Forums Zebulon.fr: Trojan Bundespolizei – f0ele - Forums Zebulon.fr

Bonjour a tous,

J'ai moi aussi attrapper ce virus, je ne sais vraiment plus quoi faire, mon ordinateur ne veut plus demarrer, voici le rapport apres une analyse OTLPE

OTL logfile created on: 12/19/2011 6:28:33 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 24.42 Gb Total Space | 2.97 Gb Free Space | 12.17% Space Free | Partition Type: NTFS
Drive D: | 50.11 Gb Total Space | 2.42 Gb Free Space | 4.84% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2011/12/15 11:09:06 | 000,056,320 | -H-- | M] () [Auto] -- C:\WINNT\system32\41759070AD310639DBA0.sys -- (MSUNatService)
SRV - [2011/06/08 06:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/30 08:31:44 | 000,507,904 | ---- | M] (Siemens IT Solutions and Services GmbH) [Auto] -- C:\WINNT\CATPC\mosaic\MBEService\MBESrvS.exe -- (MBEService)
SRV - [2011/03/10 17:32:22 | 000,632,176 | ---- | M] (Juniper Networks) [Auto] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/10/14 11:40:16 | 001,349,920 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\OfficeScan NT\tmlisten.exe -- (tmlisten)
SRV - [2010/10/14 11:30:20 | 001,418,672 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\OfficeScan NT\ntrtscan.exe -- (ntrtscan)
SRV - [2010/07/23 09:34:26 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/01/07 05:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\OfficeScan NT\TmProxy.exe -- (TmProxy)
SRV - [2008/07/02 07:25:52 | 000,607,744 | ---- | M] (Siemens AG) [Auto] -- C:\WINNT\CATPC\CATSYS\CatSystemSvc.exe -- (CatSystemSvc)
SRV - [2008/01/08 17:00:00 | 000,057,344 | ---- | M] (O2Micro International) [Auto] -- C:\WINNT\system32\o2flash.exe -- (O2Flash)
SRV - [2007/12/18 10:57:34 | 000,416,864 | ---- | M] (Fiberlink Communications Corp.) [Auto] -- C:\Program Files\SFR Global Access\SFR Global Access\ServiceMgr.exe -- (ServiceMgr)
SRV - [2007/12/18 10:57:32 | 000,105,568 | ---- | M] (Fiberlink Communications Corp.) [Auto] -- C:\Program Files\SFR Global Access\SFR Global Access\FLUtilsSvc.exe -- (FLUtilsSvc)
SRV - [2007/12/18 04:48:40 | 000,196,704 | ---- | M] (OptionNV) [Auto] -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007/02/25 15:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2006/10/12 13:30:46 | 002,138,112 | ---- | M] (BigFix Inc.) [Auto] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)
SRV - [2006/02/08 20:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2006/02/08 20:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)
SRV - [2004/09/10 01:32:48 | 000,053,248 | ---- | M] (Brother Industries, Ltd.) [Auto] -- C:\WINNT\System32\BrmfBAgS.exe -- (brmfbags)
SRV - [2004/04/17 23:11:14 | 000,036,864 | ---- | M] () [Auto] -- C:\Program Files\BackupPC\cygrunsrv.exe -- (BackupPC)
SRV - [2002/06/20 12:52:30 | 000,065,536 | ---- | M] () [Auto] -- C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe -- (CBBS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (Netaapl)
DRV - File not found [Kernel | On_Demand] -- -- (MBX2MIDK)
DRV - File not found [Kernel | On_Demand] -- -- (MBX2DFU)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/08/07 02:40:40 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINNT\system32\drivers\sptd.sys -- (sptd)
DRV - [2011/07/12 04:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\OfficeScan NT\TmXpflt.sys -- (TmFilter)
DRV - [2011/07/12 04:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\OfficeScan NT\TmPreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 04:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\OfficeScan NT\vsapiNT.sys -- (VSApiNt)
DRV - [2011/05/18 03:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 03:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 03:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 03:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/11/08 13:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\WINNT\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/08/27 09:39:05 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\VMM.sys -- (vmm)
DRV - [2010/07/23 09:25:46 | 000,062,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2010/07/23 09:25:38 | 000,052,304 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2010/07/23 09:25:30 | 000,163,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2010/02/24 05:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINNT\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010/02/18 19:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\tcpip6.sys -- (tcpip6)
DRV - [2010/01/26 21:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\npf.sys -- (npf)
DRV - [2009/08/03 07:06:52 | 000,129,176 | ---- | M] (Alesis) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\AlesisFirewire.sys -- (AlesisFirewire)
DRV - [2009/08/03 07:06:52 | 000,030,872 | ---- | M] (Alesis) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\AlesisFirewireMidi.sys -- (AlesisFirewireMidi)
DRV - [2009/08/03 07:06:52 | 000,028,184 | ---- | M] (Alesis) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\AlesisFirewireAudio.sys -- (AlesisFirewireAudio)
DRV - [2008/12/03 21:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2008/09/19 03:04:00 | 000,290,432 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 22:51:44 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\mf.sys -- (mf)
DRV - [2008/01/08 17:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2007/12/18 10:28:24 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand] -- C:\Program Files\SFR Global Access\SFR Global Access\FIBWLANAPI5.sys -- (FIBWLANAPI5)
DRV - [2007/06/21 06:58:32 | 000,547,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/06/11 08:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/05/24 08:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/05/21 17:00:00 | 000,095,616 | ---- | M] (O2Micro) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ozscr.sys -- (O2SCBUS)
DRV - [2007/04/24 08:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/16 22:25:12 | 000,035,328 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\gtf32bus.sys -- (GTF32BUS)
DRV - [2007/04/16 22:25:12 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2007/03/11 20:32:40 | 004,486,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/01 11:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/01/28 23:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007/01/22 04:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/20 11:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/10 13:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/09/28 09:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/06/28 21:13:08 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/02/08 20:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2006/02/08 20:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\kbstuff5.sys -- (kbstuff)
DRV - [2006/02/08 20:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\idisw2km.sys -- (idisw2km)
DRV - [2005/11/01 14:06:36 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto] -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)
DRV - [2005/09/27 01:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINNT\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2005/09/23 00:48:44 | 000,028,544 | ---- | M] (O2Micro ) [Kernel | Boot] -- C:\WINNT\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2005/06/06 17:35:38 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/03/31 22:41:26 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/01/06 23:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/01/16 21:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\fuj02e3.sys -- (FUJ02E3)
DRV - [2001/08/17 07:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\BrParImg.sys -- (brparimg)
DRV - [2001/08/17 07:12:18 | 000,039,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\BrParwdm.sys -- (BrParWdm)
DRV - [2001/08/17 07:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\BrFilt.sys -- (brfilt)
DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 06:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\enum1394.sys -- (ENUM1394)
DRV - [2001/08/01 15:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\fuj02b1.sys -- (FUJ02B1)
DRV - [2000/02/22 09:46:40 | 000,009,152 | ---- | M] () [Kernel | Auto] -- C:\WINNT\System32\drivers\Ticalc.sys -- (TICalc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = https://portal.siemens.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61111

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.siemens.fr
IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.siemens.fr
IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France
IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 30 69 4D EC 79 CC 01 [binary data]
IE - HKU\fr025451_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\fr025451_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\fr025451_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.123.2:81
IE - HKU\fr025451_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxyconf-uba.siemens.net/


IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=<proxyserver>:<Port>;https=<proxyserver>:<Port>;ftp=<proxyserver>:<Port>;gopher=localhost:1;socks=<proxyserver>:<Port>
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.fr001.s...files/proxy.pac



========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2
FF - prefs.js..extensions.enabledItems: RenaultTheme@tomtom.com:2.8.0.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/10/25 12:31:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/10/25 12:31:16 | 000,000,000 | ---D | M]

[2011/10/27 09:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fr025451\Application Data\Mozilla\Extensions
[2009/12/08 15:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fr025451\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/10/27 09:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/06 07:21:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/27 12:13:57 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM
[2011/07/06 07:21:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/12/16 14:03:32 | 000,000,834 | ---- | M]) - C:\WINNT\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 139.10.13.45 user.sbs.fr
O1 - Hosts: 139.16.69.65 CHLGSAS1
O1 - Hosts: 139.16.69.67 NGAS2
O1 - Hosts: 74.208.105.171 gs.apple.com
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (wiseHelper Class) - {9BF12F0E-67C3-41db-A597-8AEA428FEAC0} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINNT\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [backupdir] C:\Program Files\BackupPC\backupdir.exe ()
O4 - HKLM..\Run: [backuppc_notif] C:\Program Files\BackupPC\BPNotification.exe (Siemens Business Services)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DirXconnect settings] C:\Program Files\Siemens\DIRXDISCOVER\dxdSetup.exe (Siemens AG)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LtMoh] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\OfficeScan NT\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [SIECAST] C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens AG)
O4 - HKLM..\Run: [SSRPM Enrollment Wizard] C:\Program Files\Tools4ever\SSRPM\Enrollment Wizard\SSRPMEnroll.exe (Tools4ever)
O4 - HKLM..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [USM] C:\Program Files\Siemens\USM\USM.exe (Siemens AG)
O4 - HKLM..\Run: [WDF_Mon] C:\Program Files\Windows Desktop Firewall Monitor\WDFMON.EXE (Siemens IT Solutions and Services)
O4 - HKU\fr025451_ON_C..\Run: [] File not found
O4 - HKU\fr025451_ON_C..\Run: [chromium] File not found
O4 - HKU\fr025451_ON_C..\Run: [MsnMsgr] File not found
O4 - HKU\fr025451_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\.DEFAULT..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - HKU\Inst2000_MED_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\La Chaîne Météo.lnk = C:\Program Files\La Chaîne Météo\La Chaîne Météo.exe ()
O4 - Startup: C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for iPhone\PdaNetPC.exe ()
O4 - Startup: C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\Thoosje Sidebar.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\MAIN present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: nointernetopenwith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1800
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\fr025451_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\fr025451_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\fr025451_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\fr025451_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = access.cpl (Microsoft Corporation)
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = Administrative Tools
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 3 = fax.cpl
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 4 = Fonts
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 5 = hdwwiz.cpl (Microsoft Corporation)
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 6 = inetcpl.cpl (Microsoft Corporation)
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 7 = irprops.cpl (Microsoft Corporation)
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 8 = joy.cpl (Microsoft Corporation)
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 9 = Network and Dial-up Connections
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 10 = nusrmgr.cpl (Microsoft Corporation)
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 11 = nwc.cpl (Microsoft Corporation)
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 12 = Scheduled Tasks
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 13 = sticpl.cpl
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 14 = telephon.cpl (Microsoft Corporation)
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConnectHomeDirToRoot = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\Inst2000_MED_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Inst2000_MED_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\Inst2000_MED_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\Inst2000_MED_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\Inst2000_MED_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra Button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: gouv.fr ([*.impots] * in Local intranet)
O15 - HKLM\..Trusted Domains: gouv.fr ([*.ir.dgi.minefi] * in Local intranet)
O15 - HKLM\..Trusted Domains: gouv.fr ([tva.dgi.minefi] * in Local intranet)
O15 - HKLM\..Trusted Domains: infineon.com ([*.extra-eu] * in Local intranet)
O15 - HKLM\..Trusted Domains: nokiasiemensnetworks.be ([intranet] https in Sites de confiance)
O15 - HKLM\..Trusted Domains: sbs.fr ([*.par] * in Sites de confiance)
O15 - HKLM\..Trusted Domains: sbs.fr ([its.par] * in Sites de confiance)
O15 - HKLM\..Trusted Domains: sbs.fr ([sdso158a.par] * in Sites de confiance)
O15 - HKLM\..Trusted Domains: siemens.com ([*.automation] * in Sites de confiance)
O15 - HKLM\..Trusted Domains: siemens.fr ([*.mti] * in Sites de confiance)
O15 - HKLM\..Trusted Domains: siemens.fr ([*.par] * in Sites de confiance)
O15 - HKLM\..Trusted Domains: siemens.fr ([sdso158a.par] * in Sites de confiance)
O15 - HKU\.DEFAULT\..Trusted Domains: gouv.fr ([*.impots] * in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: gouv.fr ([*.ir.dgi.minefi] * in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: gouv.fr ([tva.dgi.minefi] * in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: infineon.com ([*.extra-eu] * in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: nokiasiemensnetworks.be ([intranet] https in Sites de confiance)
O15 - HKU\.DEFAULT\..Trusted Domains: sbs.fr ([*.par] * in Sites de confiance)
O15 - HKU\.DEFAULT\..Trusted Domains: sbs.fr ([its.par] * in Sites de confiance)
O15 - HKU\.DEFAULT\..Trusted Domains: sbs.fr ([sdso158a.par] * in Sites de confiance)
O15 - HKU\.DEFAULT\..Trusted Domains: siemens.com ([*.automation] * in Sites de confiance)
O15 - HKU\.DEFAULT\..Trusted Domains: siemens.fr ([*.mti] * in Sites de confiance)
O15 - HKU\.DEFAULT\..Trusted Domains: siemens.fr ([*.par] * in Sites de confiance)
O15 - HKU\.DEFAULT\..Trusted Domains: siemens.fr ([sdso158a.par] * in Sites de confiance)
O15 - HKU\fr025451_ON_C\..Trusted Domains: gouv.fr ([*.impots] * in Local intranet)
O15 - HKU\fr025451_ON_C\..Trusted Domains: gouv.fr ([*.ir.dgi.minefi] * in Local intranet)
O15 - HKU\fr025451_ON_C\..Trusted Domains: gouv.fr ([tva.dgi.minefi] * in Local intranet)
O15 - HKU\fr025451_ON_C\..Trusted Domains: infineon.com ([*.extra-eu] * in Local intranet)
O15 - HKU\fr025451_ON_C\..Trusted Domains: nokiasiemensnetworks.be ([intranet] https in Sites de confiance)
O15 - HKU\fr025451_ON_C\..Trusted Domains: sbs.fr ([*.par] * in Sites de confiance)
O15 - HKU\fr025451_ON_C\..Trusted Domains: sbs.fr ([its.par] * in Sites de confiance)
O15 - HKU\fr025451_ON_C\..Trusted Domains: sbs.fr ([sdso158a.par] * in Sites de confiance)
O15 - HKU\fr025451_ON_C\..Trusted Domains: siemens.com ([*.automation] * in Sites de confiance)
O15 - HKU\fr025451_ON_C\..Trusted Domains: siemens.fr ([*.mti] * in Sites de confiance)
O15 - HKU\fr025451_ON_C\..Trusted Domains: siemens.fr ([*.par] * in Sites de confiance)
O15 - HKU\fr025451_ON_C\..Trusted Domains: siemens.fr ([sdso158a.par] * in Sites de confiance)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://localhost:808...ins/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanne..._IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {7066F4E2-EABF-4F73-90E6-F01D18000F56} http://localhost:808.../Annotation.cab (Annotation Control)
O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} http://localhost:808...ns/tsccinst.cab (TSCCInstall Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} http://www.digitalpu...aunchPlugin.cab (dp Launcher Plugin)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config...fig_5_1_5_0.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ura.siemens....SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr001.siemens.net
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAPpc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAPpc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\System32\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (CatUInit) - C:\WINNT\System32\CatUInit.exe (Siemens AG)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\41759070AD310639DBA0.exe) - C:\WINNT\system32\41759070AD310639DBA0.exe ()
O20 - HKLM Winlogon: GinaDLL - (SSRPMGINA.dll) - C:\WINNT\System32\SSRPMGINA.dll (Tools4ever)
O20 - Winlogon\Notify\FLWLEvents: DllName - C:\Program Files\SFR Global Access\SFR Global Access\FiberlinkNetProv.dll - C:\Program Files\SFR Global Access\SFR Global Access\FiberlinkNetProv.dll (Fiberlink Communications Corp.)
O20 - Winlogon\Notify\PSUTY: DllName - PSUWNP.dll - C:\WINNT\System32\PSUWNP.dll (FUJITSU LIMITED)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/30 06:26:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found




ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0E9A3196-39EA-409D-8EB4-20D7FABC191A} - Microsoft .NET Framework 1.0 Hotfix (KB928367)
ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007 R2
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {14303301-758B-402B-9A0D-2C6A591680DB} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework
ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)
ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINNT\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINNT\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINNT\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINNT\system32\rundll32.exe" "C:\WINNT\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - ir32_32.dll File not found
Drivers32: vidc.iv32 - ir32_32.dll File not found
Drivers32: vidc.iv41 - ir41_32.ax File not found
Drivers32: vidc.iv50 - ir50_32.dll File not found
Drivers32: vidc.tscc - C:\WINNT\System32\tsccvid.dll (TechSmith Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/12/19 11:43:41 | 001,036,288 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\explorer.exe
[2011/12/19 11:42:37 | 001,036,288 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\explorer.exe
[2011/12/19 05:56:38 | 000,000,000 | ---D | C] -- C:\WINNT\LastGood
[2011/12/19 02:40:22 | 000,000,000 | ---D | C] -- C:\1d3277359ecc08439e9e6c6b2643
[2011/12/18 22:31:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/18 22:20:43 | 026,705,144 | ---- | C] (Emsi Software GmbH ) -- C:\EmsisoftAntiMalwareSetup.exe
[2011/12/18 22:17:28 | 000,000,000 | ---D | C] -- C:\ZHPDiag
[2011/12/18 21:36:55 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2011/12/18 21:27:12 | 001,036,288 | ---- | C] (Microsoft Corporation) -- C:\explorer.exe
[2011/12/18 17:01:41 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/12/18 13:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\~Backup
[2011/12/16 17:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/16 17:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/16 17:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/16 11:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Mariage Pierre Yves
[2011/12/15 15:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\BSP 200.2
[2011/12/15 15:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Documents Siemens
[2011/12/12 11:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Tatouage
[2011/12/12 03:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Application Data\VDownloader
[2011/12/12 03:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Local Settings\Application Data\VDownloader
[2011/12/12 03:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/12/12 03:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VDownloader
[2011/12/12 03:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\VDownloader
[2011/12/12 03:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Xi
[2011/12/11 09:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Maison Roquefort la Bedoule
[2011/12/09 17:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/12/09 17:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/09 17:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/09 11:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/12/09 11:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/12/09 07:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/12/08 04:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Application Data\com.adobe.example.widget.F826D533138FC008516DC0DE4625BA08DCDBC443.1
[2011/12/08 04:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\La Chaîne Météo
[2011/12/08 04:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/12/08 03:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Local Settings\Application Data\Stardock
[2011/12/08 03:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Thoosje Vista Sidebar
[2011/12/06 07:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Idées de terrasse
[2011/12/06 03:27:03 | 000,000,000 | ---D | C] -- C:\CB-DOC
[2011/12/06 03:26:54 | 000,000,000 | ---D | C] -- C:\WINNT\A6W_DATA
[2011/12/05 16:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Local Settings\Application Data\Google
[2011/12/05 06:11:13 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaws.exe
[2011/12/05 06:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaw.exe
[2011/12/05 06:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\java.exe
[2011/11/27 12:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V
[2011/11/24 14:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Photos pour retirages gratuit
[2009/10/30 07:48:10 | 003,125,248 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2009/10/30 07:48:09 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2009/10/30 07:48:09 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2009/10/30 07:48:08 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[2008/04/13 17:30:00 | 000,554,008 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao360.dll
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/19 05:55:43 | 000,000,002 | -HS- | M] () -- C:\Documents and Settings\fr025451\RECYCLER
[2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/12/19 05:55:10 | 000,000,248 | -H-- | M] () -- C:\WINNT\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/12/19 05:54:00 | 000,000,509 | ---- | M] () -- C:\WINNT\SMSCFG.ini
[2011/12/19 05:53:11 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2011/12/19 05:53:09 | 2135,756,800 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/18 22:20:43 | 026,705,144 | ---- | M] (Emsi Software GmbH ) -- C:\EmsisoftAntiMalwareSetup.exe
[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\explorer.exe
[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\explorer.exe
[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\explorer.exe
[2011/12/16 17:17:16 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/16 17:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/12/16 17:04:03 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job
[2011/12/16 16:05:42 | 000,000,069 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2011/12/16 16:03:15 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\fr025451\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/16 11:48:24 | 000,030,346 | RHS- | M] () -- C:\Documents and Settings\fr025451\ntuser.pol
[2011/12/16 11:14:00 | 000,016,322 | ---- | M] () -- C:\WINNT\cfgall.ini
[2011/12/16 08:42:22 | 000,057,494 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/12/16 07:38:16 | 000,000,350 | ---- | M] () -- C:\WINNT\tasks\At1.job
[2011/12/16 01:50:46 | 000,513,246 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2011/12/16 01:50:45 | 000,092,106 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2011/12/15 11:09:07 | 000,056,320 | -H-- | M] () -- C:\WINNT\System32\41759070AD310639DBA0.exe
[2011/12/15 11:09:06 | 000,056,320 | -H-- | M] () -- C:\WINNT\System32\41759070AD310639DBA0.sys
[2011/12/15 03:32:37 | 000,075,763 | ---- | M] () -- C:\WINNT\Run32S60.mch
[2011/12/15 03:16:16 | 000,000,035 | ---- | M] () -- C:\WINNT\A6W.INI
[2011/12/14 20:54:40 | 000,505,427 | ---- | M] () -- C:\Documents and Settings\fr025451\Desktop\Nouvelle_reglementation2008.pdf
[2011/12/14 13:44:36 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\fr025451\Application Data\Microsoft\Internet Explorer\Quick Launch\Siemens Healthcare SPC (2).lnk
[2011/12/13 04:14:09 | 000,225,302 | ---- | M] () -- C:\Documents and Settings\fr025451\Desktop\__partenaires.ticketnet.fr_recapcommande.pdf
[2011/12/12 14:15:28 | 000,138,464 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/12/12 03:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VDownloader
[2011/12/10 03:45:26 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2011/12/09 17:50:46 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/12/09 17:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/12/09 11:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/12/09 07:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/12/09 02:50:54 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\La Chaîne Météo.lnk
[2011/12/09 02:33:01 | 000,000,526 | ---- | M] () -- C:\WINNT\AWSHKWV.INI
[2011/12/08 04:28:11 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\La Chaîne Météo.lnk
[2011/12/08 03:26:38 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\Thoosje Sidebar.lnk
[2011/12/07 13:33:02 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\fr025451\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Communicator 2007 R2.lnk
[2011/12/07 09:39:01 | 000,244,720 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2011/12/06 13:50:14 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh324
[2011/12/05 08:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer
[2011/12/05 02:19:45 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\fr025451\Application Data\Microsoft\Internet Explorer\Quick Launch\Spotify.lnk
[2011/12/02 05:48:25 | 000,000,386 | ---- | M] () -- C:\WINNT\BrmfBidi.ini
[2011/11/24 15:50:24 | 000,002,250 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oceanlog 2.x.lnk
[2011/11/23 19:08:10 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh323
[2011/11/23 19:08:10 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh322
[2011/11/23 19:08:10 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh321
[2011/11/23 19:08:10 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh320
[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh324
[2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh323
[2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh322
[2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh321
[2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh320
[2011/12/16 17:17:16 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/12/15 11:09:07 | 000,056,320 | -H-- | C] () -- C:\WINNT\System32\41759070AD310639DBA0.exe
[2011/12/15 11:09:06 | 000,056,320 | -H-- | C] () -- C:\WINNT\System32\41759070AD310639DBA0.sys
[2011/12/14 20:54:40 | 000,505,427 | ---- | C] () -- C:\Documents and Settings\fr025451\Desktop\Nouvelle_reglementation2008.pdf
[2011/12/13 04:14:06 | 000,225,302 | ---- | C] () -- C:\Documents and Settings\fr025451\Desktop\__partenaires.ticketnet.fr_recapcommande.pdf
[2011/12/12 03:23:52 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2011/12/09 17:50:46 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/12/08 04:29:32 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\La Chaîne Météo.lnk
[2011/12/08 04:28:11 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\La Chaîne Météo.lnk
[2011/12/08 03:26:38 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\Thoosje Sidebar.lnk
[2011/12/06 03:30:46 | 000,075,763 | ---- | C] () -- C:\WINNT\Run32S60.mch
[2011/12/06 03:26:54 | 000,000,035 | ---- | C] () -- C:\WINNT\A6W.INI
[2011/12/06 03:26:53 | 000,000,526 | ---- | C] () -- C:\WINNT\AWSHKWV.INI
[2011/12/05 02:19:45 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\Microsoft\Internet Explorer\Quick Launch\Spotify.lnk
[2011/09/28 12:23:51 | 000,221,184 | --S- | C] () -- C:\WINNT\System32\glut32.dll
[2011/05/27 06:00:37 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\$_hpcst$.hpc
[2011/03/04 16:53:10 | 000,000,098 | ---- | C] () -- C:\WINNT\WirelessFTP.INI
[2011/02/12 03:12:36 | 000,000,209 | ---- | C] () -- C:\WINNT\Brpfx04a.ini
[2011/02/12 03:12:36 | 000,000,092 | ---- | C] () -- C:\WINNT\brpcfx.ini
[2011/02/12 03:12:36 | 000,000,052 | ---- | C] () -- C:\WINNT\BRPP2KA.INI
[2011/01/28 17:02:23 | 000,138,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/02 15:25:37 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\PnkBstrK.sys
[2011/01/02 15:25:33 | 000,103,736 | ---- | C] () -- C:\WINNT\System32\PnkBstrB.exe
[2011/01/02 15:24:10 | 000,066,872 | ---- | C] () -- C:\WINNT\System32\PnkBstrA.exe
[2010/12/23 14:12:06 | 000,005,763 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\5C8E.4C1
[2010/11/29 08:37:31 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat
[2010/11/04 11:45:37 | 000,009,152 | ---- | C] () -- C:\WINNT\System32\drivers\Ticalc.sys
[2010/11/04 11:45:37 | 000,000,711 | ---- | C] () -- C:\WINNT\Wlink89.ini
[2010/08/18 07:54:42 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
[2010/07/23 03:25:52 | 000,129,423 | ---- | C] () -- C:\WINNT\Install_IE7_CATS_after_reboot.EXE
[2010/07/23 03:15:34 | 000,183,134 | ---- | C] () -- C:\WINNT\refresh_desktop.exe
[2010/06/27 12:38:14 | 000,000,042 | ---- | C] () -- C:\WINNT\ce52e.INI
[2010/05/27 12:13:46 | 000,000,095 | ---- | C] () -- C:\WINNT\p7vrvisx.INI
[2010/05/27 11:42:36 | 000,020,480 | ---- | C] () -- C:\WINNT\CallUninst.exe
[2010/02/15 06:10:55 | 000,035,000 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat
[2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- C:\WINNT\System32\pthreadVC.dll
[2010/01/15 10:09:36 | 000,000,097 | ---- | C] () -- C:\WINNT\SIM_HM.INI
[2009/12/11 06:44:24 | 000,000,185 | ---- | C] () -- C:\WINNT\aristos.INI
[2009/12/08 03:26:21 | 000,217,088 | ---- | C] () -- C:\WINNT\System32\qtmlClient.dll
[2009/11/25 03:43:18 | 000,002,143 | ---- | C] () -- C:\WINNT\xcs_err.ini
[2009/11/25 03:43:17 | 000,121,920 | R--- | C] () -- C:\WINNT\spc_find.exe
[2009/11/25 03:43:16 | 000,017,343 | ---- | C] () -- C:\WINNT\ACSCOM.DLL
[2009/11/25 03:43:16 | 000,001,221 | ---- | C] () -- C:\WINNT\card_xcs.ini
[2009/11/25 03:43:16 | 000,000,208 | ---- | C] () -- C:\WINNT\fl_co_.ini
[2009/11/25 03:43:16 | 000,000,058 | ---- | C] () -- C:\WINNT\cardxcs_.ini
[2009/11/24 04:21:40 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\fr025451\BackupPcError.dat
[2009/11/13 09:15:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\wgjpi.data
[2009/11/12 10:06:06 | 000,716,800 | R--- | C] () -- C:\WINNT\System32\Memorybar.exe
[2009/11/03 04:28:18 | 000,000,019 | ---- | C] () -- C:\WINNT\nt_test.ini
[2009/11/01 16:01:10 | 000,116,224 | ---- | C] () -- C:\WINNT\System32\pdfcmnnt.dll
[2009/10/31 04:40:41 | 000,130,406 | ---- | C] () -- C:\WINNT\manual_catupd.EXE
[2009/10/30 18:07:15 | 000,000,386 | ---- | C] () -- C:\WINNT\BrmfBidi.ini
[2009/10/30 18:06:44 | 000,000,441 | ---- | C] () -- C:\WINNT\BRWMARK.INI
[2009/10/30 18:06:44 | 000,000,065 | ---- | C] () -- C:\WINNT\System32\BD7225N.DAT
[2009/10/30 18:04:21 | 000,000,052 | ---- | C] () -- C:\WINNT\System32\BrmfBAgP.ini
[2009/10/30 18:04:21 | 000,000,036 | ---- | C] () -- C:\WINNT\System32\BrmfBiPP.dat
[2009/10/30 18:04:21 | 000,000,029 | ---- | C] () -- C:\WINNT\System32\BrmfBAgS.ini
[2009/10/30 17:55:10 | 000,000,000 | ---- | C] () -- C:\WINNT\PROTOCOL.INI
[2009/10/30 14:11:38 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4785.dll
[2009/10/30 14:11:37 | 000,701,840 | ---- | C] () -- C:\WINNT\System32\igmedkrn.dll
[2009/10/30 14:10:07 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat
[2009/10/30 14:10:02 | 000,513,246 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[2009/10/30 14:10:02 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[2009/10/30 14:10:02 | 000,092,106 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[2009/10/30 14:10:02 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[2009/10/30 14:10:00 | 000,004,463 | ---- | C] () -- C:\WINNT\System32\oembios.dat
[2009/10/30 14:09:59 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin
[2009/10/30 14:09:55 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[2009/10/30 14:09:46 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[2009/10/30 14:09:46 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[2009/10/30 14:09:29 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[2009/10/30 14:09:18 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\Dcache.bin
[2009/10/30 08:34:37 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2009/10/30 08:34:32 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\fr025451\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/30 08:25:04 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\fr025451\Local Settings\Application Data\fusioncache.dat
[2009/10/30 08:19:08 | 000,048,687 | ---- | C] () -- C:\WINNT\SBSPOP01.exe
[2009/10/30 08:16:51 | 000,000,509 | ---- | C] () -- C:\WINNT\SMSCFG.ini
[2009/10/30 08:06:36 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\fr025451\RECYCLER
[2009/10/30 08:04:24 | 000,030,346 | RHS- | C] () -- C:\Documents and Settings\fr025451\ntuser.pol
[2009/10/30 08:03:05 | 000,025,253 | ---- | C] () -- C:\WINNT\whatmask.exe
[2009/10/30 07:55:03 | 000,113,890 | ---- | C] () -- C:\WINNT\restore_saplogon.EXE
[2009/10/30 07:48:09 | 000,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2009/10/30 07:48:08 | 000,955,904 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2009/10/30 07:45:59 | 001,064,960 | ---- | C] () -- C:\WINNT\System32\h5krnl32.dll
[2009/10/30 07:45:59 | 000,188,928 | ---- | C] () -- C:\WINNT\System32\h5icon32.dll
[2009/10/30 07:45:59 | 000,175,616 | ---- | C] () -- C:\WINNT\System32\h5menu32.dll
[2009/10/30 07:45:59 | 000,095,744 | ---- | C] () -- C:\WINNT\System32\h5rtf32.dll
[2009/10/30 07:45:59 | 000,051,200 | ---- | C] () -- C:\WINNT\System32\h5tool32.dll
[2009/10/30 07:45:31 | 000,015,872 | ---- | C] () -- C:\WINNT\System32\vtssm32.dll
[2009/10/30 07:45:11 | 000,002,745 | ---- | C] () -- C:\WINNT\saplogon.ini
[2009/10/30 07:45:11 | 000,000,023 | ---- | C] () -- C:\WINNT\saproute.ini
[2009/10/30 07:16:35 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2009/10/30 07:15:50 | 000,244,720 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2009/10/30 07:15:30 | 000,016,322 | ---- | C] () -- C:\WINNT\cfgall.ini
[2009/10/30 07:05:45 | 000,000,470 | ---- | C] () -- C:\WINNT\ODBC.INI
[2009/10/30 06:42:15 | 000,000,000 | ---- | C] () -- C:\WINNT\tosOBEX.INI
[2009/10/30 06:28:36 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat
[2009/10/30 06:24:29 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2009/04/16 09:32:46 | 000,040,517 | ---- | C] () -- C:\WINNT\System32\jRegistryKey.dll
[2008/04/18 09:56:18 | 000,311,296 | ---- | C] () -- C:\WINNT\System32\siecaces.dll
[2007/12/18 10:28:10 | 000,059,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml
[2007/06/21 04:49:24 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\TosBtAcc.dll
[2007/04/16 07:01:06 | 000,184,320 | ---- | C] () -- C:\WINNT\System32\gmp4_2_1.dll
[2007/04/12 02:48:40 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\siecacsp.dll
[2005/07/22 15:30:18 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\TosCommAPI.dll
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[2000/08/18 08:14:10 | 000,000,207 | ---- | C] () -- C:\WINNT\ORGD.INI
[1997/06/25 09:24:16 | 000,040,448 | ---- | C] () -- C:\WINNT\System32\regobj.dll

========== LOP Check ==========

[2010/02/02 03:36:14 | 000,000,000 | ---D | M] -- C:\WINNT\system32\config\systemprofile\Application Data\Application Updater
[2011/02/03 03:02:25 | 000,000,000 | ---D | M] -- C:\WINNT\system32\config\systemprofile\Application Data\Fixit
[2011/09/28 11:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\2020 Fusion
[2010/02/10 16:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\3M
[2010/11/15 16:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\AlesisFirewire
[2011/09/24 13:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\ArchiFacile
[2009/11/20 13:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\CatPC
[2011/12/08 04:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\com.adobe.example.widget.F826D533138FC008516DC0DE4625BA08DCDBC443.1
[2011/02/12 20:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\digital publishing
[2011/09/16 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Eltima Software
[2010/09/15 11:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\FileZilla
[2009/12/17 13:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\FreeVideoConverter
[2010/12/20 11:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\GrabIt
[2011/05/20 06:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Juniper Networks
[2011/01/28 16:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\National Library of Medicine
[2011/09/24 06:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\NesterSoft
[2011/10/25 12:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Nokia
[2011/10/25 12:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Nokia Ovi Suite
[2009/12/08 03:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\PACE Anti-Piracy
[2011/10/25 12:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\PC Suite
[2010/02/03 17:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\PhotoFiltre
[2011/01/05 11:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\ProtectDISC
[2011/04/11 10:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Siemens
[2011/10/26 12:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Sierra Wireless
[2011/12/14 19:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Spotify
[2010/07/23 03:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Steelray Software
[2010/12/20 11:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\SuperNZB
[2009/12/08 15:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\TomTom
[2009/12/13 18:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Trillium Lane
[2011/12/12 03:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\VDownloader
[2011/02/17 03:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\WindSolutions
[2010/12/27 16:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/09/28 11:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iDeal Designer Hygena
[2009/10/30 08:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/11/04 06:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2010/05/12 04:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/10/25 12:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2009/12/08 03:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2011/10/25 12:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/10/30 08:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SFR Global Access
[2010/05/12 04:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/09/30 13:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/11 11:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/10/28 10:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2011/02/17 03:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/05/01 04:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/31 15:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/12/16 07:38:16 | 000,000,350 | ---- | M] () -- C:\WINNT\Tasks\At1.job
[2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011/12/19 05:55:10 | 000,000,248 | -H-- | M] () -- C:\WINNT\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

========== Purity Check ==========



========== Custom Scans ==========


Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

Invalid Environment Variable: %APPDATA%\*.

Invalid Environment Variable: %APPDATA%\*.exe

< %SYSTEMDRIVE%\*.exe >
[2011/12/18 22:20:43 | 026,705,144 | ---- | M] (Emsi Software GmbH ) -- C:\EmsisoftAntiMalwareSetup.exe
[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\explorer.exe


< MD5 for: AEC.SYS >
[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:aec.sys
[2008/04/13 17:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINNT\system32\drivers\aec.sys

< MD5 for: AGP440.SYS >
[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ALG.EXE >
[2008/04/13 22:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINNT\system32\alg.exe
[2008/04/13 22:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINNT\system32\dllcache\alg.exe

< MD5 for: ATAPI.SYS >
[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/04/13 22:51:44 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINNT\system32\drivers\cdrom.sys

< MD5 for: CSRSS.EXE >
[2008/04/13 22:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINNT\system32\csrss.exe
[2008/04/13 22:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINNT\system32\dllcache\csrss.exe

< MD5 for: CTFMON.EXE >
[2008/04/13 22:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINNT\system32\ctfmon.exe
[2008/04/13 22:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINNT\system32\dllcache\ctfmon.exe

< MD5 for: DISK.SYS >
[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/13 22:51:44 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINNT\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 22:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\system32\dllcache\eventlog.dll
[2008/04/13 22:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\explorer.exe
[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINNT\system32\dllcache\explorer.exe
[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINNT\system32\explorer.exe

< MD5 for: I8042PRT.SYS >
[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:i8042prt.sys
[2008/04/13 19:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINNT\system32\drivers\i8042prt.sys

< MD5 for: IASTOR.SYS >
[2007/02/11 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINNT\CATPC\9\iastor.sys

< MD5 for: IMAPI.SYS >
[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:imapi.sys
[2008/04/13 22:51:44 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINNT\system32\drivers\imapi.sys

< MD5 for: INTELIDE.SYS >
[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:intelide.sys

< MD5 for: MOUNTMGR.SYS >
[2008/04/13 17:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINNT\system32\dllcache\mountmgr.sys
[2008/04/13 17:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINNT\system32\drivers\mountmgr.sys

< MD5 for: MRXSMB.SYS >
[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2009/12/04 12:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINNT\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2008/10/24 06:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINNT\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINNT\Driver Cache\i386\mrxsmb.sys
[2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINNT\system32\dllcache\mrxsmb.sys
[2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINNT\system32\drivers\mrxsmb.sys
[2010/02/24 06:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINNT\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2011/07/15 08:29:35 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=FB2FCCC70F7174C7BF64F48E96D3ADF4 -- C:\WINNT\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys
[2011/02/17 08:19:38 | 000,457,472 | ---- | M] (Microsoft Corporation) MD5=FB7DFD15D760AD339837A470F0E780D3 -- C:\WINNT\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys

< MD5 for: NDIS.SYS >
[2008/04/13 17:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINNT\system32\dllcache\ndis.sys
[2008/04/13 17:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINNT\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/04/16 23:50:11 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINNT\system32\dllcache\netlogon.dll
[2008/04/16 23:50:11 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINNT\system32\netlogon.dll

< MD5 for: RASACD.SYS >
[2001/08/23 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINNT\system32\dllcache\rasacd.sys
[2001/08/23 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINNT\system32\drivers\rasacd.sys

< MD5 for: RDPCDD.SYS >
[2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINNT\system32\dllcache\rdpcdd.sys
[2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINNT\system32\drivers\rdpcdd.sys

< MD5 for: REDBOOK.SYS >
[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:redbook.sys
[2008/04/13 19:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINNT\system32\drivers\redbook.sys

< MD5 for: SCECLI.DLL >
[2008/04/13 22:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\system32\dllcache\scecli.dll
[2008/04/13 22:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINNT\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINNT\system32\dllcache\services.exe
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINNT\system32\services.exe

< MD5 for: SMSS.EXE >
[2008/04/13 22:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINNT\system32\dllcache\smss.exe
[2008/04/13 22:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINNT\system32\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINNT\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINNT\system32\dllcache\spoolsv.exe
[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINNT\system32\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 22:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\dllcache\svchost.exe
[2008/04/13 22:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINNT\system32\dllcache\tcpip.sys
[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINNT\system32\drivers\tcpip.sys
[2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINNT\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINNT\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: TERMDD.SYS >
[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:termdd.sys
[2008/04/13 23:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINNT\system32\drivers\termdd.sys

< MD5 for: USERINIT.EXE >
[2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\dllcache\userinit.exe
[2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\userinit.exe

< MD5 for: WIN32K.SYS >
[2010/08/31 08:38:48 | 001,861,888 | ---- | M] (Microsoft Corporation) MD5=51420D569A883CC13D656783B2C86D8E -- C:\WINNT\$hf_mig$\KB981957\SP3QFE\win32k.sys
[2010/12/31 08:14:45 | 001,864,064 | ---- | M] (Microsoft Corporation) MD5=62FC2280FBEA1DCC64A276BCF71709D9 -- C:\WINNT\$hf_mig$\KB2479628\SP3QFE\win32k.sys
[2009/04/17 10:20:20 | 001,847,808 | ---- | M] (Microsoft Corporation) MD5=7CEDA3396DECF312144BC788D699EE48 -- C:\WINNT\$hf_mig$\KB968537\SP3QFE\win32k.sys
[2010/05/02 05:04:16 | 001,860,352 | ---- | M] (Microsoft Corporation) MD5=A3D4A7B714D4A74B7CD4296302F1A9FA -- C:\WINNT\$hf_mig$\KB979559\SP3QFE\win32k.sys
[2011/06/02 09:07:35 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=BE79F0A0273DEF353BA5D1F43CBAD858 -- C:\WINNT\$hf_mig$\KB2555917\SP3QFE\win32k.sys
[2010/06/23 21:14:38 | 001,861,120 | ---- | M] (Microsoft Corporation) MD5=C0B2DA12C5CB448F9EA3AF16416745CB -- C:\WINNT\$hf_mig$\KB2160329\SP3QFE\win32k.sys
[2011/03/03 08:27:43 | 001,866,880 | ---- | M] (Microsoft Corporation) MD5=D302C0D9ADC931B598405D2C953B334B -- C:\WINNT\$hf_mig$\KB2506223\SP3QFE\win32k.sys
[2011/06/02 09:02:05 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=E97153BE7D053976348554EFD71C53A8 -- C:\WINNT\system32\dllcache\win32k.sys
[2011/06/02 09:02:05 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=E97153BE7D053976348554EFD71C53A8 -- C:\WINNT\system32\win32k.sys
[2010/10/26 08:27:10 | 001,862,272 | ---- | M] (Microsoft Corporation) MD5=ED970A04FDAEAB9D9A5FA9B25E9196A8 -- C:\WINNT\$hf_mig$\KB2436673\SP3QFE\win32k.sys
[2009/08/14 11:49:40 | 001,859,712 | ---- | M] (Microsoft Corporation) MD5=F6B54A56F02D24BF43E72662D44A6B14 -- C:\WINNT\$hf_mig$\KB969947\SP3QFE\win32k.sys

< MD5 for: WINLOGON.EXE >
[2008/04/13 22:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\dllcache\winlogon.exe
[2008/04/13 22:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 01:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dnsapi.dll
[2011/06/23 13:36:29 | 011,081,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\ieframe.dll
[2011/06/23 13:36:30 | 001,991,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\iertutil.dll
[2008/04/13 22:42:02 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\mstask.dll
[2008/04/16 23:50:11 | 000,068,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\ntdsapi.dll
[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\shell32.dll
[2 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/10/30 07:15:15 | 000,094,208 | ---- | M] () -- C:\WINNT\System32\config\default.sav
[2009/10/30 07:15:15 | 001,093,632 | ---- | M] () -- C:\WINNT\System32\config\software.sav
[2009/10/30 07:15:15 | 000,937,984 | ---- | M] () -- C:\WINNT\System32\config\system.sav

< CREATERESTOREPOINT >

========== Alternate Data Streams ==========

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1340E25B
@Alternate Data Stream - 1351 bytes -> C:\Program Files\Outlook Express:i9CkdJIVMGJpN3LVwHNzX
@Alternate Data Stream - 1294 bytes -> C:\Documents and Settings\fr025451\Cookies:uiGuDJBaKXX53jX2IjdGAmj
@Alternate Data Stream - 1237 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:QN8NIpVOlohr2VKM4vZhRTTX
@Alternate Data Stream - 1223 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:2nmI9EtZUExGE4AnQv57FB0COeUYEH
@Alternate Data Stream - 1207 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:6cfDGIFENDIP1CKuNRfACAH
< End of report >

Merci encore de votre aide

A tres bientot

-------------- EDIT -------------------

Messages désimbriqués du sujet initial : http://forum.zebulon...ei-t187592.html

Ce message a été modifié par Tonton - 19 décembre 2011 - 10:10 .

Bonsoir et Bienvenu f0ele

Quand tu veux faire une demande il faut que tu ouvres ton propre post s.t.p.
pas grave pour cette fois mais cela est de rigueur sur tous les forums.
Fait ceci et je vais faire deplacer ton post par un modérateur.


Relance donc le cd que tu viens de graver puis relance OTLPE et dans cette fenêtre.


Sous Custom Scan box copie_colle le contenu du cadre ci dessous:

Citation

* Cliques sur l'icône RUNFIX (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport s'ouvrir "OTL.log"
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Mets le rapport ici car il prend bien de la place.
Accueil de Cjoint.com ou Cliquez ici.


Ensuite en mode normal fait ceci.


Téléchargez MyHosts sur votre bureau .

Pour le lancer, faites un double-clic sur l'icône de MyHosts qui se trouve sur votre bureau.

Le rapport " MyHosts.txt " s'ouvre quelques secondes après, copiez son contenu et postez-le sur le forum où vous vous faites aider.

Si par erreur vous avez fermé le rapport " MyHosts.txt " avant de le copier, vous pouvez le retrouver à la racine de votre disque système ( par exemple C:\MyHosts.txt ) .


IMPORTANT :
MyHosts doit être lancé sur une session ayant des droits "administrateur", toute exécution sur un compte "limité" entraînera l'apparition d'une fenêtre DOS vous demandant de le relancer à partir d'un compte administrateur.


Ensuite::

Installe Malewarebytes' Antimalware,

Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and trojans, plus it protects your computer

Prends bien la version FREE
*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.

Bonjour et merci pour ton aide.
J'ai bien executer ce que tu m'as comseiller, mais en redemarrant en mode normal, le virus reapparait, impossible de redemarrer sur une session normal.

Merci encore

F0ELE

Tu as un nom ou l'adresse de détection s.t.p de cet intrus.

Ceci en plus en mode sans échec avec prise en charge du réseau.

Télécharge load_tdsskiller de Loup Blanc sur ton Bureau
http://fradesch.pers..._tdsskiller.exe
ou la:
http://support.kaspe.../tdsskiller.zip

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

Lance load_tdsskiller en double-cliquant dessus. Clic droit et exécuter en tant qu'administrateur avec Vista/Seven

A cette fenêtre lance le scan.



Tu peux récupérer le rapport en validant Report

Si une détection est faite valide Cure puis

Bonsoir f0ele, bernard53,

J'ai désimbriqué ces messages du sujet initial (http://forum.zebulon...ei-t187592.html) pour créer un nouveau sujet.

Bonne continuation à vous deux,
Tonton

Merci pour ta reponse, mais le mode sans echec ne fonctionne pas sur mon pc, je ne peux malheuresement pas faire cette manip je n'ai acces a mon systeme que par le cd.
Lorsque je lance le safe mode, le systeme reboot en boucle.
Lorsque je lance depuis une clef usb l'antivirus il plante car je ne suis pas en reel "administrateur" a partir du cd.


A tres bientot

ok ceci alors.



Relance donc le cd que tu viens de graver puis relance OTLPE et dans cette fenêtre.


Sous Custom Scan box copie_colle le contenu du cadre ci dessous:

Citation

* Cliques sur l'icône RUNFIX (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport s'ouvrir "OTL.log"
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Mets le rapport ici car il prend bien de la place.
Accueil de Cjoint.com ou Cliquez ici.

Ce message a été modifié par bernard53 - 23 décembre 2011 - 08:46 .