PC infecté

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

PC infecté

Messagede desppir » 04 Juil 2012, 15:57

Bonjour,
mon ordinateur portable est surement infecté :
- lenteur au démarrage et à l'ouverture des programmes
- publicités intempestives et pornographiques récurrentes malgré l'utilisation de modules complémentaires firefox
- il s'éteint tout seul
- surchauffe

Voilà, merci beaucoup et à bientôt

Le rapport MAM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Version de la base de données: v2012.07.04.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Pierre :: NANTES [administrateur]

04/07/2012 15:36:52
mbam-log-2012-07-04 (15-36-52).txt

Type d'examen: Examen rapide
Options d'examen activées: Démarrage | Système de fichiers | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: Mémoire | Registre | Heuristique/Extra | P2P
Elément(s) analysé(s): 10182
Temps écoulé: 10 minute(s), 14 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
desppir
 
Messages: 31
Inscription: 04 Juil 2012, 15:48

Re: PC infecté

Messagede desppir » 04 Juil 2012, 16:00

Voici le rapport OTL en deux fois (le nombre de caracteres est trop important)

OTL logfile created on: 04/07/2012 15:55:24 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Pierre\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1022,48 Mb Total Physical Memory | 535,68 Mb Available Physical Memory | 52,39% Memory free
1,90 Gb Paging File | 1,33 Gb Available in Paging File | 70,30% Paging File free
Paging file location(s): C:\pagefile.sys 1024 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 14,28 Gb Free Space | 19,16% Space Free | Partition Type: NTFS

Computer Name: NANTES | User Name: Pierre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/04 15:19:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pierre\Bureau\OTL.exe
PRC - [2012/06/19 14:24:52 | 000,598,320 | ---- | M] (Boxore OU) -- C:\Program Files\Boxore\BoxoreClient\boxore.exe
PRC - [2012/02/27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/06/24 01:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 09:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Fichiers communs\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2010/09/16 10:03:34 | 000,858,624 | ---- | M] (Orange) -- C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\one\OrangeInside.exe
PRC - [2009/07/27 04:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 11:17:20 | 000,057,344 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2006/10/16 20:00:47 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2006/05/18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2005/02/02 14:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 14:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/10/14 13:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
PRC - [2003/12/31 16:39:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 16:44:36 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 16:40:29 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 16:40:10 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/13 15:01:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 15:00:41 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/13 15:00:18 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/12 16:28:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 16:21:46 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 16:21:04 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/08/02 17:12:54 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3343.28200__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:54 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3343.28229__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3343.28221__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3343.28213__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:53 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3343.28228__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:53 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3343.28338__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:53 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3343.28315__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:53 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3343.28309__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:53 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3343.28281__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:53 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3343.28263__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:52 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3343.28213__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:51 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3343.28339__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:51 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3343.28229__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:51 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3343.28228__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:50 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3343.28288__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3343.28289__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:50 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3343.28288__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:49 | 000,172,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3343.28280__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:49 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3343.28280__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:45 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3343.28265__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:45 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3343.28301__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:45 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3343.28230__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:45 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3343.28278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:45 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:44 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3343.28310__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:44 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3343.28215__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:44 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3343.28230__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3343.28236__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3343.28278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:43 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3343.28280__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:43 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3343.28237__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:43 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3343.28263__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3343.28279__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:42 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/08/02 17:12:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/08/02 17:12:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/08/02 17:12:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011/08/02 17:12:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011/08/02 17:12:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/08/02 17:12:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/08/02 17:12:40 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/08/02 17:12:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/08/02 17:12:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/08/02 17:12:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011/08/02 17:12:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/08/02 17:12:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2011/08/02 17:12:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011/08/02 17:12:37 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/08/02 17:12:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/08/02 17:12:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/08/02 17:12:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/08/02 17:12:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/08/02 17:12:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/08/02 17:12:36 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/08/02 17:12:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/08/02 17:12:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/08/02 17:12:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/08/02 17:12:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/08/02 17:12:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/08/02 17:12:35 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/08/02 17:12:35 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/08/02 17:12:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2011/08/02 17:12:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2011/08/02 17:12:33 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/08/02 17:12:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011/08/02 17:12:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/08/02 17:12:30 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3343.28368__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011/08/02 17:12:30 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3343.28347__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/08/02 17:12:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011/08/02 17:12:30 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/08/02 17:12:29 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/08/02 17:12:29 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/08/02 17:12:29 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3343.28197__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/08/02 17:12:28 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3343.28330__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/08/02 17:12:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/08/02 17:12:28 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011/08/02 17:12:27 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3343.28321__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011/08/02 17:12:27 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3343.28221__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/08/02 17:12:27 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3343.28328__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/08/02 17:12:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/08/02 17:12:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/08/02 17:12:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/08/02 17:12:26 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3343.28198__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/08/02 17:12:26 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3343.28199__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/08/02 17:12:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/08/02 17:12:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/08/02 17:12:24 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3343.28207__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/08/02 17:12:24 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/08/02 17:12:23 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3343.28199__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011/08/02 17:12:23 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/08/02 17:12:23 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3343.28329__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011/08/02 17:12:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011/08/02 17:12:22 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3343.28198__90ba9c70f846762e\APM.Server.dll
MOD - [2011/08/02 17:12:22 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3343.28197__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/24 01:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2010/08/23 15:33:08 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/08/23 15:33:04 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/12/31 16:39:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/30 12:18:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/23 15:46:50 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/13 09:50:35 | 000,140,080 | ---- | M] (Boxore OU.) [Auto | Stopped] -- C:\Program Files\Software\Update\SoftwareUpdate.exe -- (supdate) Software Update Service (supdate)
SRV - [2012/02/27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/10/14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/06/17 09:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/05/20 11:13:26 | 001,055,872 | ---- | M] (France Telecom SA) [Auto | Stopped] -- C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe -- (Orange update Core Service)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2007/12/10 13:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/04 11:17:20 | 000,057,344 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2006/11/23 00:49:05 | 000,069,120 | ---- | M] (BOONTY) [Disabled | Stopped] -- C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2006/10/16 20:00:47 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2006/05/18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sis163u.sys -- (SIS163u)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/06/30 12:55:52 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/04/30 14:00:20 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/04/30 14:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 14:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 13:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/09/01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/27 12:55:32 | 000,234,304 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys -- (SCRCAMHRDRV)
DRV - [2009/03/25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/26 00:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/08/06 17:01:30 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2007/05/09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/01/31 15:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 14:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/11/25 18:13:38 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/16 20:00:43 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2006/10/12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/06/27 18:30:50 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2006/05/10 09:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/05/10 09:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/05/10 09:56:26 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005/05/17 14:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 15:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/05/16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/03/16 14:43:06 | 000,159,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/12/15 17:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 17:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 17:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/17 12:17:58 | 000,280,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/11/17 12:17:14 | 000,293,120 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/07/08 12:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/09/23 11:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/23 17:21:42 | 000,036,937 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&app ... 06&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage

IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - No CLSID value found
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\URLSearchHook: {AEEC3B59-CA98-4EBA-A140-57B94E283583} - No CLSID value found
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\SearchScopes,DefaultScope = {90263499-D0B7-4DAE-8688-DC01BDDE9C64}
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\SearchScopes\{814C76CB-2623-43F4-AAD0-58A0E5190A20}: "URL" = http://r.orange.fr/r?ref=O_toolbar32_ho ... ie7?rdata={searchTerms}
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\SearchScopes\{90263499-D0B7-4DAE-8688-DC01BDDE9C64}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SKPT_frFR439
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage|http://www.jeuxvideo.com/ps3-playstation-3.htm|http://fr.mail.yahoo.com/|http://www.google.fr/search?q=google&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: menu_contextuel_orange@orange.fr:1.0
FF - prefs.js..extensions.enabledItems: {4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}:1.2.1.0
FF - prefs.js..keyword.URL: "http://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - user.js..browser.startup.homepage: "http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage|http://www.jeuxvideo.com/ps3-playstation-3.htm|http://fr.mail.yahoo.com/|http://www.google.fr/search?q=google&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a"
FF - user.js..keyword.URL: "http://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8: C:\Program Files\Software\Update\1.2.197.0\npSoftwareOneClick8.dll (Boxore OU.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9CD2384C-143B-4790-A075-E7FEFE2A554B}: C:\Program Files\Boxore\BoxoreClient\BoxoreExtension\MozillaFirefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/06/30 16:11:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/06/30 16:11:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/01 17:29:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/07 13:05:23 | 000,000,000 | ---D | M]

[2010/04/18 13:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Extensions
[2012/07/03 23:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions
[2012/06/29 12:21:55 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/01/31 14:26:44 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions\2020Player@2020Technologies.com
[2012/03/15 21:08:23 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions\firefox@ghostery.com
[2012/03/21 14:35:32 | 000,000,000 | ---D | M] (SpeedFox) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions\jid1-uabu5A9hduqzCw@jetpack
[2012/01/19 14:57:04 | 000,000,000 | ---D | M] (Stylish-Custom) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions\Stylish-Custom@choggi.dyndns.org
[2011/04/18 12:38:18 | 000,001,129 | ---- | M] () -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\searchplugins\orange.xml
[2012/05/11 16:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/31 17:16:09 | 000,616,227 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\{1E9A63EF-84EC-49A4-8D6F-2DD9524E90D0}.XPI
[2012/03/02 11:40:51 | 000,258,567 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012/06/16 18:19:54 | 000,047,658 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.XPI
[2012/03/31 17:16:09 | 000,035,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\ADBAN@AD-BAN.APPSPOT.COM.XPI
[2012/06/25 17:51:05 | 000,109,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012/04/12 19:05:02 | 000,021,611 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\JSCRPTCOMMAND@MAX.MAX.XPI
[2012/03/21 23:33:18 | 000,056,364 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\YESPOPUPSV1@PATHETICCOCKROACH.COM.XPI
[2012/03/07 12:34:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/02 16:19:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/07/01 17:29:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/07 12:34:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/01 17:28:57 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/07/01 17:28:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/01 17:28:57 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/07/01 17:28:57 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2011/09/19 14:06:54 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/07/01 17:28:57 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/07/01 17:28:57 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
desppir
 
Messages: 31
Inscription: 04 Juil 2012, 15:48

Re: PC infecté

Messagede desppir » 04 Juil 2012, 16:01

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Software Update (Enabled) = C:\Program Files\Software\Update\1.2.195.0\npSoftwareOneClick8.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Ma-Config.com plugin (Enabled) = C:\Program Files\ma-config.com\nphardwaredetection.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Turn Off the Lights = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.81_0\
CHR - Extension: YouTube = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Recherche Google = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.30_0\
CHR - Extension: No name found = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/02/20 17:09:24 | 000,298,936 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 10286 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Boxore Client] C:\Program Files\Boxore\BoxoreClient\boxore.exe (Boxore OU)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006..\Run: [orangeinside] C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\one\OrangeInside.exe (Orange)
O4 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006..\Run: [Update Service] C:\Program Files\Fichiers communs\Teknum Systems\update.exe (Teknum Systems AS)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\AutoTBar.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\AutoTBar.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Pierre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\addfavorites_html\AddFavorites.html ()
O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html ()
O8 - Extra context menu item: envoyer par sms - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html ()
O8 - Extra context menu item: envoyer un mail - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html ()
O8 - Extra context menu item: orange.fr - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\orange_html\orange.html ()
O8 - Extra context menu item: rechercher le texte sélectionné - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html ()
O8 - Extra context menu item: traduire la page - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\translate_html\translate.html ()
O8 - Extra context menu item: traduire le texte sélectionné - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html ()
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crl ... crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57A73C3E-0718-4B3D-BFE7-BFA827A3BCC0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Pierre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pierre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62cad41c-67a2-11e0-8ea6-001636252aa2}\Shell - "" = AutoRun
O33 - MountPoints2\{62cad41c-67a2-11e0-8ea6-001636252aa2}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{8bf39677-128b-11db-83af-00032f42d6e3}\Shell - "" = AutoRun
O33 - MountPoints2\{8bf39677-128b-11db-83af-00032f42d6e3}\Shell\AutoRun\command - "" = E:\ReadMe.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (stera)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012/07/04 15:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/07/04 15:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2012/07/04 15:29:05 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Pierre\Bureau\erunt-setup.exe
[2012/07/04 15:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/07/04 15:24:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/04 15:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/04 15:22:26 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Pierre\Bureau\mbam-setup-1.61.0.1400.exe
[2012/07/04 15:19:28 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pierre\Bureau\OTL.exe
[2012/07/03 21:11:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pierre\Recent
[2012/07/02 23:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/07/02 16:56:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/30 12:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Kaspersky Anti-Virus 2012
[2012/06/30 12:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/06/30 12:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2012/06/30 12:55:52 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/06/25 20:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pierre\Mes documents\Nouveau dossier
[2012/06/25 20:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pierre\.swt
[2012/06/25 20:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2012/06/25 20:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/06/25 20:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
[2007/08/06 17:01:30 | 000,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\Pierre\Application Data\ezplay.sys
[2007/04/04 13:04:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Pierre\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/04 16:00:27 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/07/04 15:56:01 | 000,001,078 | ---- | M] () -- C:\WINDOWS\tasks\SoftwareUpdateTaskMachineUA.job
[2012/07/04 15:46:02 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/04 15:31:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Pierre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2012/07/04 15:31:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Pierre\Bureau\ERUNT.lnk
[2012/07/04 15:30:38 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Pierre\Bureau\erunt-setup.exe
[2012/07/04 15:28:22 | 000,001,152 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4244454421-547473314-2425234851-1006UA.job
[2012/07/04 15:24:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/07/04 15:22:46 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Pierre\Bureau\mbam-setup-1.61.0.1400.exe
[2012/07/04 15:19:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pierre\Bureau\OTL.exe
[2012/07/04 15:19:02 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/04 15:12:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/04 15:12:16 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/04 15:12:13 | 000,001,074 | ---- | M] () -- C:\WINDOWS\tasks\SoftwareUpdateTaskMachineCore.job
[2012/07/04 15:09:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/04 15:09:38 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/03 22:59:22 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Pierre\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers iTunes.exe.lnk
[2012/07/03 19:43:00 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Pierre\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/03 19:28:04 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4244454421-547473314-2425234851-1006Core.job
[2012/06/30 13:08:42 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Pierre\Local Settings\Application Data\WebpageIcons.db
[2012/06/30 12:59:17 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/06/30 12:59:17 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/06/30 12:55:52 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/06/30 12:46:33 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/06/29 21:34:37 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\Pierre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/25 20:44:08 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Pierre\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/06/23 15:46:46 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/06/23 15:46:46 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/06/13 17:06:19 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 16:36:35 | 000,511,832 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/06/13 16:36:34 | 000,442,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 16:36:34 | 000,085,832 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/06/13 16:36:34 | 000,072,228 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/12 14:19:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/04 16:00:27 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/07/04 15:31:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Pierre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2012/07/04 15:31:30 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Pierre\Bureau\ERUNT.lnk
[2012/07/04 15:24:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/07/03 22:59:22 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers iTunes.exe.lnk
[2012/07/02 23:17:23 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GIMP 2.lnk
[2012/06/30 13:08:29 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Pierre\Local Settings\Application Data\WebpageIcons.db
[2012/06/30 12:59:17 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/06/30 12:59:17 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/06/25 20:44:08 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/06/25 20:44:04 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Vuze.lnk
[2012/02/15 15:58:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/10 16:19:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/08/02 17:18:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/08/02 17:10:58 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2011/01/10 13:10:06 | 000,221,184 | --S- | C] () -- C:\WINDOWS\System32\glut32.dll
[2009/08/27 14:59:50 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\setup_ldm.iss
[2007/08/06 17:01:30 | 000,007,861 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\ezplay.cat
[2007/08/06 17:01:30 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\ezplay.inf
[2007/08/06 17:01:30 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\ezplay.ini
[2007/04/04 13:04:48 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\ezpinst.exe
[2007/04/04 13:04:48 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\pcouffin.cat
[2007/04/04 13:04:48 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\pcouffin.inf
[2006/04/16 15:25:34 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/14 20:08:28 | 000,103,424 | ---- | C] () -- C:\Documents and Settings\Pierre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/13 00:37:16 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[2006/03/30 00:15:30 | 000,041,922 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\wklnhst.dat
[2006/03/29 23:40:50 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Pierre\Local Settings\Application Data\fusioncache.dat
[2001/01/30 10:06:02 | 000,099,008 | ---- | C] () -- C:\Program Files\Win2000PPAHotfix.exe

========== LOP Check ==========

[2011/11/01 14:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/06/20 13:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/06/30 12:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/09/19 15:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/08/24 15:38:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/24 16:06:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/08/29 22:13:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008/08/26 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006/03/30 00:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2012/03/09 19:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2011/07/26 15:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Orange
[2008/06/18 18:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/06/18 14:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2009/09/08 15:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/08 15:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/06/20 17:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Up Window Inside About
[2012/06/01 18:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2009/03/13 19:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/11/19 17:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/08 15:35:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/11/21 16:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/01/17 18:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Delphine\Application Data\ArchiFacile
[2012/03/13 22:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Delphine\Application Data\Canon
[2010/10/03 14:39:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Delphine\Application Data\Canon Easy-WebPrint EX
[2012/01/10 18:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Delphine\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2006/04/28 17:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Delphine\Application Data\InterVideo
[2006/04/10 15:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Delphine\Application Data\MSNInstaller
[2008/08/25 20:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Delphine\Application Data\Nokia
[2008/08/25 20:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Delphine\Application Data\PC Suite
[2012/03/26 13:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Delphine\Application Data\PhotoFiltre
[2011/09/19 14:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Delphine\Application Data\searchquband
[2011/09/19 14:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Delphine\Application Data\searchqutoolbar
[2006/03/29 22:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Delphine\Application Data\Template
[2011/11/01 14:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\ACD Systems
[2012/07/03 21:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Azureus
[2012/01/08 12:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Canon
[2010/08/24 15:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Canon Easy-WebPrint EX
[2006/07/25 01:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\DeepBurner
[2011/08/02 17:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Leadertech
[2006/10/09 12:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\MSNInstaller
[2008/06/18 18:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Nokia
[2009/10/25 20:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Nokia Multimedia Player
[2011/04/18 12:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Orange
[2008/06/18 18:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\PC Suite
[2006/03/30 00:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Template
[2009/09/08 15:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\TuneUp Software
[2012/02/03 15:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Vso
[2012/06/01 18:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\WindSolutions
[2012/07/04 15:12:13 | 000,001,074 | ---- | M] () -- C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineCore.job
[2012/07/04 15:56:01 | 000,001,078 | ---- | M] () -- C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineUA.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/05 15:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/05 10:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/26 17:27:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/26 17:27:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/05 15:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/05 10:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/26 17:27:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/26 17:27:09 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CTFMON.EXE >
[2004/08/05 10:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2004/08/05 10:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/05 10:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 15:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 10:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 10:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/05 10:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004/08/05 10:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:820563D3

< End of report >
desppir
 
Messages: 31
Inscription: 04 Juil 2012, 15:48

Re: PC infecté

Messagede desppir » 04 Juil 2012, 16:03

le rapport Extras

OTL Extras logfile created on: 04/07/2012 15:55:24 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Pierre\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1022,48 Mb Total Physical Memory | 535,68 Mb Available Physical Memory | 52,39% Memory free
1,90 Gb Paging File | 1,33 Gb Available in Paging File | 70,30% Paging File free
Paging file location(s): C:\pagefile.sys 1024 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 14,28 Gb Free Space | 19,16% Space Free | Partition Type: NTFS

Computer Name: NANTES | User Name: Pierre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1"
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1"
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"51206:TCP" = 51206:TCP:*:Enabled:azureus
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"D:\fscommand\CKSocketServer.exe" = D:\fscommand\CKSocketServer.exe:*:Enabled:Socket Server
"C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe" = C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe:*:Enabled:OrangeUpdate -- (France Telecom SA)
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
"C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{006E6A46-8D55-4F10-BBA8-2C9653B4278B}" = Software Update Helper
"{0355CF40-97AF-9CDD-7282-BF151AEE724B}" = ccc-core-static
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2306AB02-DE01-1366-BCFF-41D1197CF42E}" = ccc-utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3A2AF807-9F9F-43C9-A24A-17B617238B74}" = OpenOffice.org Installer 1.0
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4634B21A-CC07-4396-890C-2B8168661FEA}" = Windows Live Writer
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{497BCFDD-F589-448D-A1C3-78D1B1809CCC}" = Boxore Client
"{4E203CAF-230D-5275-C15B-517273593359}" = Catalyst Control Center Core Implementation
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail
"{6068A42A-C1CF-45F2-9859-5DB16287FE5D}" = msvcrt_installer
"{65EAB391-4B36-59AA-0336-D0C4BEB6CD2F}" = CCC Help English
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Connexion Facile à Internet
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{89601BB9-C8C0-493D-9912-AD7F51A918A3}" = Boxore Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{953F4AF6-25A4-2419-0A5D-FCA262FEF85E}" = Catalyst Control Center Graphics Full New
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A059DE09-1B49-4450-B340-7AE097EC3F04}" = Microsoft Works
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Gestionnaire de photos 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A83000000003}" = Adobe Reader 8.3.1 - Français
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B131E59D-202C-43C6-84C9-68F0C37541F1}" = Galerie de photos Windows Live
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}" = PC Connectivity Solution
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6A83D5C-636B-83F9-CEA4-9E2A31C4F509}" = ccc-core-preinstall
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
"{D13FE823-C575-4451-AC37-E645A67AA581}_1.2.1.0" = Orange Installeur version 1.2.1.0
"{D5D81435-B8DE-4CAF-867F-7998F2B92CFC}" = Windows Live Contrôle parental
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DCB7474F-F85C-2196-700A-C69692895D00}" = Catalyst Control Center Graphics Full Existing
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EA5D652F-EC02-D5E8-6887-CE9EE1C9846F}" = Skins
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F88E77C7-846D-73D9-7B33-0AF6A5F5FD1B}" = Catalyst Control Center Graphics Light
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"6A630DCEC5EEC912115F2FF59D8C2C769798D930" = Package de pilotes Windows - Nokia Modem (10/12/2007 3.6)
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CAL" = Canon Camera Access Library
"Calendrier" = Calendrier
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CdaC13Ba" = SafeCast Shared Components
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_3082103C" = Conexant Data Fax Modem with SmartCP
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Conexant PCI Audio" = Conexant AC-97 Audio
"CSCLIB" = Canon Camera Support Core Library
"DPP" = Canon Utilities Digital Photo Professional 3.4
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"GIMP-2_is1" = GIMP 2.8.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D Pilote WIA
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 13.0.1 (x86 fr)" = Mozilla Firefox 13.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OrangeUpdateManager" = Orange update
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"sp6" = Logitech SetPoint 6.30
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Uninstall 4_is1" = Total Uninstall 4.31
"VLC media player" = VLC media player 2.0.0
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4244454421-547473314-2425234851-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Google Chrome" = Google Chrome
"Orange Inside" = Orange Inside

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/05/2012 07:03:28 | Computer Name = NANTES | Source = Bonjour Service | ID = 100
Description =

Error - 25/05/2012 13:39:45 | Computer Name = NANTES | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 12.0.0.4493, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 26/05/2012 03:27:05 | Computer Name = NANTES | Source = PerfNet | ID = 2005
Description = Impossible de lire les données de performance du Service serveur. Aucune
donnée de performance du serveur ne sera renvoyée pour cet extrait. Le code d'erreur
renvoyé est la donnée DWORD 0, IOSB.Status est DWORD 1 et IOSB.Information est DWORD
2.

Error - 26/05/2012 03:27:05 | Computer Name = NANTES | Source = PerfNet | ID = 2006
Description = Impossible de lire les données de performance de la file d'attente
serveur du Service serveur. Aucune donnée de performance de la file d'attente serveur
ne
sera renvoyée pour cet extrait. Le code d'erreur renvoyé est la donnée DWORD 0,
IOSB.Status est DWORD 1 et IOSB.Information est DWORD 2.

Error - 28/05/2012 17:26:10 | Computer Name = NANTES | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 29/05/2012 10:22:47 | Computer Name = NANTES | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

Error - 29/05/2012 16:22:42 | Computer Name = NANTES | Source = PerfNet | ID = 2005
Description = Impossible de lire les données de performance du Service serveur. Aucune
donnée de performance du serveur ne sera renvoyée pour cet extrait. Le code d'erreur
renvoyé est la donnée DWORD 0, IOSB.Status est DWORD 1 et IOSB.Information est DWORD
2.

Error - 29/05/2012 16:22:42 | Computer Name = NANTES | Source = PerfNet | ID = 2006
Description = Impossible de lire les données de performance de la file d'attente
serveur du Service serveur. Aucune donnée de performance de la file d'attente serveur
ne
sera renvoyée pour cet extrait. Le code d'erreur renvoyé est la donnée DWORD 0,
IOSB.Status est DWORD 1 et IOSB.Information est DWORD 2.

Error - 30/05/2012 17:53:07 | Computer Name = NANTES | Source = MsiInstaller | ID = 11714
Description = Product: Boxore Client -- Error 1714. The older version of Boxore
Client cannot be removed. Contact your technical support group. System Error 1612.

Error - 31/05/2012 05:18:36 | Computer Name = NANTES | Source = PerfNet | ID = 2004
Description = Impossible d'ouvrir le Service serveur. Les données de performance
du serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD
0.

[ System Events ]
Error - 04/07/2012 03:08:45 | Computer Name = NANTES | Source = Print | ID = 23
Description = L'imprimante Lexmark Z23-Z33 (Copie 1),3 n'a pas pu s'initialiser
car aucun pilote Lexmark Z23-Z33 adéquat n'a été trouvé.

Error - 04/07/2012 03:08:45 | Computer Name = NANTES | Source = Print | ID = 23
Description = L'imprimante Lexmark Z23-Z33 (Copie 2),0 n'a pas pu s'initialiser
car aucun pilote Lexmark Z23-Z33 adéquat n'a été trouvé.

Error - 04/07/2012 03:08:45 | Computer Name = NANTES | Source = Print | ID = 23
Description = L'imprimante Lexmark Z23-Z33,1 n'a pas pu s'initialiser car aucun
pilote Lexmark Z23-Z33 adéquat n'a été trouvé.

Error - 04/07/2012 03:09:04 | Computer Name = NANTES | Source = Service Control Manager | ID = 7000
Description = Le service ScreenCamera HR n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 04/07/2012 03:09:04 | Computer Name = NANTES | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : eeCtrl

Error - 04/07/2012 09:10:40 | Computer Name = NANTES | Source = Print | ID = 23
Description = L'imprimante Lexmark Z23-Z33 (Copie 1),3 n'a pas pu s'initialiser
car aucun pilote Lexmark Z23-Z33 adéquat n'a été trouvé.

Error - 04/07/2012 09:10:40 | Computer Name = NANTES | Source = Print | ID = 23
Description = L'imprimante Lexmark Z23-Z33 (Copie 2),0 n'a pas pu s'initialiser
car aucun pilote Lexmark Z23-Z33 adéquat n'a été trouvé.

Error - 04/07/2012 09:10:40 | Computer Name = NANTES | Source = Print | ID = 23
Description = L'imprimante Lexmark Z23-Z33,1 n'a pas pu s'initialiser car aucun
pilote Lexmark Z23-Z33 adéquat n'a été trouvé.

Error - 04/07/2012 09:10:57 | Computer Name = NANTES | Source = Service Control Manager | ID = 7000
Description = Le service ScreenCamera HR n'a pas pu démarrer en raison de l'erreur :
%%1058

Error - 04/07/2012 09:11:00 | Computer Name = NANTES | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : eeCtrl


< End of report >
desppir
 
Messages: 31
Inscription: 04 Juil 2012, 15:48

Re: PC infecté

Messagede nickW » 08 Juil 2012, 23:54

Bonsoir,

Nouvelle analyse:

Étape 1: AdwCleaner (de Xplode), téléchargement
Télécharger AdwCleaner depuis la page ci-dessous:
http://general-changelog-team.fr/fr/dow ... adwcleaner
Enregistrer le fichier adwcleaner.exe sur le Bureau.


Étape 2: AdwCleaner (de Xplode), analyse
Faire un double clic sur adwcleaner.exe pour lancer l'outil.

L'écran principal d'AdwCleaner s'affiche:
Image

Cliquer sur le bouton Recherche.

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'AdwCleaner.
Fermer le Bloc-notes.


Étape 3: Résultat
Envoyer en réponse:
*- le rapport d'analyse d'AdwCleaner (contenu du fichier %SystemDrive%\AdwCleaner[Rn].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: PC infecté

Messagede desppir » 09 Juil 2012, 14:26

bonjour, voici le rapport Adwcleaner

# AdwCleaner v1.701 - Rapport créé le 09/07/2012 à 15:22:04
# Mis à jour le 02/07/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Pierre - NANTES
# Exécuté depuis : C:\Documents and Settings\Pierre\Bureau\adwcleaner.exe
# Option [Recherche]


***** [Services] *****

Présent : supdate

***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Documents and Settings\Pierre\Local Settings\Application Data\AskToolbar
Dossier Présent : C:\Documents and Settings\Pierre\Local Settings\Application Data\Conduit
Dossier Présent : C:\Documents and Settings\Pierre\Local Settings\Application Data\ConduitEngine
Dossier Présent : C:\Documents and Settings\Pierre\Local Settings\Application Data\Vuze_Remote
Dossier Présent : C:\Documents and Settings\Delphine\Local Settings\Application Data\Ilivid Player
Dossier Présent : C:\DOCUME~1\Delphine\LOCALS~1\Temp\AskSearch
Dossier Présent : C:\Documents and Settings\Delphine\Application Data\searchquband
Dossier Présent : C:\Documents and Settings\Delphine\Application Data\Searchqutoolbar
Dossier Présent : C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\Smartbar
Dossier Présent : C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions\staged
Dossier Présent : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Dossier Présent : C:\Program Files\Boxore
Dossier Présent : C:\Program Files\Conduit
Dossier Présent : C:\Program Files\Vuze_Remote
Fichier Présent : C:\Documents and Settings\Delphine\Application Data\Mozilla\Firefox\Profiles\vsv1p6pd.default\searchplugins\Askcom.xml
Fichier Présent : C:\Documents and Settings\Delphine\Application Data\Mozilla\Firefox\Profiles\vsv1p6pd.default\searchplugins\SearchResults.xml
Fichier Présent : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml

***** [Registre] *****

[*] Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Clé Présente : HKCU\Software\AppDataLow\AskBarDis
Clé Présente : HKCU\Software\Conduit
Clé Présente : HKCU\Software\conduitEngine
Clé Présente : HKCU\Software\DataMngr
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Clé Présente : HKCU\Software\Smartbar
Clé Présente : HKCU\Toolbar
Clé Présente : HKLM\SOFTWARE\AskBarDis
Clé Présente : HKLM\SOFTWARE\Boxore
Clé Présente : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Présente : HKLM\SOFTWARE\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8
Clé Présente : HKLM\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
Clé Présente : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160
Clé Présente : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24
Clé Présente : HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.software.oneclickctrl.8
Clé Présente : HKLM\SOFTWARE\Classes\Software.OneClickCtrl.8
Clé Présente : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass
Clé Présente : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass.1
Clé Présente : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine
Clé Présente : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine.1.0
Clé Présente : HKLM\SOFTWARE\Conduit
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\jeaihkehdlhkocphopopahkfjcfcphef
Clé Présente : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
Clé Présente : HKLM\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8
Clé Présente : HKLM\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8\
Clé Présente : HKLM\SOFTWARE\Software
Valeur Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Boxore Client]
Valeur Présente : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{9CD2384C-143B-4790-A075-E7FEFE2A554B}]

***** [Registre - GUID] *****

Clé Présente : HKLM\SOFTWARE\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{38EE5CEE-4B62-11D3-854F-00A0C9C898E7}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{7555B87D-D711-48B2-B97D-04DF700652BA}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{8D670533-270B-4549-B19B-414FB9C6EBDB}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7555B87D-D711-48B2-B97D-04DF700652BA}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7555B87D-D711-48B2-B97D-04DF700652BA}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Navigateurs] *****

-\\ Internet Explorer v7.0.5730.11

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v13.0.1 (fr)

Nom du profil : default
Fichier : C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\prefs.js

Présente : user_pref("CT2504091.129079840421401584.isToggled_item0_11", "true");
Présente : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Présente : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Présente : user_pref("CT2504091.FirstTime", "true");
Présente : user_pref("CT2504091.FirstTimeFF3", "true");
Présente : user_pref("CT2504091.FirstTimeSettingsDone", true);
Présente : user_pref("CT2504091.SettingsLastCheckTime", "Mon Oct 18 2010 00:08:03 GMT+0200");
Présente : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Présente : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Mon Oct 18 2010 00:08:02 GMT+0200");
Présente : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
Présente : user_pref("CT2504091.UserID", "UN74142667931641049");
Présente : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
Présente : user_pref("CT2504091.autoDisableScopes", -1);
Présente : user_pref("CT2504091.defaultSearch", "false");
Présente : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
Présente : user_pref("CT2504091.enableAlerts", "false");
Présente : user_pref("CT2504091.enableSearchFromAddressBar", "true");
Présente : user_pref("CT2504091.firstTimeDialogOpened", "true");
Présente : user_pref("CT2504091.fixPageNotFoundError", "true");
Présente : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
Présente : user_pref("CT2504091.fixUrls", true);
Présente : user_pref("CT2504091.installId", "ConduitNSISIntegration");
Présente : user_pref("CT2504091.installType", "ConduitNSISIntegration");
Présente : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Présente : user_pref("CT2504091.isNewTabEnabled", false);
Présente : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
Présente : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Présente : user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Présente : user_pref("CT2504091.openThankYouPage", "false");
Présente : user_pref("CT2504091.openUninstallPage", "false");
Présente : user_pref("CT2504091.search.searchAppId", "129079840422026594");
Présente : user_pref("CT2504091.search.searchCount", "0");
Présente : user_pref("CT2504091.searchInNewTabEnabled", "false");
Présente : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
Présente : user_pref("CT2504091.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Présente : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Présente : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Présente : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Présente : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Présente : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Présente : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Présente : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Présente : user_pref("CT2504091.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Présente : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1340649924177");
Présente : user_pref("CT2504091.serviceLayer_services_appTracking_lastUpdate", "1340649927356");
Présente : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1340649924037");
Présente : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1340649926125");
Présente : user_pref("CT2504091.serviceLayer_services_login_10.10.11.1_lastUpdate", "1340728300125");
Présente : user_pref("CT2504091.serviceLayer_services_login_10.10.12.5_lastUpdate", "1341839915081");
Présente : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1340649925969");
Présente : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1340649926236");
Présente : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1340649921674");
Présente : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1341839910211");
Présente : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1340649926181");
Présente : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1341839914075");
Présente : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1341839910791");
Présente : user_pref("CT2504091.settingsINI", true);
Présente : user_pref("CT2504091.shouldFirstTimeDialog", "false");
Présente : user_pref("CT2504091.smartbar.CTID", "CT2504091");
Présente : user_pref("CT2504091.smartbar.Uninstall", "0");
Présente : user_pref("CT2504091.smartbar.isHidden", true);
Présente : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
Présente : user_pref("CT2504091.startPage", "false");
Présente : user_pref("CT2504091.toolbarBornServerTime", "25-6-2012");
Présente : user_pref("CT2504091.toolbarCurrentServerTime", "9-7-2012");
Présente : user_pref("browser.search.defaultengine", "Ask.com");
Présente : user_pref("browser.search.defaultenginename", "Ask.com");
Présente : user_pref("browser.search.order.1", "Ask.com");
Présente : user_pref("browser.search.selectedEngine", "Ask.com");
Présente : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://rws.search.ke.voila.fr/RW/S/opensearch[...]

Nom du profil : default
Fichier : C:\Documents and Settings\Delphine\Application Data\Mozilla\Firefox\Profiles\vsv1p6pd.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v20.0.1132.47

Fichier : C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [15150 octets] - [09/07/2012 15:22:04]

########## EOF - C:\AdwCleaner[R1].txt - [15279 octets] ##########

A suivre,
desppir
 
Messages: 31
Inscription: 04 Juil 2012, 15:48

Re: PC infecté

Messagede nickW » 09 Juil 2012, 22:15

Bonsoir,

Premiers nettoyages:

Je te conseille d'imprimer la procédure, ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet lors de l'étape 2, et un redémarrage est possible).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.



Étape 1: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Kaspersky: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), puis "Suspendre la protection...", "A la demande de l'utilisateur/Reprendre manuellement".


Étape 2: AdwCleaner (de Xplode), nettoyage

Fermer tous les navigateurs internet (Internet Explorer, Firefox, Opera, Google Chrome, etc).

Faire un double clic sur adwcleaner.exe pour lancer l'outil.

L'écran principal d'AdwCleaner s'affiche:
Image

Cliquer sur le bouton Suppression.

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'AdwCleaner.
Fermer le Bloc-notes.


Étape 3: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 4: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 5: Résultat
Envoyer en réponse:
*- le rapport de nettoyage d'AdwCleaner (contenu du fichier %SystemDrive%\AdwCleaner[Sn].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: PC infecté

Messagede desppir » 09 Juil 2012, 23:15

voilà le rapport adwcleaner


# AdwCleaner v1.701 - Rapport créé le 09/07/2012 à 23:42:06
# Mis à jour le 02/07/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Pierre - NANTES
# Exécuté depuis : C:\Documents and Settings\Pierre\Bureau\adwcleaner.exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : supdate

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Documents and Settings\Pierre\Local Settings\Application Data\AskToolbar
Dossier Supprimé : C:\Documents and Settings\Pierre\Local Settings\Application Data\Conduit
Dossier Supprimé : C:\Documents and Settings\Pierre\Local Settings\Application Data\ConduitEngine
Dossier Supprimé : C:\Documents and Settings\Pierre\Local Settings\Application Data\Vuze_Remote
Dossier Supprimé : C:\Documents and Settings\Delphine\Local Settings\Application Data\Ilivid Player
Dossier Supprimé : C:\DOCUME~1\Delphine\LOCALS~1\Temp\AskSearch
Dossier Supprimé : C:\Documents and Settings\Delphine\Application Data\searchquband
Dossier Supprimé : C:\Documents and Settings\Delphine\Application Data\Searchqutoolbar
Dossier Supprimé : C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\Smartbar
Dossier Supprimé : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Dossier Supprimé : C:\Program Files\Boxore
Dossier Supprimé : C:\Program Files\Conduit
Dossier Supprimé : C:\Program Files\Vuze_Remote
Fichier Supprimé : C:\Documents and Settings\Delphine\Application Data\Mozilla\Firefox\Profiles\vsv1p6pd.default\searchplugins\Askcom.xml
Fichier Supprimé : C:\Documents and Settings\Delphine\Application Data\Mozilla\Firefox\Profiles\vsv1p6pd.default\searchplugins\SearchResults.xml
Fichier Supprimé : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml

***** [Registre] *****

[*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Clé Supprimée : HKCU\Software\AppDataLow\AskBarDis
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\conduitEngine
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Clé Supprimée : HKCU\Software\Smartbar
Clé Supprimée : HKCU\Toolbar
Clé Supprimée : HKLM\SOFTWARE\AskBarDis
Clé Supprimée : HKLM\SOFTWARE\Boxore
Clé Supprimée : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Features\64A6E60055D801F4BB8AC269354B72B8
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24
Clé Supprimée : HKLM\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.software.oneclickctrl.8
Clé Supprimée : HKLM\SOFTWARE\Classes\Software.OneClickCtrl.8
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass.1
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Conduit
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\jeaihkehdlhkocphopopahkfjcfcphef
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8
Clé Supprimée : HKLM\SOFTWARE\Software
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Boxore Client]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{9CD2384C-143B-4790-A075-E7FEFE2A554B}]

***** [Registre - GUID] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{38EE5CEE-4B62-11D3-854F-00A0C9C898E7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{7555B87D-D711-48B2-B97D-04DF700652BA}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{8D670533-270B-4549-B19B-414FB9C6EBDB}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7555B87D-D711-48B2-B97D-04DF700652BA}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7555B87D-D711-48B2-B97D-04DF700652BA}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Navigateurs] *****

-\\ Internet Explorer v7.0.5730.11

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v13.0.1 (fr)

Nom du profil : default
Fichier : C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\prefs.js

C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\user.js ... Supprimé !

Supprimée : user_pref("CT2504091.129079840421401584.isToggled_item0_11", "true");
Supprimée : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Supprimée : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Supprimée : user_pref("CT2504091.FirstTime", "true");
Supprimée : user_pref("CT2504091.FirstTimeFF3", "true");
Supprimée : user_pref("CT2504091.FirstTimeSettingsDone", true);
Supprimée : user_pref("CT2504091.SettingsLastCheckTime", "Mon Oct 18 2010 00:08:03 GMT+0200");
Supprimée : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Supprimée : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Mon Oct 18 2010 00:08:02 GMT+0200");
Supprimée : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
Supprimée : user_pref("CT2504091.UserID", "UN74142667931641049");
Supprimée : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
Supprimée : user_pref("CT2504091.autoDisableScopes", -1);
Supprimée : user_pref("CT2504091.defaultSearch", "false");
Supprimée : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
Supprimée : user_pref("CT2504091.enableAlerts", "false");
Supprimée : user_pref("CT2504091.enableSearchFromAddressBar", "true");
Supprimée : user_pref("CT2504091.firstTimeDialogOpened", "true");
Supprimée : user_pref("CT2504091.fixPageNotFoundError", "true");
Supprimée : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
Supprimée : user_pref("CT2504091.fixUrls", true);
Supprimée : user_pref("CT2504091.installId", "ConduitNSISIntegration");
Supprimée : user_pref("CT2504091.installType", "ConduitNSISIntegration");
Supprimée : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Supprimée : user_pref("CT2504091.isNewTabEnabled", false);
Supprimée : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
Supprimée : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Supprimée : user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Supprimée : user_pref("CT2504091.openThankYouPage", "false");
Supprimée : user_pref("CT2504091.openUninstallPage", "false");
Supprimée : user_pref("CT2504091.search.searchAppId", "129079840422026594");
Supprimée : user_pref("CT2504091.search.searchCount", "0");
Supprimée : user_pref("CT2504091.searchInNewTabEnabled", "false");
Supprimée : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
Supprimée : user_pref("CT2504091.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}")[...]
Supprimée : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Supprimée : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Supprimée : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Supprimée : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Supprimée : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Supprimée : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Supprimée : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Supprimée : user_pref("CT2504091.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Supprimée : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1340649924177");
Supprimée : user_pref("CT2504091.serviceLayer_services_appTracking_lastUpdate", "1340649927356");
Supprimée : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1340649924037");
Supprimée : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1340649926125");
Supprimée : user_pref("CT2504091.serviceLayer_services_login_10.10.11.1_lastUpdate", "1340728300125");
Supprimée : user_pref("CT2504091.serviceLayer_services_login_10.10.12.5_lastUpdate", "1341839915081");
Supprimée : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1340649925969");
Supprimée : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1340649926236");
Supprimée : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1340649921674");
Supprimée : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1341839910211");
Supprimée : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1340649926181");
Supprimée : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1341839914075");
Supprimée : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1341839910791");
Supprimée : user_pref("CT2504091.settingsINI", true);
Supprimée : user_pref("CT2504091.shouldFirstTimeDialog", "false");
Supprimée : user_pref("CT2504091.smartbar.CTID", "CT2504091");
Supprimée : user_pref("CT2504091.smartbar.Uninstall", "0");
Supprimée : user_pref("CT2504091.smartbar.isHidden", true);
Supprimée : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
Supprimée : user_pref("CT2504091.startPage", "false");
Supprimée : user_pref("CT2504091.toolbarBornServerTime", "25-6-2012");
Supprimée : user_pref("CT2504091.toolbarCurrentServerTime", "9-7-2012");
Supprimée : user_pref("browser.search.defaultengine", "Ask.com");
Supprimée : user_pref("browser.search.defaultenginename", "Ask.com");
Supprimée : user_pref("browser.search.order.1", "Ask.com");
Supprimée : user_pref("browser.search.selectedEngine", "Ask.com");
Supprimée : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://rws.search.ke.voila.fr/RW/S/opensearch[...]

Nom du profil : default
Fichier : C:\Documents and Settings\Delphine\Application Data\Mozilla\Firefox\Profiles\vsv1p6pd.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v20.0.1132.47

Fichier : C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [15281 octets] - [09/07/2012 15:22:04]
AdwCleaner[S1].txt - [15267 octets] - [09/07/2012 23:42:06]

########## EOF - C:\AdwCleaner[S1].txt - [15396 octets] ##########
desppir
 
Messages: 31
Inscription: 04 Juil 2012, 15:48

Re: PC infecté

Messagede desppir » 09 Juil 2012, 23:24

je n'ai pas trouvé de nouveau rapport OTL alors je reposte le premier ??

OTL logfile created on: 09/07/2012 23:49:16 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Documents and Settings\Pierre\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1022,48 Mb Total Physical Memory | 399,46 Mb Available Physical Memory | 39,07% Memory free
1,90 Gb Paging File | 1,39 Gb Available in Paging File | 72,99% Paging File free
Paging file location(s): C:\pagefile.sys 1024 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 14,27 Gb Free Space | 19,15% Space Free | Partition Type: NTFS

Computer Name: NANTES | User Name: Pierre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/04 15:19:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pierre\Bureau\OTL.exe
PRC - [2012/02/27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2011/06/24 01:44:22 | 001,386,776 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2011/06/17 09:35:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Fichiers communs\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2010/09/16 10:03:34 | 000,858,624 | ---- | M] (Orange) -- C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\one\OrangeInside.exe
PRC - [2009/07/27 04:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 11:17:20 | 000,057,344 | ---- | M] (France Telecom SA) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2006/10/16 20:00:47 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2006/05/18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PRC - [2005/02/02 14:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/12/03 14:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004/10/14 13:54:32 | 000,253,952 | ---- | M] (Hewlett-Packard Company) -- C:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
PRC - [2003/12/31 16:39:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 16:44:36 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/13 16:40:29 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 16:40:10 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/13 15:01:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/13 15:00:41 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/13 15:00:18 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\016444dfc5f7e3d11c776f2fbc7a4594\Accessibility.ni.dll
MOD - [2012/05/12 16:28:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/12 16:21:46 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/12 16:21:04 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011/08/02 17:12:54 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3343.28200__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:54 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3343.28229__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:54 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3343.28221__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:54 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3343.28213__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:53 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3343.28228__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:53 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3343.28338__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:53 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3343.28315__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:53 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3343.28309__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:53 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3343.28281__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:53 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3343.28263__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:52 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3343.28213__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:51 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3343.28339__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:51 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3343.28229__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:51 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3343.28228__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:50 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3343.28288__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3343.28289__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:50 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3343.28288__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:49 | 000,172,032 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.3343.28280__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:49 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.3343.28280__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:45 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3343.28265__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:45 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3343.28301__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:45 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3343.28230__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:45 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3343.28278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:45 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:44 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3343.28310__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:44 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3343.28215__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:44 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3343.28230__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3343.28236__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:44 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3343.28278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:43 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3343.28280__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:43 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3343.28237__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2011/08/02 17:12:43 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3343.28263__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3343.28279__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:42 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2011/08/02 17:12:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2011/08/02 17:12:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2011/08/02 17:12:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2011/08/02 17:12:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2011/08/02 17:12:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2011/08/02 17:12:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2011/08/02 17:12:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2011/08/02 17:12:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2011/08/02 17:12:40 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2011/08/02 17:12:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2011/08/02 17:12:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2011/08/02 17:12:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2011/08/02 17:12:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2011/08/02 17:12:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll
MOD - [2011/08/02 17:12:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2011/08/02 17:12:37 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2011/08/02 17:12:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2011/08/02 17:12:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2011/08/02 17:12:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2011/08/02 17:12:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2011/08/02 17:12:37 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2011/08/02 17:12:36 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2011/08/02 17:12:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2011/08/02 17:12:36 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2011/08/02 17:12:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2011/08/02 17:12:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2011/08/02 17:12:36 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2011/08/02 17:12:35 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2011/08/02 17:12:35 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2011/08/02 17:12:35 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2011/08/02 17:12:34 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2011/08/02 17:12:33 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2011/08/02 17:12:32 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2011/08/02 17:12:31 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2011/08/02 17:12:31 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll
MOD - [2011/08/02 17:12:30 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3343.28368__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2011/08/02 17:12:30 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3343.28347__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2011/08/02 17:12:30 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2011/08/02 17:12:30 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2011/08/02 17:12:29 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2011/08/02 17:12:29 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2011/08/02 17:12:29 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3343.28197__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2011/08/02 17:12:28 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3343.28330__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2011/08/02 17:12:28 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2011/08/02 17:12:28 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2011/08/02 17:12:27 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3343.28321__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2011/08/02 17:12:27 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3343.28221__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2011/08/02 17:12:27 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3343.28328__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2011/08/02 17:12:27 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2011/08/02 17:12:27 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2011/08/02 17:12:27 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2011/08/02 17:12:26 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3343.28198__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2011/08/02 17:12:26 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3343.28199__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2011/08/02 17:12:26 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2011/08/02 17:12:25 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2011/08/02 17:12:24 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3343.28207__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2011/08/02 17:12:24 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2011/08/02 17:12:23 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3343.28199__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2011/08/02 17:12:23 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2011/08/02 17:12:23 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3343.28329__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2011/08/02 17:12:23 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2011/08/02 17:12:22 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3343.28198__90ba9c70f846762e\APM.Server.dll
MOD - [2011/08/02 17:12:22 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3343.28197__90ba9c70f846762e\AEM.Server.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/24 01:44:34 | 000,877,848 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2010/08/23 15:33:08 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/08/23 15:33:04 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2003/12/31 16:39:04 | 000,040,960 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/30 12:18:24 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/23 15:46:50 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/10/14 08:01:50 | 000,994,360 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011/10/14 08:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/06/17 09:33:46 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/05/20 11:13:26 | 001,055,872 | ---- | M] (France Telecom SA) [Auto | Stopped] -- C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe -- (Orange update Core Service)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2007/12/10 13:59:04 | 000,353,280 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/04 11:17:20 | 000,057,344 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2006/11/23 00:49:05 | 000,069,120 | ---- | M] (BOONTY) [Disabled | Stopped] -- C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2006/10/16 20:00:47 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2006/05/18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sis163u.sys -- (SIS163u)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/06/30 12:55:52 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011/04/30 14:00:20 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/04/30 14:00:18 | 000,039,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/04/30 14:00:06 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/04/30 13:59:56 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/09/01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/03/27 12:55:32 | 000,234,304 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SCRCAMHRDRV.sys -- (SCRCAMHRDRV)
DRV - [2009/03/25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/26 00:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/08/06 17:01:30 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay)
DRV - [2007/05/09 21:51:34 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/09 21:47:00 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/01/31 15:33:46 | 000,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 14:00:28 | 000,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2006/11/25 18:13:38 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/16 20:00:43 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaC15BA.SYS -- (CdaC15BA)
DRV - [2006/10/12 16:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/06/27 18:30:50 | 000,032,128 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2006/05/10 09:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/05/10 09:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/05/10 09:56:26 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005/05/17 14:48:21 | 000,050,176 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005/05/16 15:23:38 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005/05/16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005/03/16 14:43:06 | 000,159,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/12/15 17:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/15 17:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 17:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/11/17 12:17:58 | 000,280,192 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004/11/17 12:17:14 | 000,293,120 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2004/07/08 12:10:06 | 000,053,816 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/04/14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003/09/23 11:38:34 | 000,034,688 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2003/06/06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/23 17:21:42 | 000,036,937 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - No CLSID value found
IE - HKCU\..\URLSearchHook: {AEEC3B59-CA98-4EBA-A140-57B94E283583} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {90263499-D0B7-4DAE-8688-DC01BDDE9C64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{814C76CB-2623-43F4-AAD0-58A0E5190A20}: "URL" = http://r.orange.fr/r?ref=O_toolbar32_ho ... ie7?rdata={searchTerms}
IE - HKCU\..\SearchScopes\{90263499-D0B7-4DAE-8688-DC01BDDE9C64}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=1I7SKPT_frFR439
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage|http://www.jeuxvideo.com/ps3-playstation-3.htm|http://fr.mail.yahoo.com/|http://www.google.fr/search?q=google&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:fr:official&client=firefox-a"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: menu_contextuel_orange@orange.fr:1.0
FF - prefs.js..extensions.enabledItems: {4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}:1.2.1.0
FF - prefs.js..keyword.URL: "http://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012/06/30 16:11:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/06/30 16:11:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/01 17:29:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/07 13:05:23 | 000,000,000 | ---D | M]

[2010/04/18 13:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Extensions
[2012/07/09 15:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions
[2012/06/29 12:21:55 | 000,000,000 | ---D | M] (Vuze Remote) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/01/31 14:26:44 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions\2020Player@2020Technologies.com
[2012/07/09 15:24:00 | 000,000,000 | ---D | M] (Ghostery) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions\firefox@ghostery.com
[2012/03/21 14:35:32 | 000,000,000 | ---D | M] (SpeedFox) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions\jid1-uabu5A9hduqzCw@jetpack
[2012/01/19 14:57:04 | 000,000,000 | ---D | M] (Stylish-Custom) -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\extensions\Stylish-Custom@choggi.dyndns.org
[2011/04/18 12:38:18 | 000,001,129 | ---- | M] () -- C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\j2ziwwnr.default\searchplugins\orange.xml
[2012/05/11 16:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/31 17:16:09 | 000,616,227 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\{1E9A63EF-84EC-49A4-8D6F-2DD9524E90D0}.XPI
[2012/03/02 11:40:51 | 000,258,567 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012/06/16 18:19:54 | 000,047,658 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.XPI
[2012/03/31 17:16:09 | 000,035,733 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\ADBAN@AD-BAN.APPSPOT.COM.XPI
[2012/06/25 17:51:05 | 000,109,964 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
[2012/04/12 19:05:02 | 000,021,611 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\JSCRPTCOMMAND@MAX.MAX.XPI
[2012/03/21 23:33:18 | 000,056,364 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\PIERRE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\J2ZIWWNR.DEFAULT\EXTENSIONS\YESPOPUPSV1@PATHETICCOCKROACH.COM.XPI
[2012/03/07 12:34:43 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/02 16:19:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/07/01 17:29:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/07 12:34:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/01 17:28:57 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/07/01 17:28:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/01 17:28:57 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/07/01 17:28:57 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/07/01 17:28:57 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/07/01 17:28:57 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Software Update (Enabled) = C:\Program Files\Software\Update\1.2.195.0\npSoftwareOneClick8.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Ma-Config.com plugin (Enabled) = C:\Program Files\ma-config.com\nphardwaredetection.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Turn Off the Lights = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.81_0\
CHR - Extension: YouTube = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Recherche Google = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.30_0\
CHR - Extension: No name found = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Documents and Settings\Pierre\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
desppir
 
Messages: 31
Inscription: 04 Juil 2012, 15:48

Re: PC infecté

Messagede desppir » 09 Juil 2012, 23:24

O1 HOSTS File: ([2009/02/20 17:09:24 | 000,298,936 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 bin.errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 br.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 de.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.systemdoctor.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winantispyware.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.windrivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 download.winfixer.com ## added by CiD
O1 - Hosts: 127.0.0.1 drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorprotector.com ## added by CiD
O1 - Hosts: 127.0.0.1 errorsafe.com ## added by CiD
O1 - Hosts: 127.0.0.1 es.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winantivirus.com ## added by CiD
O1 - Hosts: 127.0.0.1 fr.winfixer.com ## added by CiD
O1 - Hosts: 10286 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [orangeinside] C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\one\OrangeInside.exe (Orange)
O4 - HKCU..\Run: [Update Service] C:\Program Files\Fichiers communs\Teknum Systems\update.exe (Teknum Systems AS)
O4 - Startup: C:\Documents and Settings\Pierre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\addfavorites_html\AddFavorites.html ()
O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html ()
O8 - Extra context menu item: envoyer par sms - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html ()
O8 - Extra context menu item: envoyer un mail - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html ()
O8 - Extra context menu item: orange.fr - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\orange_html\orange.html ()
O8 - Extra context menu item: rechercher le texte sélectionné - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html ()
O8 - Extra context menu item: traduire la page - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\translate_html\translate.html ()
O8 - Extra context menu item: traduire le texte sélectionné - C:\Documents and Settings\Pierre\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html ()
O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crl ... crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57A73C3E-0718-4B3D-BFE7-BFA827A3BCC0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Pierre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Pierre\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{62cad41c-67a2-11e0-8ea6-001636252aa2}\Shell - "" = AutoRun
O33 - MountPoints2\{62cad41c-67a2-11e0-8ea6-001636252aa2}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{8bf39677-128b-11db-83af-00032f42d6e3}\Shell - "" = AutoRun
O33 - MountPoints2\{8bf39677-128b-11db-83af-00032f42d6e3}\Shell\AutoRun\command - "" = E:\ReadMe.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (stera)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/04 15:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/07/04 15:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2012/07/04 15:29:05 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Pierre\Bureau\erunt-setup.exe
[2012/07/04 15:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2012/07/04 15:24:12 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/04 15:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/04 15:22:26 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Pierre\Bureau\mbam-setup-1.61.0.1400.exe
[2012/07/04 15:19:28 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pierre\Bureau\OTL.exe
[2012/07/03 21:11:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Pierre\Recent
[2012/07/02 23:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2012/07/02 16:56:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/30 12:59:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Kaspersky Anti-Virus 2012
[2012/06/30 12:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/06/30 12:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2012/06/30 12:55:52 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/06/25 20:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pierre\Mes documents\Nouveau dossier
[2012/06/25 20:44:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Pierre\.swt
[2012/06/25 20:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2007/08/06 17:01:30 | 000,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\Pierre\Application Data\ezplay.sys
[2007/04/04 13:04:48 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Pierre\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/09 23:56:00 | 000,001,078 | ---- | M] () -- C:\WINDOWS\tasks\SoftwareUpdateTaskMachineUA.job
[2012/07/09 23:48:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/09 23:47:10 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/07/09 23:45:53 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/09 23:45:47 | 000,001,074 | ---- | M] () -- C:\WINDOWS\tasks\SoftwareUpdateTaskMachineCore.job
[2012/07/09 23:45:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/09 23:45:03 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/09 16:28:00 | 000,001,152 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4244454421-547473314-2425234851-1006UA.job
[2012/07/09 16:19:04 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/09 15:20:55 | 000,618,655 | ---- | M] () -- C:\Documents and Settings\Pierre\Bureau\adwcleaner.exe
[2012/07/04 16:00:27 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/07/04 15:31:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Pierre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2012/07/04 15:31:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Pierre\Bureau\ERUNT.lnk
[2012/07/04 15:30:38 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Pierre\Bureau\erunt-setup.exe
[2012/07/04 15:24:17 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/07/04 15:22:46 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Pierre\Bureau\mbam-setup-1.61.0.1400.exe
[2012/07/04 15:19:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pierre\Bureau\OTL.exe
[2012/07/03 22:59:22 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Pierre\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers iTunes.exe.lnk
[2012/07/03 19:43:00 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Pierre\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/03 19:28:04 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4244454421-547473314-2425234851-1006Core.job
[2012/06/30 13:08:42 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Pierre\Local Settings\Application Data\WebpageIcons.db
[2012/06/30 12:59:17 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/06/30 12:59:17 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/06/30 12:55:52 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/06/30 12:46:33 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/06/29 21:34:37 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\Pierre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/25 20:44:08 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Pierre\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/06/13 17:06:19 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/13 16:36:35 | 000,511,832 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/06/13 16:36:34 | 000,442,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/13 16:36:34 | 000,085,832 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/06/13 16:36:34 | 000,072,228 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/12 14:19:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/09 15:20:42 | 000,618,655 | ---- | C] () -- C:\Documents and Settings\Pierre\Bureau\adwcleaner.exe
[2012/07/04 16:00:27 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/07/04 15:31:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Pierre\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2012/07/04 15:31:30 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Pierre\Bureau\ERUNT.lnk
[2012/07/04 15:24:17 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/07/03 22:59:22 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\Microsoft\Internet Explorer\Quick Launch\Raccourci vers iTunes.exe.lnk
[2012/07/02 23:17:23 | 000,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GIMP 2.lnk
[2012/06/30 13:08:29 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Pierre\Local Settings\Application Data\WebpageIcons.db
[2012/06/30 12:59:17 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/06/30 12:59:17 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/06/25 20:44:08 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2012/06/25 20:44:04 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Vuze.lnk
[2012/02/15 15:58:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/10 16:19:36 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/08/02 17:18:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/08/02 17:10:58 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2011/01/10 13:10:06 | 000,221,184 | --S- | C] () -- C:\WINDOWS\System32\glut32.dll
[2009/08/27 14:59:50 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\setup_ldm.iss
[2007/08/06 17:01:30 | 000,007,861 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\ezplay.cat
[2007/08/06 17:01:30 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\ezplay.inf
[2007/08/06 17:01:30 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\ezplay.ini
[2007/04/04 13:04:48 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\ezpinst.exe
[2007/04/04 13:04:48 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\pcouffin.cat
[2007/04/04 13:04:48 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\pcouffin.inf
[2006/04/16 15:25:34 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/14 20:08:28 | 000,103,424 | ---- | C] () -- C:\Documents and Settings\Pierre\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/13 00:37:16 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[2006/03/30 00:15:30 | 000,041,922 | ---- | C] () -- C:\Documents and Settings\Pierre\Application Data\wklnhst.dat
[2006/03/29 23:40:50 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Pierre\Local Settings\Application Data\fusioncache.dat
[2001/01/30 10:06:02 | 000,099,008 | ---- | C] () -- C:\Program Files\Win2000PPAHotfix.exe

========== LOP Check ==========

[2011/11/01 14:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/06/20 13:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/06/30 12:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/08/24 15:38:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/24 16:06:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/08/29 22:13:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2008/08/26 20:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2006/03/30 00:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2012/03/09 19:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Martau
[2011/07/26 15:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Orange
[2008/06/18 18:10:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2012/06/18 14:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoStitch
[2009/09/08 15:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/08 15:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2007/06/20 17:58:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Up Window Inside About
[2012/06/01 18:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2009/03/13 19:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/11/19 17:32:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/08 15:35:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
[2009/11/21 16:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/11/01 14:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\ACD Systems
[2012/07/03 21:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Azureus
[2012/01/08 12:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Canon
[2010/08/24 15:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Canon Easy-WebPrint EX
[2006/07/25 01:01:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\DeepBurner
[2011/08/02 17:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Leadertech
[2006/10/09 12:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\MSNInstaller
[2008/06/18 18:11:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Nokia
[2009/10/25 20:36:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Nokia Multimedia Player
[2011/04/18 12:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Orange
[2008/06/18 18:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\PC Suite
[2006/03/30 00:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Template
[2009/09/08 15:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\TuneUp Software
[2012/02/03 15:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\Vso
[2012/06/01 18:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pierre\Application Data\WindSolutions
[2012/07/09 23:45:47 | 000,001,074 | ---- | M] () -- C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineCore.job
[2012/07/09 23:56:00 | 000,001,078 | ---- | M] () -- C:\WINDOWS\Tasks\SoftwareUpdateTaskMachineUA.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:820563D3

< End of report >
desppir
 
Messages: 31
Inscription: 04 Juil 2012, 15:48

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 8 invités