-fr Advanced_is1" = Hema Album Software be-fr Advanced
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 fr)" = Mozilla Firefox 7.0.1 (x86 fr)
"My HP Game Console" = HP Game Console
"MyCamera" = Canon Utilities MyCamera
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"SymStor" = SymStor 1.1.0.0
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite désinstallation uniquement
"Google Chrome" = Google Chrome
"Mozilla Firefox 8.0 (x86 fr)" = Mozilla Firefox 8.0 (x86 fr)
"PhotoFiltre" = PhotoFiltre

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26-11-2011 8:02:30 | Computer Name = ismael | Source = SideBySide | ID = 16842787
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest ». Erreur dans le fichier
de manifeste ou de stratégie « C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST »
à la ligne 3. L’identité de composant trouvé dans le manifeste ne correspond pas
à celle du composant demandé. La référence est NFD,type="win32",version="5.2.0.0".
La
définition est NFD,type="win32",version="5.0.0.0". Utilisez sxstrace.exe pour un
diagnostic détaillé.

Error - 26-11-2011 8:04:39 | Computer Name = ismael | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

Error - 26-11-2011 8:42:40 | Computer Name = ismael | Source = BackItUp5 | ID = 5225
Description =

Error - 27-11-2011 4:44:26 | Computer Name = ismael | Source = BackItUp5 | ID = 5225
Description =

Error - 27-11-2011 7:16:27 | Computer Name = ismael | Source = Application Hang | ID = 1002
Description = Le programme Explorer.EXE version 6.1.7600.16768 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID
de processus : f00 Heure de début : 01ccace0b51c3522 Heure de fin : 342 Chemin d’accès
de l’application : C:\Windows\Explorer.EXE ID de rapport : 3430cf70-18e9-11e1-b700-d5382e75b3d4


Error - 27-11-2011 13:08:59 | Computer Name = ismael | Source = BackItUp5 | ID = 5225
Description =

Error - 28-11-2011 7:32:59 | Computer Name = ismael | Source = BackItUp5 | ID = 5225
Description =

Error - 28-11-2011 9:08:11 | Computer Name = ismael | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante ServiceCenter.exe, version : 2.3.2.926,
horodatage : 0x4eca450f Nom du module défaillant : ServiceCenter.exe, version :
2.3.2.926, horodatage : 0x4eca450f Code d’exception : 0xc0000417 Décalage d’erreur
: 0x00152066 ID du processus défaillant : 0x3f0 Heure de début de l’application défaillante
: 0x01ccadce7c8eed45 Chemin d’accès de l’application défaillante : C:\Program Files\Native
Instruments\Service Center\ServiceCenter.exe Chemin d’accès du module défaillant:
C:\Program Files\Native Instruments\Service Center\ServiceCenter.exe ID de rapport
: 0579774f-19c2-11e1-9d00-da717024bad6

Error - 28-11-2011 9:47:36 | Computer Name = ismael | Source = SideBySide | ID = 16842787
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest ». Erreur dans le fichier
de manifeste ou de stratégie « C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST »
à la ligne 3. L’identité de composant trouvé dans le manifeste ne correspond pas
à celle du composant demandé. La référence est NFD,type="win32",version="5.2.0.0".
La
définition est NFD,type="win32",version="5.0.0.0". Utilisez sxstrace.exe pour un
diagnostic détaillé.

Error - 28-11-2011 9:49:59 | Computer Name = ismael | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

[ Hewlett-Packard Events ]
Error - 1-3-2011 20:17:55 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031102011752.xml
File not created by asset agent

Error - 29-3-2011 19:14:34 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031130011424.xml
File not created by asset agent

Error - 5-4-2011 19:57:53 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041106015750.xml
File not created by asset agent

Error - 12-4-2011 10:41:20 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = fr-BE Une exception de type 'System.Exception' a été levée. HP.SupportFramework

à HP.SupportFramework.HPSFReporting.Reporting..ctor() à HP.ActiveSupportLibrary.Issues.HPSFSession..ctor(LaunchPoint
lp) à HPAssistant.HPAMain.Window_Loaded(Object sender, RoutedEventArgs e) à
System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) à System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) à System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) à System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) à System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) à System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(Object
root) à MS.Internal.LoadedOrUnloadedOperation.DoWork() à System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

à System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() à System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) à System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) à System.Windows.Media.MediaContext.Resize(ICompositionTarget
resizedCompositionTarget) à System.Windows.Interop.HwndTarget.OnResize() à
System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr wparam, IntPtr
lparam) à System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr hwnd,
Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) à MS.Win32.HwndWrapper.WndProc(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) à MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
o) à System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) à System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 26-4-2011 15:08:48 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041126090846.xml
File not created by asset agent

Error - 27-4-2011 7:14:44 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041127011442.xml
File not created by asset agent

Error - 3-5-2011 19:39:13 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051104013910.xml
File not created by asset agent

Error - 10-5-2011 6:22:40 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051110122237.xml
File not created by asset agent

Error - 28-6-2011 6:05:43 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061128120540.xml
File not created by asset agent

Error - 2-8-2011 6:25:25 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081102122521.xml
File not created by asset agent

[ HP Wireless Assistant Events ]
Error - 31-12-2010 11:06:09 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:07:15 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:08:20 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:09:26 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:10:31 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:11:37 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:12:42 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:13:49 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:14:55 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:16:00 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 9-12-2011 17:05:51 | Computer Name = ismael | Source = Service Control Manager | ID = 7001
Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
n’a pas pu démarrer en raison de l’erreur : %%1068

Error - 9-12-2011 17:05:51 | Computer Name = ismael | Source = Service Control Manager | ID = 7001
Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
n’a pas pu démarrer en raison de l’erreur : %%1068

Error - 9-12-2011 17:05:54 | Computer Name = ismael | Source = DCOM | ID = 10005
Description =

Error - 9-12-2011 17:05:54 | Computer Name = ismael | Source = DCOM | ID = 10005
Description =

Error - 9-12-2011 17:05:53 | Computer Name = ismael | Source = Service Control Manager | ID = 7001
Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
n’a pas pu démarrer en raison de l’erreur : %%1068

Error - 9-12-2011 17:05:53 | Computer Name = ismael | Source = Service Control Manager | ID = 7001
Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
n’a pas pu démarrer en raison de l’erreur : %%1068

Error - 9-12-2011 17:05:53 | Computer Name = ismael | Source = Service Control Manager | ID = 7001
Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
n’a pas pu démarrer en raison de l’erreur : %%1068

Error - 9-12-2011 17:05:56 | Computer Name = ismael | Source = Service Control Manager | ID = 7001
Description = Le service Fournisseur HomeGroup dépend du service Hôte du fournisseur
de découverte de fonctions qui n’a pas pu démarrer en raison de l’erreur : %%1068

Error - 9-12-2011 17:52:07 | Computer Name = ismael | Source = DCOM | ID = 10005
Description =

Error - 9-12-2011 17:52:07 | Computer Name = ismael | Source = DCOM | ID = 10005
Description =


< End of report >
isma1974
 
Messages: 7
Inscription: 09 Déc 2011, 23:24

Re: une description détaillée des symptômes d'infection

Messagede isma1974 » 10 Déc 2011, 00:03

OTL Extras logfile created on: 9-12-2011 23:05:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\isma\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000413 | Country: Belgique | Language: FRB | Date Format: d/MM/yyyy

3,80 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 74,46% Memory free
7,60 Gb Paging File | 6,74 Gb Available in Paging File | 88,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 908,81 Gb Total Space | 592,74 Gb Free Space | 65,22% Space Free | Partition Type: NTFS
Drive D: | 22,41 Gb Total Space | 3,24 Gb Free Space | 14,45% Space Free | Partition Type: NTFS
Drive E: | 1,80 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 98,71 Mb Total Space | 88,08 Mb Free Space | 89,23% Space Free | Partition Type: FAT32

Computer Name: ISMAEL | User Name: isma | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Doorbladeren met Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Doorbladeren met Corel PaintShop Photo Pro X3] -- "c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ Driver
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23401053-03B3-845A-A946-32BEB58AB5AC}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}" = Bitdefender Total Security 2012
"{34DA4817-68E1-CC8B-A9A5-392095FA28C9}" = ATI Catalyst Install Manager
"{37851337-DFBF-4FCC-AAEE-F5D1252F6A85}" = HP 3D DriveGuard
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}" = HP MediaSmart Movies and TV
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5472B943-1C3F-46F9-91D1-C0E2FEE9ABFB}" = AVG 2012
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}" = HP MediaSmart SmartMenu
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{824563DE-75AD-4166-9DC0-B6482F206870}" = Belgium e-ID middleware 3.5.5 (build 6870)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E3BC5E1-C394-43F9-AA13-25619E396A9B}" = HP Wireless Assistant
"{BEC69493-1732-4F85-B559-CC99CB30665C}" = AVG 2012
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6246243-CF06-4E40-8A37-C3B537695C36}" = Share64
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"Bitdefender" = Bitdefender Total Security 2012
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"C22EC48700B9B9C08DDC2C12DA3BD6F8EA0DFFDE" = Package de pilotes Windows - Fedict SmartCard (12/08/2009 4.0.0.3)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = Corel PaintShop Photo Pro X3
"_{F072CA07-A781-45E4-9975-C033A73019CF}" = Corel VideoStudio Pro X3
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0A653E82-9056-A08A-8262-62F59FF285C7}" = CCC Help Korean
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D542538-335E-08BA-21C5-62E9A7B2BE60}" = Catalyst Control Center InstallProxy
"{11A63D4E-6512-6D57-8690-3D656A483AB0}" = CCC Help French
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{147D8BB7-FEE8-5D53-390D-7FB94FC26BC8}" = CCC Help Italian
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{16734097-34B9-C5E3-7863-7A9CAAEB391F}" = ccc-core-static
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{35772A32-7A3D-A8FC-840C-B84B536E62FD}" = CCC Help Swedish
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A2AD071-AABD-4712-A43E-11D06BAA661D}" = ImageMixer 3 SE Ver.6 Transfer Utility
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{42C095E5-4CE2-A376-9893-93431C6A236E}" = CCC Help Dutch
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{543F949F-2B95-448F-9F2E-56F0C5FF8E2C}" = Catalyst Control Center - Branding
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BA6D86E-AA0D-05FF-09B5-ED3CD5277A42}" = CCC Help German
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62CA119E-C5A7-42FC-85E8-4B55AA9E4072}" = ImageMixer 3 SE Ver.6 Video Tools
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65FF00DC-FB93-4C0B-8906-56412A3C5A59}" = HP Software Framework
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6B65BA9C-2E00-3BCB-8EA5-94A7841B39C1}" = CCC Help Thai
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70743ADB-DD63-DA15-1E6C-32D88C54E04D}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix Online Plug-in (DV)
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{778E3C06-48EB-79CA-775E-BEA3086896AD}" = CCC Help Japanese
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A083F0E-189D-9100-8883-3B7E75B53E3F}" = CCC Help Chinese Traditional
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D4318AC-9560-46F0-910F-0B38D6CDC009}" = HP Documentation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE4C1DF-D685-56CB-4B4E-181A12FFAF55}" = CCC Help Turkish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{925BC35B-CA11-577E-95C7-67C5BD4776BA}" = Catalyst Control Center Graphics Previews Common
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93138715-2252-4107-C3C6-D7F8ACAD4956}" = CCC Help Finnish
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95A73EEC-18CA-0C70-2E88-C6F901C69583}" = CCC Help Russian
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C7243A7-5C0E-3190-A042-01D88F7BB791}" = CCC Help Portuguese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA6F75E4-1807-4AAF-8CCC-4B9A48476BA5}" = Catalyst Control Center Localization All
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Français
"{ACF5C43A-3E69-ED63-FCF9-831B3B9D1516}" = CCC Help Polish
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix Online Plug-in (HDX)
"{AF144D2F-E890-B537-DC7C-DE01A8AC5405}" = CCC Help Norwegian
"{B4201487-FA15-8BCC-6833-E355A43CCCDB}" = Catalyst Control Center Graphics Previews Vista
"{B5DE2511-C5D3-0AAC-0470-606067398EBB}" = CCC Help Chinese Standard
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C77A8D2F-DE6E-E548-FA06-C56251441D95}" = CCC Help Spanish
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9A162C1-031F-4EBF-A3E6-C45F7FCCBB9E}_is1" = Genie Backup Assistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D1612A3D-0DCC-4055-BB6A-0036F31158A0}" = Setup
"{D1AEB5DB-04FA-489D-94EF-8600898B93EE}" = ICA
"{D1F80EFD-A032-4E8E-A367-70C44AD4DCE0}" = ISCOM
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix online plug-in (USB)
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DA4BF4BE-3CDC-43B5-BBDA-DDDA73103111}" = Corel PaintShop Photo Pro X3
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DCD941B6-F2E7-4FAF-B102-F7D4DE5FF99A}" = IPM_PSP_Pro
"{DCF1928A-FC01-48E7-A7E6-4651D42EF6A1}" = PSPPRO_DCRAW
"{DF8B9311-ADE7-4EDE-B121-326CAA3D225D}" = PSPPContent
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E93EAD24-E483-52AA-2E6F-C792E51E3F92}" = CCC Help Czech
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECB2E743-BFBD-7C77-6C62-F54ACD0ECE6D}" = CCC Help Hungarian
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F069C491-69E6-4D9B-9A0C-B7894A1FA97C}" = Setup
"{F072CA07-A781-45E4-9975-C033A73019CF}" = ICA
"{F0A06BEC-E4BA-DB4F-C3DF-37A3C77780EF}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F206FEC3-F5DD-43FD-A8CF-9C46B8A6A92C}" = VSPro
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4E9851F-765E-40B7-9859-237C2724E62C}" = DeviceIO
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F6A76E9C-C299-4CFA-AD2A-57FE9DD68B70}" = Contents
"{F8423392-2296-4748-9B66-344432459632}" = PureHD
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{F909BD3C-8684-4ACF-B7C3-33F4F9F901B7}" = Share
"{F90DE865-1A3D-D6D6-0638-F1D2EFCB5C29}" = PX Profile Update
"{F95C8C1F-25BB-44EC-A7E6-5C17ABC6BC71}" = VIO
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix Online Plug-in (Web)
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FB0B6DDD-DF3E-4CD6-927C-724AB854E322}" = VSClassic
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FD67D9F3-FED6-4A2E-9D6C-8C8C44DEF8FF}" = IPM_VS_Pro
"{FD7DDB2A-445B-78D3-EAFB-6F7BE425285E}" = CCC Help Greek
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE661711-E392-4B3F-A4A7-02C747C09134}" = ISCOM
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Audio Editor_is1" = AVS Audio Editor version 6.1
"AVS Audio Recorder 3.9_is1" = AVS Audio Recorder version 3.9
"AVS Disc Creator_is1" = AVS Disc Creator version 3.5
"AVS DVD Authoring_is1" = AVS DVD Authoring
"AVS DVD Copy_is1" = AVS DVD Copy version 4.1.2
"AVS Image Converter_is1" = AVS Image Converter 1.3.1.136
"AVS Media Player_is1" = AVS Media Player 4.1.8.93
"AVS Photo Editor_is1" = AVS Photo Editor
"AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS Video ReMaker_is1" = AVS Video ReMaker 3.1.2.102
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"BrotherSoft_Extreme Toolbar" = BrotherSoft Extreme Toolbar
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"conduitEngine" = Conduit Engine
"DV CIG Guide" = Guide d'enregistrement CANON iMAGE GATEWAY
"eMule" = eMule
"Genie Timeline" = LaCie Genie Timeline 2.1
"Hema Album Software be-fr Advanced_is1" = Hema Album Software be-fr Advanced
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mozilla Firefox 7.0.1 (x86 fr)" = Mozilla Firefox 7.0.1 (x86 fr)
"My HP Game Console" = HP Game Console
"MyCamera" = Canon Utilities MyCamera
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"SymStor" = SymStor 1.1.0.0
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3182394124-1979399216-3936946612-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = CopyTrans Suite désinstallation uniquement
"Google Chrome" = Google Chrome
"Mozilla Firefox 8.0 (x86 fr)" = Mozilla Firefox 8.0 (x86 fr)
"PhotoFiltre" = PhotoFiltre

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26-11-2011 8:02:30 | Computer Name = ismael | Source = SideBySide | ID = 16842787
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest ». Erreur dans le fichier
de manifeste ou de stratégie « C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST »
à la ligne 3. L’identité de composant trouvé dans le manifeste ne correspond pas
à celle du composant demandé. La référence est NFD,type="win32",version="5.2.0.0".
La
définition est NFD,type="win32",version="5.0.0.0". Utilisez sxstrace.exe pour un
diagnostic détaillé.

Error - 26-11-2011 8:04:39 | Computer Name = ismael | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

Error - 26-11-2011 8:42:40 | Computer Name = ismael | Source = BackItUp5 | ID = 5225
Description =

Error - 27-11-2011 4:44:26 | Computer Name = ismael | Source = BackItUp5 | ID = 5225
Description =

Error - 27-11-2011 7:16:27 | Computer Name = ismael | Source = Application Hang | ID = 1002
Description = Le programme Explorer.EXE version 6.1.7600.16768 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID
de processus : f00 Heure de début : 01ccace0b51c3522 Heure de fin : 342 Chemin d’accès
de l’application : C:\Windows\Explorer.EXE ID de rapport : 3430cf70-18e9-11e1-b700-d5382e75b3d4


Error - 27-11-2011 13:08:59 | Computer Name = ismael | Source = BackItUp5 | ID = 5225
Description =

Error - 28-11-2011 7:32:59 | Computer Name = ismael | Source = BackItUp5 | ID = 5225
Description =

Error - 28-11-2011 9:08:11 | Computer Name = ismael | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante ServiceCenter.exe, version : 2.3.2.926,
horodatage : 0x4eca450f Nom du module défaillant : ServiceCenter.exe, version :
2.3.2.926, horodatage : 0x4eca450f Code d’exception : 0xc0000417 Décalage d’erreur
: 0x00152066 ID du processus défaillant : 0x3f0 Heure de début de l’application défaillante
: 0x01ccadce7c8eed45 Chemin d’accès de l’application défaillante : C:\Program Files\Native
Instruments\Service Center\ServiceCenter.exe Chemin d’accès du module défaillant:
C:\Program Files\Native Instruments\Service Center\ServiceCenter.exe ID de rapport
: 0579774f-19c2-11e1-9d00-da717024bad6

Error - 28-11-2011 9:47:36 | Computer Name = ismael | Source = SideBySide | ID = 16842787
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest ». Erreur dans le fichier
de manifeste ou de stratégie « C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST »
à la ligne 3. L’identité de composant trouvé dans le manifeste ne correspond pas
à celle du composant demandé. La référence est NFD,type="win32",version="5.2.0.0".
La
définition est NFD,type="win32",version="5.0.0.0". Utilisez sxstrace.exe pour un
diagnostic détaillé.

Error - 28-11-2011 9:49:59 | Computer Name = ismael | Source = SideBySide | ID = 16842815
Description = La création du contexte d’activation a échoué pour « c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ». Erreur dans le fichier
de manifeste ou de stratégie « c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll » à la ligne 3. La valeur « MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR »
de l’attribut « version » de l’élément « assemblyIdentity » n’est pas valide.

[ Hewlett-Packard Events ]
Error - 1-3-2011 20:17:55 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031102011752.xml
File not created by asset agent

Error - 29-3-2011 19:14:34 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031130011424.xml
File not created by asset agent

Error - 5-4-2011 19:57:53 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041106015750.xml
File not created by asset agent

Error - 12-4-2011 10:41:20 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = fr-BE Une exception de type 'System.Exception' a été levée. HP.SupportFramework

à HP.SupportFramework.HPSFReporting.Reporting..ctor() à HP.ActiveSupportLibrary.Issues.HPSFSession..ctor(LaunchPoint
lp) à HPAssistant.HPAMain.Window_Loaded(Object sender, RoutedEventArgs e) à
System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) à System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) à System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) à System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) à System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) à System.Windows.BroadcastEventHelper.BroadcastLoadedEvent(Object
root) à MS.Internal.LoadedOrUnloadedOperation.DoWork() à System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

à System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() à System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) à System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) à System.Windows.Media.MediaContext.Resize(ICompositionTarget
resizedCompositionTarget) à System.Windows.Interop.HwndTarget.OnResize() à
System.Windows.Interop.HwndTarget.HandleMessage(Int32 msg, IntPtr wparam, IntPtr
lparam) à System.Windows.Interop.HwndSource.HwndTargetFilterMessage(IntPtr hwnd,
Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) à MS.Win32.HwndWrapper.WndProc(IntPtr
hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled) à MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object
o) à System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) à System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 26-4-2011 15:08:48 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041126090846.xml
File not created by asset agent

Error - 27-4-2011 7:14:44 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041127011442.xml
File not created by asset agent

Error - 3-5-2011 19:39:13 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051104013910.xml
File not created by asset agent

Error - 10-5-2011 6:22:40 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051110122237.xml
File not created by asset agent

Error - 28-6-2011 6:05:43 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061128120540.xml
File not created by asset agent

Error - 2-8-2011 6:25:25 | Computer Name = ismael | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081102122521.xml
File not created by asset agent

[ HP Wireless Assistant Events ]
Error - 31-12-2010 11:06:09 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:07:15 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:08:20 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:09:26 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:10:31 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:11:37 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:12:42 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:13:49 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:14:55 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 31-12-2010 11:16:00 | Computer Name = ismael | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Le serveur RPC n’est pas
disponible. (Exception de HRESULT : 0x800706BA) à System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) à System.Management.ManagementScope.InitializeGuts(Object
o) à System.Management.ManagementScope.Initialize() à System.Management.ManagementObject.Initialize(Boolean
getObject) à System.Management.ManagementBaseObject.get_Properties() à System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) à HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 9-12-2011 17:05:51 | Computer Name = ismael | Source = Service Control Manager | ID = 7001
Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
n’a pas pu démarrer en raison de l’erreur : %%1068

Error - 9-12-2011 17:05:51 | Computer Name = ismael | Source = Service Control Manager | ID = 7001
Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
n’a pas pu démarrer en raison de l’erreur : %%1068

Error - 9-12-2011 17:05:54 | Computer Name = ismael | Source = DCOM | ID = 10005
Description =

Error - 9-12-2011 17:05:54 | Computer Name = ismael | Source = DCOM | ID = 10005
Description =

Error - 9-12-2011 17:05:53 | Computer Name = ismael | Source = Service Control Manager | ID = 7001
Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
n’a pas pu démarrer en raison de l’erreur : %%1068

Error - 9-12-2011 17:05:53 | Computer Name = ismael | Source = Service Control Manager | ID = 7001
Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
n’a pas pu démarrer en raison de l’erreur : %%1068

Error - 9-12-2011 17:05:53 | Computer Name = ismael | Source = Service Control Manager | ID = 7001
Description = Le service Explorateur d’ordinateurs dépend du service Serveur qui
n’a pas pu démarrer en raison de l’erreur : %%1068

Error - 9-12-2011 17:05:56 | Computer Name = ismael | Source = Service Control Manager | ID = 7001
Description = Le service Fournisseur HomeGroup dépend du service Hôte du fournisseur
de découverte de fonctions qui n’a pas pu démarrer en raison de l’erreur : %%1068

Error - 9-12-2011 17:52:07 | Computer Name = ismael | Source = DCOM | ID = 10005
Description =

Error - 9-12-2011 17:52:07 | Computer Name = ismael | Source = DCOM | ID = 10005
Description =


< End of report >
isma1974
 
Messages: 7
Inscription: 09 Déc 2011, 23:24

Re: une description détaillée des symptômes d'infection

Messagede isma1974 » 10 Déc 2011, 00:10

voilà j'ai posté tout ce que l'on m'avait dit de faire , mon pc est trop lent depuis ce mois ci , et bitdefender a découvert un cheval de troie 7041535 je crois avec 24 contaminations , merci de m'aider dans ce combat quotidien qui me pourri la vie, à plus.
isma1974
 
Messages: 7
Inscription: 09 Déc 2011, 23:24

Re: une description détaillée des symptômes d'infection

Messagede nickW » 11 Déc 2011, 01:47

Bonsoir,

9 messages, dont deux sont des doublons et pas un seul Bonjour! :twisted:

Pourquoi un démarrage en mode sans échec?

Bitdefender Total Security 2012 installé le 04/12 + AVG 2012 installé le 09/12 => conflit?

Quelles sont les détections exactes de BitDefender?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 29 invités

cron