josamai

Bonjour, merci pour votre suivi. J'ai disparu quelques jours mais je suis de retour et mon problème toujours inchangé. Voilà le rapport que vous m'aviez demandé Running from: C:\Users\jo\Desktop\Win32kDiag.exe Log file at : C:\Users\jo\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\Windows'... Cannot access: C:\Windows\CSC\v2.0.6\pq [1] 2010-06-03 15:26:57 64 C:\Windows\CSC\v2.0.6\pq () Cannot access: C:\Windows\CSC\v2.0.6\temp\ea-{f0e6876c-6f1b-11df-b8e5-c641fb63761a} [1] 2010-06-03 15:26:57 0 C:\Windows\CSC\v2.0.6\temp\ea-{f0e6876c-6f1b-11df-b8e5-c641fb63761a} () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl [1] 2011-01-13 21:22:19 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl [1] 2011-01-13 21:22:03 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl [1] 2011-01-13 21:22:03 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl [1] 2011-01-13 21:22:18 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl [1] 2011-01-13 21:22:22 72 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl () Finished! Merci

les deux premiers n'ont rien donné et impossible de télécharger mbam lors de l'installation, j'ai essayer sur trois pc, rien à faire... Une alternative?

Le programme ne marche pas... rien à faire. Peut être lié au fait que je sois sous 7 en 64bit?

Bonjour, Gmer ne détecte rien du tout. Par contre j'ai plusieurs rubriques qui restent grisées et décochées (system, sections, IAT/EAT,devices,Threads)quand je fais le scan. Est ce que ça pose problème? Sinon toujours pas d'améliorations... Si vous avez une autre idée je suis preneur:)

Il y peut être une légère amélioration mas ma connexion est toujours extrêmement ralentie... Beaucoup de difficulté à l'ouverture des pages toujours et peut importe le site, clubic, youtube, pièce jointe mail... je télécharge autour de 40ko/s et par contre sur mon second PC toujours aucun problème. Une idée?

All processes killed ========== FILES ========== C:\Windows\SurCode.INI moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: jo ->Temp folder emptied: 5532692 bytes ->Temporary Internet Files folder emptied: 12630194 bytes ->Java cache emptied: 208614 bytes ->FireFox cache emptied: 59189876 bytes ->Flash cache emptied: 110106 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2432 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50540 bytes RecycleBin emptied: 7554 bytes Total Files Cleaned = 74,00 mb OTM by OldTimer - Version 3.1.17.2 log created on 01092011_185853 Files moved on Reboot... C:\Users\jo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File C:\Users\jo\AppData\Local\Temp\~PI4E2F.tmp not found! File C:\Users\jo\AppData\Local\Temp\~PI4E30.tmp not found! File C:\Users\jo\AppData\Local\Temp\~PI4EED.tmp not found! Registry entries deleted on Reboot...

All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-1766064798-3825573771-3055223879-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully! OTL by OldTimer - Version 3.2.20.1 log created on 01092011_181222 Files\Folders moved on Reboot... Registry entries deleted on Reboot... qu'est ce que ça dit? ça va? ça se règle? merci

et voilà OTL logfile created on: 09/01/2011 16:41:48 - Run 2 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\jo\Desktop 64bit- Ultimate Edition N (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 77,00% Memory free 12,00 Gb Paging File | 11,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 344,06 Gb Free Space | 73,89% Space Free | Partition Type: NTFS Drive D: | 5,14 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 931,51 Gb Total Space | 414,83 Gb Free Space | 44,53% Space Free | Partition Type: NTFS Drive F: | 232,82 Gb Total Space | 79,93 Gb Free Space | 34,33% Space Free | Partition Type: NTFS Drive G: | 100,00 Mb Total Space | 71,60 Mb Free Space | 71,60% Space Free | Partition Type: NTFS Drive H: | 3,76 Gb Total Space | 3,74 Gb Free Space | 99,62% Space Free | Partition Type: FAT32 Computer Name: JO-PC | User Name: jo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/01/05 19:06:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.scr PRC - [2010/12/13 17:02:42 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe PRC - [2010/12/04 17:59:26 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/06/26 18:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe PRC - [2010/05/20 23:58:48 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010/05/20 23:58:46 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010/04/07 20:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2009/11/20 09:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe PRC - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2005/01/05 15:45:36 | 001,015,808 | ---- | M] (Thomas Ascher) -- C:\Program Files (x86)\ATnotes\ATnotes.exe ========== Modules (SafeList) ========== MOD - [2011/01/09 15:47:10 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Users\jo\AppData\Local\FLVService\lib\FLVSrvLib.dll MOD - [2011/01/05 19:06:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.scr MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009/06/10 22:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/04/07 20:10:42 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV:64bit: - [2010/04/07 20:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2010/03/08 14:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010/12/04 17:59:26 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/07/01 16:43:52 | 000,403,064 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe -- (EmmaDevMgmtSvc) SRV - [2010/07/01 16:43:52 | 000,193,656 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe -- (EmmaUpdMgmtSvc) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/04/07 20:08:30 | 000,050,600 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:64bit: - [2010/04/07 20:08:28 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:64bit: - [2010/04/07 20:08:26 | 000,169,592 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:64bit: - [2010/04/07 20:07:10 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2010/04/07 20:03:52 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2010/01/24 13:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2009/09/29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort) DRV:64bit: - [2009/09/29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM) DRV:64bit: - [2009/09/29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum) DRV:64bit: - [2009/09/23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009/09/23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009/09/23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009/09/23 02:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2009/09/23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009/09/21 14:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009/07/14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009/07/14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/03/25 15:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm) DRV:64bit: - [2009/03/25 15:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV:64bit: - [2009/03/25 15:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2009/03/25 15:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex) DRV:64bit: - [2009/03/25 15:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV:64bit: - [2009/03/25 15:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV:64bit: - [2009/03/25 15:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl) DRV:64bit: - [2008/07/08 14:55:54 | 000,158,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgmdmdm.sys -- (lgmdmdm) DRV:64bit: - [2008/07/08 14:55:54 | 000,137,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgmdmgmt.sys -- (lgmdmgmt) LG Mobile USB WMC Device Management Drivers (WDM) DRV:64bit: - [2008/07/08 14:55:54 | 000,136,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgmdobex.sys -- (lgmdobex) DRV:64bit: - [2008/07/08 14:55:54 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgmdmdfl.sys -- (lgmdmdfl) DRV:64bit: - [2008/07/08 14:55:52 | 000,115,200 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgmdbus.sys -- (lgmdbus) LG Mobile driver (WDM) DRV:64bit: - [2007/02/16 09:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2006/12/22 20:05:52 | 000,559,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb) DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Sign In IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_url = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = Sign In IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 44 F5 69 2D 03 CB 01 [binary data] IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 01:12:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/12 14:35:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 01:12:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/12 14:35:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 01:12:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/12 14:35:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 01:12:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/12 14:35:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/06/03 16:07:41 | 000,000,000 | ---D | M] [2010/06/03 16:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jo\AppData\Roaming\mozilla\Extensions [2010/06/03 16:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jo\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/01/08 13:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jo\AppData\Roaming\mozilla\Firefox\Profiles\8be4gsxv.default\extensions [2010/10/19 12:15:06 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\jo\AppData\Roaming\mozilla\Firefox\Profiles\8be4gsxv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2011/01/02 14:56:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\jo\AppData\Roaming\mozilla\Firefox\Profiles\8be4gsxv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/01/08 13:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/12/12 14:35:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/07/25 16:53:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/12/12 14:35:00 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll [2010/12/12 14:35:00 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll [2010/07/25 16:53:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2009/06/25 12:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2010/12/12 14:35:02 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll [2010/11/10 12:49:36 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll [2010/04/16 19:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll [2010/04/16 19:00:00 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll [2010/07/05 21:55:29 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml [2010/07/05 21:55:29 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/07/05 21:55:29 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml [2010/07/05 21:55:29 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml [2010/07/05 21:55:29 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/07/05 21:55:29 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000..\Run: [ATnotes.exe] C:\Program Files (x86)\ATnotes\ATnotes.exe (Thomas Ascher) O4 - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O4 - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000..\Run: [skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000..\Run: [sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/01/05 15:41:17 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler) Drivers32: msacm.divxa32 - C:\Windows\SysWow64\divxa32.acm (Kristal StudioDFileDescription) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: VIDC.HFYU - C:\Windows\SysWow64\huffyuv.dll (Disappearing Inc.) Drivers32: vidc.i263 - C:\Windows\SysWow64\I263_32.drv (Intel Corporation) Drivers32: vidc.iv41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation) Drivers32: VIDC.VP60 - C:\Windows\SysWow64\vp6vfw.dll (On2.com) Drivers32: VIDC.VP61 - C:\Windows\SysWow64\vp6vfw.dll (On2.com) Drivers32: VIDC.VP62 - C:\Windows\SysWow64\vp6vfw.dll (On2.com) Drivers32: VIDC.VP70 - C:\Windows\SysWow64\vp7vfw.dll (On2.com) Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll () Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/01/09 16:38:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.scr [2011/01/08 13:23:37 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/01/07 15:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SnIco Edit [2011/01/07 15:07:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SnIco Edit [2011/01/06 19:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011/01/05 22:58:35 | 000,000,000 | ---D | C] -- C:\_OTL [2011/01/05 18:22:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Remover [2011/01/05 16:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP [2011/01/05 16:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag [2011/01/05 16:01:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/01/05 16:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/01/05 16:01:08 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/01/05 14:24:43 | 000,000,000 | ---D | C] -- C:\Users\jo\AppData\Roaming\Malwarebytes [2011/01/05 14:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/01/05 14:24:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/01/05 10:46:58 | 000,000,000 | ---D | C] -- C:\Users\jo\AppData\Local\{51238315-146B-418F-B918-EDCCFE5C363A} [2011/01/04 21:13:48 | 000,000,000 | -H-D | C] -- C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/01/04 17:19:35 | 000,000,000 | ---D | C] -- C:\Users\jo\AppData\Local\{267BC14A-2F24-44EB-8900-6DE757150A1E} [2011/01/04 17:19:22 | 000,000,000 | ---D | C] -- C:\Users\jo\Tracing [2011/01/04 17:12:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2011/01/04 17:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live [2011/01/04 17:06:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011/01/04 17:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011/01/04 17:02:02 | 000,000,000 | ---D | C] -- C:\Users\jo\AppData\Local\Windows Live [2011/01/04 17:02:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live [2010/12/28 18:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010/12/28 18:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2010/12/28 18:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2010/12/28 16:09:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010/12/28 16:09:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010/12/28 15:52:52 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010/12/28 15:52:52 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010/12/28 15:52:52 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010/12/28 15:52:52 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010/12/28 15:52:52 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010/12/28 15:52:52 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010/12/28 15:52:52 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010/12/28 15:52:52 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010/12/28 15:52:35 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2010/12/28 15:02:05 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010/12/28 15:02:05 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010/12/28 15:01:33 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2010/12/28 15:01:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010/12/28 15:01:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010/12/28 15:01:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010/12/28 15:01:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010/12/28 15:01:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010/12/28 15:01:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010/12/28 15:01:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010/12/28 15:01:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010/12/28 15:01:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010/12/28 15:01:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010/12/28 15:01:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010/12/28 15:01:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010/12/28 15:01:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010/12/28 15:01:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010/12/28 15:00:58 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2010/12/28 15:00:58 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010/12/28 15:00:52 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010/12/28 15:00:51 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010/12/28 15:00:50 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010/12/28 15:00:49 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010/12/28 15:00:47 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010/12/28 15:00:45 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010/12/28 15:00:45 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010/12/28 15:00:43 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010/12/28 15:00:43 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010/12/28 15:00:43 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010/12/28 15:00:43 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010/12/28 15:00:43 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010/12/28 15:00:43 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010/12/28 15:00:43 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010/12/28 15:00:42 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010/12/28 15:00:38 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010/12/28 15:00:35 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2010/12/28 15:00:34 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010/12/28 15:00:27 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010/12/28 15:00:25 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2010/12/28 15:00:25 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010/12/28 15:00:25 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010/12/28 15:00:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010/12/28 15:00:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010/12/28 15:00:24 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010/12/28 15:00:23 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2010/12/28 15:00:23 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010/12/28 15:00:23 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010/12/28 15:00:17 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010/12/28 15:00:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010/12/28 14:59:58 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010/12/28 14:59:58 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010/12/28 14:59:51 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010/12/28 14:59:51 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010/12/28 14:59:51 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010/12/28 14:59:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010/12/28 14:59:49 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010/12/28 14:59:49 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010/12/28 14:59:47 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010/12/28 14:59:47 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010/12/28 14:59:47 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010/12/28 14:59:47 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010/12/28 14:59:46 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010/12/28 14:59:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010/12/28 14:59:45 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010/12/28 14:59:45 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010/12/28 14:59:45 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010/12/28 14:59:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010/12/28 14:59:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010/12/28 14:59:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010/12/28 14:59:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010/12/28 14:59:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010/12/28 14:59:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010/12/28 14:59:42 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010/12/28 14:59:40 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010/12/28 14:59:39 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010/12/28 14:59:39 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010/12/28 14:59:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010/12/28 14:59:38 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2010/12/28 14:57:28 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010/12/28 14:56:42 | 000,000,000 | ---D | C] -- C:\Users\jo\AppData\Local\realtech_VR [2010/12/28 14:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\realtech VR [2010/12/28 14:48:24 | 000,000,000 | ---D | C] -- C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\realtech VR [2010/12/28 14:48:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\realtech VR [2010/12/17 03:10:30 | 000,000,000 | ---D | C] -- C:\Users\jo\AppData\Local\LooksBuilder [2010/12/17 03:06:59 | 000,000,000 | ---D | C] -- C:\Users\jo\AppData\Local\Downloaded Installations [2010/12/16 19:57:04 | 000,000,000 | ---D | C] -- C:\Users\jo\Desktop\la route d'eldorado [2010/12/14 23:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LooksBuilder [2010/12/13 21:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Urban Terror [2010/12/13 21:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UrbanTerror [2010/12/13 18:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2010/12/13 17:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2010/12/13 17:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2010/12/13 17:02:47 | 000,000,000 | ---D | C] -- C:\Download [2010/12/13 17:02:36 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2010/12/13 17:02:36 | 000,000,000 | ---D | C] -- C:\Nexon [2010/07/12 18:47:56 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe7531.dll ========== Files - Modified Within 30 Days ========== [2011/01/09 15:54:07 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/01/09 15:54:07 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/01/09 15:51:16 | 001,524,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/01/09 15:51:16 | 000,696,612 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2011/01/09 15:51:16 | 000,607,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/01/09 15:51:16 | 000,128,112 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2011/01/09 15:51:16 | 000,103,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/01/09 15:47:07 | 000,016,425 | ---- | M] () -- C:\Windows\SysNative\Wacom_Tablet.dat [2011/01/09 15:46:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/01/09 15:46:51 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys [2011/01/08 23:00:54 | 000,339,636 | ---- | M] () -- C:\Users\jo\Desktop\albertomielgo027.jpeg [2011/01/08 13:44:36 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk [2011/01/08 13:44:36 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk [2011/01/08 13:44:36 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk [2011/01/07 15:25:25 | 000,000,868 | ---- | M] () -- C:\Users\jo\Desktop\Ondia - Raccourci.lnk [2011/01/07 14:58:29 | 000,000,132 | ---- | M] () -- C:\Users\jo\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011/01/07 14:26:35 | 000,005,522 | ---- | M] () -- C:\Users\jo\Desktop\rrrrr.docx [2011/01/05 19:07:39 | 125,380,323 | ---- | M] () -- C:\Users\jo\Desktop\Board3d.mov [2011/01/05 19:06:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.scr [2011/01/05 13:27:35 | 000,000,798 | ---- | M] () -- C:\FindyKill_Upload_Me_jo-PC.zip [2011/01/04 21:16:38 | 002,925,480 | ---- | M] () -- C:\Users\jo\Documents\AutoRuns.arn [2011/01/04 20:22:32 | 000,000,036 | ---- | M] () -- C:\Users\jo\AppData\Local\housecall.guid.cache [2011/01/04 17:08:04 | 000,031,547 | ---- | M] () -- C:\Users\jo\Desktop\fig21.gif [2011/01/04 17:07:16 | 000,038,918 | ---- | M] () -- C:\Users\jo\Desktop\BarragesMap.gif [2011/01/04 16:27:27 | 000,042,853 | ---- | M] () -- C:\Users\jo\Desktop\praya_nakhon.jpg [2011/01/04 14:18:11 | 000,050,472 | ---- | M] () -- C:\Users\jo\Desktop\paris.jpg [2011/01/04 13:35:18 | 000,049,823 | ---- | M] () -- C:\Users\jo\Desktop\japon.jpg [2011/01/04 13:29:31 | 000,083,166 | ---- | M] () -- C:\Users\jo\Desktop\annecy.jpg [2011/01/03 19:19:36 | 005,762,661 | ---- | M] () -- C:\Users\jo\Desktop\croquis.psd [2010/12/28 16:11:31 | 005,143,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/12/17 03:08:08 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\PhotoLooks LooksBuilder.lnk [2010/12/16 00:10:53 | 000,000,132 | ---- | M] () -- C:\Users\jo\AppData\Roaming\Adobe BMP Format CS5 Prefs [2010/12/13 21:36:06 | 000,041,048 | ---- | M] () -- C:\Users\jo\Desktop\anecy.jpg [2010/12/13 21:30:21 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Urban Terror (io).lnk [2010/12/13 17:02:36 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2010/12/13 17:02:36 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat ========== Files Created - No Company Name ========== [2011/01/08 23:00:50 | 000,339,636 | ---- | C] () -- C:\Users\jo\Desktop\albertomielgo027.jpeg [2011/01/08 13:44:36 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk [2011/01/08 13:44:36 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk [2011/01/08 13:44:36 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk [2011/01/07 18:23:47 | 125,380,323 | ---- | C] () -- C:\Users\jo\Desktop\Board3d.mov [2011/01/07 14:58:29 | 000,000,132 | ---- | C] () -- C:\Users\jo\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011/01/07 14:55:21 | 000,000,868 | ---- | C] () -- C:\Users\jo\Desktop\Ondia - Raccourci.lnk [2011/01/07 14:26:34 | 000,005,522 | ---- | C] () -- C:\Users\jo\Desktop\rrrrr.docx [2011/01/04 21:16:38 | 002,925,480 | ---- | C] () -- C:\Users\jo\Documents\AutoRuns.arn [2011/01/04 20:22:32 | 000,000,036 | ---- | C] () -- C:\Users\jo\AppData\Local\housecall.guid.cache [2011/01/04 17:08:00 | 000,031,547 | ---- | C] () -- C:\Users\jo\Desktop\fig21.gif [2011/01/04 17:07:07 | 000,038,918 | ---- | C] () -- C:\Users\jo\Desktop\BarragesMap.gif [2011/01/04 16:27:27 | 000,042,853 | ---- | C] () -- C:\Users\jo\Desktop\praya_nakhon.jpg [2011/01/04 13:00:30 | 000,083,166 | ---- | C] () -- C:\Users\jo\Desktop\annecy.jpg [2011/01/04 12:59:29 | 000,049,823 | ---- | C] () -- C:\Users\jo\Desktop\japon.jpg [2011/01/04 12:58:48 | 000,050,472 | ---- | C] () -- C:\Users\jo\Desktop\paris.jpg [2011/01/03 19:02:46 | 005,762,661 | ---- | C] () -- C:\Users\jo\Desktop\croquis.psd [2010/12/17 03:08:08 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\PhotoLooks LooksBuilder.lnk [2010/12/16 00:10:53 | 000,000,132 | ---- | C] () -- C:\Users\jo\AppData\Roaming\Adobe BMP Format CS5 Prefs [2010/12/13 21:36:05 | 000,041,048 | ---- | C] () -- C:\Users\jo\Desktop\anecy.jpg [2010/12/13 21:30:21 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Urban Terror (io).lnk [2010/12/13 17:02:36 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2010/12/07 13:50:28 | 004,061,184 | ---- | C] () -- C:\Windows\SysWow64\PhotoLooksRenderer.dll [2010/12/04 13:51:54 | 000,000,132 | ---- | C] () -- C:\Users\jo\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010/11/25 21:48:02 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2010/10/12 16:01:16 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2010/09/22 17:30:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2010/09/22 17:30:28 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2010/06/03 16:28:50 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2010/06/03 15:59:17 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010/06/03 15:59:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010/06/03 15:59:16 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2010/06/03 15:59:16 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010/06/03 15:59:16 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010/06/03 15:59:15 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010/02/28 16:17:48 | 003,284,480 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010/12/01 17:06:42 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\Blender Foundation [2010/06/15 22:40:09 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\Canon [2010/11/29 16:02:48 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/06/03 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\ESET [2010/06/16 13:30:58 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\Facebook [2010/10/12 16:01:22 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\FreeAudioPack [2010/07/12 18:42:27 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\GetRightToGo [2010/09/27 12:41:57 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\GlarySoft [2010/11/11 19:29:19 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\LG Electronics [2010/07/25 17:43:32 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\OpenOffice.org [2010/11/25 21:48:01 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\PACE Anti-Piracy [2010/08/27 20:56:25 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\Red Kawa [2010/11/25 21:49:49 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2010/12/01 13:08:02 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\WeecastPlayer.A27AB7741756020517D10FDBA9AD7A2F55F5F984.1 [2010/11/05 21:21:29 | 000,000,000 | ---D | M] -- C:\Users\jo\AppData\Roaming\XnView [2010/11/11 19:29:19 | 000,000,000 | -H-D | M] -- C:\Users\jo\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6} [2010/11/17 13:23:14 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2010/12/14 12:46:10 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %appdata% *.exe /s > < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CDROM.SYS > [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows.old\Windows\System32\drivers\cdrom.sys [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows.old\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows.old\Windows\System32\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: CSRSS.EXE > [2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows.old\Windows\System32\csrss.exe [2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe [2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe < MD5 for: EXPLORER.EXE > [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\SysWOW64\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows.old\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NDIS.SYS > [2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows.old\Windows\System32\drivers\ndis.sys [2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows.old\Windows\System32\netlogon.dll [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\SysWOW64\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows.old\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\SysWOW64\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows.old\Windows\System32\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: TCPIP.SYS > [2010/06/14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys [2010/06/14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys [2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows.old\Windows\System32\drivers\tcpip.sys [2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys [2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys < MD5 for: USERINIT.EXE > [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\System32\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows.old\Windows\System32\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\System32\winlogon.exe [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < %systemroot%\*. /mp /s > ========== Files - Unicode (All) ========== [2010/12/13 18:57:16 | 000,000,000 | ---D | M](C:\Users\jo\Documents\?? ???) -- C:\Users\jo\Documents\넥슨 플러그 [2010/12/13 18:57:16 | 000,000,000 | ---D | C](C:\Users\jo\Documents\?? ???) -- C:\Users\jo\Documents\넥슨 플러그 ========== Alternate Data Streams ========== @Alternate Data Stream - 1136 bytes -> C:\ProgramData\Microsoft:1UW8gEGvKcDUZoQNx0zgVL @Alternate Data Stream - 1118 bytes -> C:\ProgramData\Microsoft:I4pV9FpHXfnwpCUcWWzTKDNbVJk < End of report > merci

Bonjour bonjour, ma joie aura été de courte durée.... Hier tout marchait à la perfection, mais aujourd'hui retour à la case départ. A nouveau impossible d'ouvrir la moindre page internet... J'imagine qu'il ya encore quelque chose qui traine et qui s'est réactiver aujourd'hui. A nouveau besoin d'aide donc. merci d'avance

Tout semble rentré dans l'ordre rien à signaler avec l'analyse en ligne ESET. Merci beaucoup pour cette aide précieuse et le temps accordé. Encore une fois merci c'est fantastique de pouvoir compter sur une aide comme celle ci. J'espère que je n'aurai pas besoin trop vite à nouveau de vos services Bon courage amicalement

et voilà le rapport All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found. File C:\Program Files (x86)\Freecorder\tbFree.dll not found. Registry value HKEY_USERS\S-1-5-21-1766064798-3825573771-3055223879-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found. File C:\Program Files (x86)\Freecorder\tbFree.dll not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found. File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found. File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b67ff4a-766b-11df-afd1-e0cb4ea689a4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b67ff4a-766b-11df-afd1-e0cb4ea689a4}\ not found. File K:\WD SmartWare.exe not found. C:\Windows\temp folder moved successfully. Folder C:\Qoobox\ not found. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully! OTL by OldTimer - Version 3.2.20.1 log created on 01062011_132548 Files\Folders moved on Reboot... Registry entries deleted on Reboot... merci

merci voilà le rapport Rapport de ZHPFix 1.12.3227 par Nicolas Coolman, Update du 16/12/2010 Fichier d'export Registre : C:\ZHPExportRegistry-06-01-2011-12-15-18.txt Run by jo at 06/01/2011 12:15:18 Windows 7, 64-bit (Build 7600) Web site : ZHPFix Fix de rapport Contact : nicolascoolman@yahoo.fr ========== Clé(s) du Registre ========== O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) => Clé supprimée avec succès ========== Fichier(s) ========== c:\program files (x86)\freecorder\tbfree.dll => Supprimé et mis en quarantaine ========== Autre ========== [2011/01/05 14:05:55 | 000,000,000 | ---D | C] -- C:\Windows\temp => Format Non supporté [2011/01/05 13:57:46 | 000,000,000 | ---D | C] -- C:\Qoobox => Format Non supporté [2010/11/25 21:48:02 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI => Format Non supporté [2010/12/28 15:52:35 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe => Format Non supporté IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) => Format Non supporté IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) => Format Non supporté ========== Récapitulatif ========== 1 : Clé(s) du Registre 1 : Fichier(s) 6 : Autre End of the scan merci

j'ai essayer de relancer avec la liste que vous m'avez envoyer malheureusement le programme bloque et ne redémarre pas. Que faire ? Il bloque à la ligne 64bit: -[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command] ""=""%1" %*" Merci

voilà donc les nouveaux rapports OTL OTL logfile created on: 05/01/2011 19:43:00 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\jo\Desktop 64bit- Ultimate Edition N (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 72,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 341,14 Gb Free Space | 73,26% Space Free | Partition Type: NTFS Drive D: | 0,00 Mb Total Space | 0,00 Mb Free Space | NAN% Space Free | Partition Type: CDFS Drive E: | 931,51 Gb Total Space | 375,57 Gb Free Space | 40,32% Space Free | Partition Type: NTFS Drive F: | 232,82 Gb Total Space | 77,86 Gb Free Space | 33,44% Space Free | Partition Type: NTFS Drive G: | 100,00 Mb Total Space | 71,60 Mb Free Space | 71,60% Space Free | Partition Type: NTFS Drive H: | 3,76 Gb Total Space | 3,74 Gb Free Space | 99,63% Space Free | Partition Type: FAT32 Computer Name: JO-PC | User Name: jo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/01/05 19:06:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.scr PRC - [2010/12/13 17:02:42 | 001,064,960 | ---- | M] () -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe PRC - [2010/12/04 17:59:26 | 000,072,704 | ---- | M] (Autodesk) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010/06/26 18:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe PRC - [2010/05/20 23:58:48 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010/05/20 23:58:46 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2010/04/07 20:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2009/11/20 09:17:12 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe PRC - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe PRC - [2005/01/05 15:45:36 | 001,015,808 | ---- | M] (Thomas Ascher) -- C:\Program Files (x86)\ATnotes\ATnotes.exe ========== Modules (SafeList) ========== MOD - [2011/01/05 19:06:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.scr MOD - [2011/01/05 18:27:51 | 000,018,432 | ---- | M] (Applian Technologies, Inc.) -- C:\Users\jo\AppData\Local\FLVService\lib\FLVSrvLib.dll MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2009/06/10 22:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/04/07 20:10:42 | 000,042,336 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv) SRV:64bit: - [2010/04/07 20:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2010/03/08 14:47:06 | 006,245,744 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2010/12/04 17:59:26 | 000,072,704 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/07/01 16:43:52 | 000,403,064 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe -- (EmmaDevMgmtSvc) SRV - [2010/07/01 16:43:52 | 000,193,656 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe -- (EmmaUpdMgmtSvc) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/04/30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2006/09/29 12:48:06 | 000,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/04/07 20:08:30 | 000,050,600 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:64bit: - [2010/04/07 20:08:28 | 000,033,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\epfwndis.sys -- (Epfwndis) DRV:64bit: - [2010/04/07 20:08:26 | 000,169,592 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:64bit: - [2010/04/07 20:07:10 | 000,139,704 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2010/04/07 20:03:52 | 000,163,888 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2010/01/24 13:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2009/09/29 08:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort) DRV:64bit: - [2009/09/29 08:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM) DRV:64bit: - [2009/09/29 08:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum) DRV:64bit: - [2009/09/23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009/09/23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009/09/23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009/09/23 02:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2009/09/23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009/09/21 14:29:22 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009/07/14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009/07/14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 21:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/03/25 15:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm) DRV:64bit: - [2009/03/25 15:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) DRV:64bit: - [2009/03/25 15:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) DRV:64bit: - [2009/03/25 15:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex) DRV:64bit: - [2009/03/25 15:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM) DRV:64bit: - [2009/03/25 15:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) DRV:64bit: - [2009/03/25 15:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl) DRV:64bit: - [2008/07/08 14:55:54 | 000,158,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgmdmdm.sys -- (lgmdmdm) DRV:64bit: - [2008/07/08 14:55:54 | 000,137,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgmdmgmt.sys -- (lgmdmgmt) LG Mobile USB WMC Device Management Drivers (WDM) DRV:64bit: - [2008/07/08 14:55:54 | 000,136,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgmdobex.sys -- (lgmdobex) DRV:64bit: - [2008/07/08 14:55:54 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgmdmdfl.sys -- (lgmdmdfl) DRV:64bit: - [2008/07/08 14:55:52 | 000,115,200 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgmdbus.sys -- (lgmdbus) LG Mobile driver (WDM) DRV:64bit: - [2007/02/16 09:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2006/12/22 20:05:52 | 000,559,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrxusb.sys -- (athrusb) DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Sign In IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_url = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_search_url = Sign In IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN : Hotmail, Messenger, Bing, Actualité et Sport IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 44 F5 69 2D 03 CB 01 [binary data] IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 01:12:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/12 14:35:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 01:12:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/12 14:35:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 01:12:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/12 14:35:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/14 01:12:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/12 14:35:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010/06/03 16:07:41 | 000,000,000 | ---D | M] [2010/06/03 16:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jo\AppData\Roaming\mozilla\Extensions [2010/06/03 16:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jo\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011/01/04 11:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jo\AppData\Roaming\mozilla\Firefox\Profiles\8be4gsxv.default\extensions [2010/10/19 12:15:06 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\jo\AppData\Roaming\mozilla\Firefox\Profiles\8be4gsxv.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2011/01/02 14:56:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\jo\AppData\Roaming\mozilla\Firefox\Profiles\8be4gsxv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/01/04 11:57:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/12/12 14:35:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/07/25 16:53:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/12/12 14:35:00 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll [2010/12/12 14:35:00 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll [2010/07/25 16:53:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2009/06/25 12:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll [2010/12/12 14:35:02 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll [2010/11/10 12:49:36 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll [2010/04/16 19:00:00 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll [2010/09/25 12:15:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll [2010/04/16 19:00:00 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll [2010/07/05 21:55:29 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-france.xml [2010/07/05 21:55:29 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml [2010/07/05 21:55:29 | 000,000,757 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-france.xml [2010/07/05 21:55:29 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml [2010/07/05 21:55:29 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-fr.xml [2010/07/05 21:55:29 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-france.xml O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000..\Run: [ATnotes.exe] C:\Program Files (x86)\ATnotes\ATnotes.exe (Thomas Ascher) O4 - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.) O4 - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000..\Run: [skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000..\Run: [sony Ericsson PC Suite] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/01/05 15:41:17 | 000,000,000 | -H-D | M] O4 - Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O7 - HKU\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6b67ff4a-766b-11df-afd1-e0cb4ea689a4}\Shell - "" = AutoRun O33 - MountPoints2\{6b67ff4a-766b-11df-afd1-e0cb4ea689a4}\Shell\AutoRun\command - "" = K:\WD SmartWare.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/01/05 19:07:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.scr [2011/01/05 16:29:12 | 002,265,732 | ---- | C] (Nicolas Coolman ) -- C:\Users\jo\Desktop\ZHPDiag.exe [2011/01/05 16:01:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/01/05 16:01:08 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/01/05 14:05:55 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/01/05 13:57:46 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/01/04 21:13:48 | 000,000,000 | -H-D | C] -- C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2011/01/04 17:06:52 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2010/12/28 16:09:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2010/12/28 16:09:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2010/12/28 15:52:52 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010/12/28 15:52:52 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010/12/28 15:52:52 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010/12/28 15:52:52 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010/12/28 15:52:52 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010/12/28 15:52:52 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010/12/28 15:52:52 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010/12/28 15:52:52 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010/12/28 15:52:35 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe [2010/12/28 15:02:05 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll [2010/12/28 15:02:05 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll [2010/12/28 15:01:33 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2010/12/28 15:01:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010/12/28 15:01:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010/12/28 15:01:01 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010/12/28 15:01:01 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010/12/28 15:01:01 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010/12/28 15:01:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010/12/28 15:01:01 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010/12/28 15:01:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010/12/28 15:01:01 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010/12/28 15:01:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010/12/28 15:01:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010/12/28 15:01:01 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010/12/28 15:01:01 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010/12/28 15:01:01 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010/12/28 15:00:58 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2010/12/28 15:00:58 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll [2010/12/28 15:00:52 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2010/12/28 15:00:51 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2010/12/28 15:00:50 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2010/12/28 15:00:49 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010/12/28 15:00:47 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010/12/28 15:00:45 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010/12/28 15:00:45 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010/12/28 15:00:43 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010/12/28 15:00:43 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010/12/28 15:00:43 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010/12/28 15:00:43 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010/12/28 15:00:43 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010/12/28 15:00:43 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010/12/28 15:00:43 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010/12/28 15:00:42 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010/12/28 15:00:38 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010/12/28 15:00:35 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll [2010/12/28 15:00:34 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll [2010/12/28 15:00:27 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010/12/28 15:00:25 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2010/12/28 15:00:25 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010/12/28 15:00:25 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010/12/28 15:00:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010/12/28 15:00:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010/12/28 15:00:24 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2010/12/28 15:00:23 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2010/12/28 15:00:23 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2010/12/28 15:00:23 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2010/12/28 15:00:17 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010/12/28 15:00:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010/12/28 14:59:58 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010/12/28 14:59:58 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010/12/28 14:59:51 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2010/12/28 14:59:51 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2010/12/28 14:59:51 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe [2010/12/28 14:59:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010/12/28 14:59:49 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010/12/28 14:59:49 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010/12/28 14:59:47 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2010/12/28 14:59:47 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2010/12/28 14:59:47 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll [2010/12/28 14:59:47 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll [2010/12/28 14:59:46 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2010/12/28 14:59:46 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2010/12/28 14:59:45 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010/12/28 14:59:45 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010/12/28 14:59:45 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010/12/28 14:59:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2010/12/28 14:59:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2010/12/28 14:59:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2010/12/28 14:59:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2010/12/28 14:59:43 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2010/12/28 14:59:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2010/12/28 14:59:42 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010/12/28 14:59:40 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll [2010/12/28 14:59:39 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll [2010/12/28 14:59:39 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll [2010/12/28 14:59:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll [2010/12/28 14:59:38 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys [2010/12/28 14:57:28 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2010/12/16 19:57:04 | 000,000,000 | ---D | C] -- C:\Users\jo\Desktop\la route d'eldorado [2010/12/13 17:02:47 | 000,000,000 | ---D | C] -- C:\Download [2010/12/13 17:02:36 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2010/12/13 17:02:36 | 000,000,000 | ---D | C] -- C:\Nexon [2010/12/07 13:05:25 | 000,000,000 | ---D | C] -- C:\Temp [2010/07/12 18:47:56 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe7531.dll ========== Files - Modified Within 30 Days ========== [2011/01/05 19:08:24 | 001,524,562 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/01/05 19:08:24 | 000,696,612 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2011/01/05 19:08:24 | 000,607,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/01/05 19:08:24 | 000,128,112 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2011/01/05 19:08:24 | 000,103,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/01/05 19:06:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jo\Desktop\OTL.scr [2011/01/05 18:34:51 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/01/05 18:34:51 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/01/05 18:27:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/01/05 18:27:33 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys [2011/01/05 18:22:46 | 000,001,901 | ---- | M] () -- C:\Users\jo\Desktop\AD-R.lnk [2011/01/05 16:29:41 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk [2011/01/05 16:29:41 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk [2011/01/05 16:29:41 | 000,000,996 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk [2011/01/05 16:26:38 | 002,265,732 | ---- | M] (Nicolas Coolman ) -- C:\Users\jo\Desktop\ZHPDiag.exe [2011/01/05 16:01:12 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/01/05 13:27:35 | 000,000,798 | ---- | M] () -- C:\FindyKill_Upload_Me_jo-PC.zip [2011/01/04 21:16:38 | 002,925,480 | ---- | M] () -- C:\Users\jo\Documents\AutoRuns.arn [2011/01/04 20:22:32 | 000,000,036 | ---- | M] () -- C:\Users\jo\AppData\Local\housecall.guid.cache [2011/01/04 17:08:04 | 000,031,547 | ---- | M] () -- C:\Users\jo\Desktop\fig21.gif [2011/01/04 17:07:16 | 000,038,918 | ---- | M] () -- C:\Users\jo\Desktop\BarragesMap.gif [2011/01/04 16:27:27 | 000,042,853 | ---- | M] () -- C:\Users\jo\Desktop\praya_nakhon.jpg [2011/01/04 14:18:11 | 000,050,472 | ---- | M] () -- C:\Users\jo\Desktop\paris.jpg [2011/01/04 13:35:18 | 000,049,823 | ---- | M] () -- C:\Users\jo\Desktop\japon.jpg [2011/01/04 13:29:31 | 000,083,166 | ---- | M] () -- C:\Users\jo\Desktop\annecy.jpg [2011/01/03 19:19:36 | 005,762,661 | ---- | M] () -- C:\Users\jo\Desktop\croquis.psd [2010/12/30 17:27:20 | 000,016,425 | ---- | M] () -- C:\Windows\SysNative\Wacom_Tablet.dat [2010/12/28 16:11:31 | 005,143,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/12/17 03:08:08 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\PhotoLooks LooksBuilder.lnk [2010/12/16 00:10:53 | 000,000,132 | ---- | M] () -- C:\Users\jo\AppData\Roaming\Adobe BMP Format CS5 Prefs [2010/12/15 12:19:40 | 000,401,250 | ---- | M] () -- C:\Users\jo\Desktop\preview.htm [2010/12/13 21:36:06 | 000,041,048 | ---- | M] () -- C:\Users\jo\Desktop\anecy.jpg [2010/12/13 21:30:21 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Urban Terror (io).lnk [2010/12/13 17:47:16 | 000,001,636 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2010/12/13 17:02:36 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2010/12/13 17:02:36 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2010/12/08 18:30:20 | 000,000,699 | ---- | M] () -- C:\Users\jo\Desktop\video du net - Raccourci.lnk [2010/12/08 18:29:41 | 000,000,806 | ---- | M] () -- C:\Users\jo\Desktop\Le PIED - Raccourci.lnk [2010/12/08 15:12:38 | 000,000,132 | ---- | M] () -- C:\Users\jo\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010/12/07 21:25:06 | 001,657,048 | ---- | M] () -- C:\Users\jo\Documents\BLANC.blend [2010/12/07 20:53:10 | 001,686,032 | ---- | M] () -- C:\Users\jo\Documents\BLANC.blend1 [2010/12/07 13:50:28 | 004,061,184 | ---- | M] () -- C:\Windows\SysWow64\PhotoLooksRenderer.dll [2010/12/07 13:45:04 | 004,768,256 | ---- | M] () -- C:\Windows\SysNative\PhotoLooksRenderer_x64.dll ========== Files Created - No Company Name ========== [2011/01/05 18:22:46 | 000,001,901 | ---- | C] () -- C:\Users\jo\Desktop\AD-R.lnk [2011/01/05 16:29:41 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk [2011/01/05 16:29:41 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk [2011/01/05 16:29:41 | 000,000,996 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk [2011/01/05 16:01:12 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/01/04 21:16:38 | 002,925,480 | ---- | C] () -- C:\Users\jo\Documents\AutoRuns.arn [2011/01/04 20:22:32 | 000,000,036 | ---- | C] () -- C:\Users\jo\AppData\Local\housecall.guid.cache [2011/01/04 17:08:00 | 000,031,547 | ---- | C] () -- C:\Users\jo\Desktop\fig21.gif [2011/01/04 17:07:07 | 000,038,918 | ---- | C] () -- C:\Users\jo\Desktop\BarragesMap.gif [2011/01/04 16:27:27 | 000,042,853 | ---- | C] () -- C:\Users\jo\Desktop\praya_nakhon.jpg [2011/01/04 13:00:30 | 000,083,166 | ---- | C] () -- C:\Users\jo\Desktop\annecy.jpg [2011/01/04 12:59:29 | 000,049,823 | ---- | C] () -- C:\Users\jo\Desktop\japon.jpg [2011/01/04 12:58:48 | 000,050,472 | ---- | C] () -- C:\Users\jo\Desktop\paris.jpg [2011/01/03 19:02:46 | 005,762,661 | ---- | C] () -- C:\Users\jo\Desktop\croquis.psd [2010/12/17 03:08:08 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\PhotoLooks LooksBuilder.lnk [2010/12/16 00:10:53 | 000,000,132 | ---- | C] () -- C:\Users\jo\AppData\Roaming\Adobe BMP Format CS5 Prefs [2010/12/15 12:19:38 | 000,401,250 | ---- | C] () -- C:\Users\jo\Desktop\preview.htm [2010/12/13 21:36:05 | 000,041,048 | ---- | C] () -- C:\Users\jo\Desktop\anecy.jpg [2010/12/13 21:30:21 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Urban Terror (io).lnk [2010/12/13 17:47:16 | 000,001,636 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk [2010/12/13 17:02:36 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat [2010/12/08 18:30:20 | 000,000,699 | ---- | C] () -- C:\Users\jo\Desktop\video du net - Raccourci.lnk [2010/12/08 18:29:41 | 000,000,806 | ---- | C] () -- C:\Users\jo\Desktop\Le PIED - Raccourci.lnk [2010/12/07 20:53:10 | 001,686,032 | ---- | C] () -- C:\Users\jo\Documents\BLANC.blend1 [2010/12/07 20:53:10 | 001,657,048 | ---- | C] () -- C:\Users\jo\Documents\BLANC.blend [2010/12/07 13:50:28 | 004,061,184 | ---- | C] () -- C:\Windows\SysWow64\PhotoLooksRenderer.dll [2010/12/07 13:45:04 | 004,768,256 | ---- | C] () -- C:\Windows\SysNative\PhotoLooksRenderer_x64.dll [2010/12/04 13:51:54 | 000,000,132 | ---- | C] () -- C:\Users\jo\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010/11/25 21:48:02 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2010/10/12 16:01:16 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2010/09/22 17:30:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2010/09/22 17:30:28 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2010/06/03 16:28:50 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll [2010/06/03 15:59:17 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010/06/03 15:59:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010/06/03 15:59:16 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2010/06/03 15:59:16 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010/06/03 15:59:16 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010/06/03 15:59:15 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010/02/28 16:17:48 | 003,284,480 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010/11/17 13:23:14 | 000,000,318 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2010/12/14 12:46:10 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %appdata% *.exe /s > < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows.old\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows.old\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys < MD5 for: CDROM.SYS > [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows.old\Windows\System32\drivers\cdrom.sys [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows.old\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows.old\Windows\System32\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: CSRSS.EXE > [2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows.old\Windows\System32\csrss.exe [2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe [2009/07/14 02:39:02 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=60C2862B4BF0FD9F582EF344C2B1EC72 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3\csrss.exe < MD5 for: EXPLORER.EXE > [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\SysWOW64\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe [2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTORV.SYS > [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows.old\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NDIS.SYS > [2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows.old\Windows\System32\drivers\ndis.sys [2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys [2009/07/14 02:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows.old\Windows\System32\netlogon.dll [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\SysWOW64\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows.old\Windows\System32\drivers\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows.old\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\SysWOW64\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows.old\Windows\System32\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll < MD5 for: TCPIP.SYS > [2010/06/14 07:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys [2010/06/14 07:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys [2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows.old\Windows\System32\drivers\tcpip.sys [2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys [2009/07/14 02:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys < MD5 for: USERINIT.EXE > [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\System32\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows.old\Windows\System32\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\System32\winlogon.exe [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < %systemroot%\*. /mp /s > ========== Files - Unicode (All) ========== [2010/12/13 18:57:16 | 000,000,000 | ---D | M](C:\Users\jo\Documents\?? ???) -- C:\Users\jo\Documents\넥슨 플러그 [2010/12/13 18:57:16 | 000,000,000 | ---D | C](C:\Users\jo\Documents\?? ???) -- C:\Users\jo\Documents\넥슨 플러그 ========== Alternate Data Streams ========== @Alternate Data Stream - 1136 bytes -> C:\ProgramData\Microsoft:1UW8gEGvKcDUZoQNx0zgVL @Alternate Data Stream - 1118 bytes -> C:\ProgramData\Microsoft:I4pV9FpHXfnwpCUcWWzTKDNbVJk < End of report > et EXTRAS OTL Extras logfile created on: 05/01/2011 19:43:00 - Run 1 OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\jo\Desktop 64bit- Ultimate Edition N (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 72,00% Memory free 12,00 Gb Paging File | 10,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465,66 Gb Total Space | 341,14 Gb Free Space | 73,26% Space Free | Partition Type: NTFS Drive D: | 0,00 Mb Total Space | 0,00 Mb Free Space | NAN% Space Free | Partition Type: CDFS Drive E: | 931,51 Gb Total Space | 375,57 Gb Free Space | 40,32% Space Free | Partition Type: NTFS Drive F: | 232,82 Gb Total Space | 77,86 Gb Free Space | 33,44% Space Free | Partition Type: NTFS Drive G: | 100,00 Mb Total Space | 71,60 Mb Free Space | 71,60% Space Free | Partition Type: NTFS Drive H: | 3,76 Gb Total Space | 3,74 Gb Free Space | 99,63% Space Free | Partition Type: FAT32 Computer Name: JO-PC | User Name: jo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation) .js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found .txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 61 01 DA 5A 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0A3ED604-E1DD-4F50-9FF0-AACD8A66FA22}" = ESET Smart Security "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{21185083-5C3F-45E1-A52F-1279E0724967}" = iTunes "{27BAA191-CEB0-4F17-95FA-B44DD128375E}" = MobileMe Control Panel "{340910E2-118B-4C1E-AE83-5C8360C3880B}" = Magic Bullet Denoiser 64 bit "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3E2D0F27-4443-4C71-AE1B-CF8F248353AC}" = Magic Bullet Quick Looks Limited "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{7B397980-84A8-40F2-8E88-DFA50E516E8E}" = Magic Bullet PhotoLooks for Photoshop 64 bit "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "Blender" = Blender (remove only) "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{047400EA-A127-AA7E-5E82-9F9CCD0423B3}" = Player tuto.com "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support "{266517E6-D866-439D-919C-B8B1A52E6080}" = OpenOffice.org 3.2 "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00 "{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{626B3D60-A661-4444-AAF5-6C75E55936E8}" = Adobe Creative Suite 5 Production Premium "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX "{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver "{AC76BA86-7AD7-1036-7B44-AA0000000001}" = Adobe Reader X - Français "{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers "{B4ED5BD4-71B6-4905-25AE-18331859A3A7}" = MyBloomBox "{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = Désinst. LG PC Suite III "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = French App Name "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{E96D4088-AAC5-437F-9E39-EC0E387897B4}" = Autodesk 3ds Max 9 32-bit "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Ad-Remover" = Ad-Remover By C_XX "Ashampoo AudioCenter" = Ashampoo AudioCenter "ATnotes_is1" = ATnotes Version 9.5 "AviSynth" = AviSynth 2.5 "CameraWindowLauncher" = Canon Utilities CameraWindow "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "Canon RAW Codec" = Canon RAW Codec "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = French App Name "Combat Arms EU" = Combat Arms EU "DPP" = Canon Utilities Digital Photo Professional 3.8 "EOS Utility" = Canon Utilities EOS Utility "FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0 "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.9 "Freecorder Toolbar" = Freecorder Toolbar "Freecorder4.02B" = Freecorder 4.02B Application "Glary Utilities_is1" = Glary Utilities 2.29.0.1032 "GLVIEW3" = OpenGL Extensions Viewer 3.0 "InstallShield_{340910E2-118B-4C1E-AE83-5C8360C3880B}" = Magic Bullet Denoiser 64 bit "InstallShield_{3E2D0F27-4443-4C71-AE1B-CF8F248353AC}" = Magic Bullet Quick Looks Limited "InstallShield_{7B397980-84A8-40F2-8E88-DFA50E516E8E}" = Magic Bullet PhotoLooks for Photoshop 64 bit "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "mybloombox" = MyBloomBox "MyCamera" = Canon Utilities MyCamera "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "PSP Video 9" = PSP Video 9 5.03 "SEMC OMSI Module" = SEMC OMSI Module "Total Video Converter 3.11_is1" = Total Video Converter 3.11 "Urban Terror_is1" = Urban Terror 4.1 "VLC media player" = VLC media player 1.1.2 "Wacom Tablet Driver" = Tablette Wacom "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin "WeecastPlayer.A27AB7741756020517D10FDBA9AD7A2F55F5F984.1" = Player tuto.com "WFTK" = Canon Utilities WFT-E1/E2/E3/E4/E5 Utility "WinRAR archiver" = Archiveur WinRAR "XnView_is1" = XnView 1.97.6 "ZD Soft Screen Recorder" = ZD Soft Screen Recorder 4.1.3.0 "ZHPDiag_is1" = ZHPDiag 1.27 "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1766064798-3825573771-3055223879-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05/01/2011 10:44:58 | Computer Name = jo-PC | Source = RaySat_3dsmax9_32 Server | ID = 131074 Description = Error - 05/01/2011 10:52:58 | Computer Name = jo-PC | Source = RaySat_3dsmax9_32 Server | ID = 131074 Description = Error - 05/01/2011 10:55:45 | Computer Name = jo-PC | Source = RaySat_3dsmax9_32 Server | ID = 131074 Description = Error - 05/01/2011 11:05:33 | Computer Name = jo-PC | Source = RaySat_3dsmax9_32 Server | ID = 131074 Description = Error - 05/01/2011 11:06:14 | Computer Name = jo-PC | Source = Application Hang | ID = 1002 Description = Le programme mbam.exe version 1.50.1.3 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : f0c Heure de début : 01cbacea0b1877ab Heure de fin : 0 Chemin d’accès de l’application : C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ID de rapport : 54327566-18dd-11e0-a231-e0cb4ea689a4 Error - 05/01/2011 11:12:17 | Computer Name = jo-PC | Source = RaySat_3dsmax9_32 Server | ID = 131074 Description = Error - 05/01/2011 11:13:05 | Computer Name = jo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon la vérification par rapport à l’horloge système en cours ou le tampon daté dans le fichier signé. . Error - 05/01/2011 11:13:05 | Computer Name = jo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon la vérification par rapport à l’horloge système en cours ou le tampon daté dans le fichier signé. . Error - 05/01/2011 11:13:05 | Computer Name = jo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Échec de l’extraction de la liste racine tierce depuis le fichier CAB de mise à jour automatique à : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> avec l’erreur : Un certificat requis n’est pas dans sa période de validité selon la vérification par rapport à l’horloge système en cours ou le tampon daté dans le fichier signé. . Error - 05/01/2011 13:27:45 | Computer Name = jo-PC | Source = RaySat_3dsmax9_32 Server | ID = 131074 Description = [ System Events ] Error - 05/01/2011 13:24:07 | Computer Name = jo-PC | Source = Service Control Manager | ID = 7034 Description = Le service Autodesk Licensing Service s’est terminé de façon inattendue pour la 1ème fois. Error - 05/01/2011 13:24:07 | Computer Name = jo-PC | Source = Service Control Manager | ID = 7034 Description = Le service Service Bonjour s’est terminé de façon inattendue pour la 1ème fois. Error - 05/01/2011 13:24:07 | Computer Name = jo-PC | Source = Service Control Manager | ID = 7034 Description = Le service Emma Device Management s’est terminé de façon inattendue pour la 1ème fois. Error - 05/01/2011 13:24:07 | Computer Name = jo-PC | Source = Service Control Manager | ID = 7034 Description = Le service Emma Update Management s’est terminé de façon inattendue pour la 1ème fois. Error - 05/01/2011 13:24:07 | Computer Name = jo-PC | Source = Service Control Manager | ID = 7034 Description = Le service Sony Ericsson OMSI download service s’est terminé de façon inattendue pour la 1ème fois. Error - 05/01/2011 13:24:07 | Computer Name = jo-PC | Source = Service Control Manager | ID = 7034 Description = Le service TabletServiceWacom s’est terminé de façon inattendue pour la 1ème fois. Error - 05/01/2011 13:24:07 | Computer Name = jo-PC | Source = Service Control Manager | ID = 7031 Description = Le service Service Partage réseau du Lecteur Windows Media s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. Error - 05/01/2011 13:24:07 | Computer Name = jo-PC | Source = Service Control Manager | ID = 7034 Description = Le service Service de l’iPod s’est terminé de façon inattendue pour la 1ème fois. Error - 05/01/2011 13:24:07 | Computer Name = jo-PC | Source = Service Control Manager | ID = 7031 Description = Le service Windows Search s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service. Error - 05/01/2011 13:24:40 | Computer Name = jo-PC | Source = Service Control Manager | ID = 7032 Description = Le Gestionnaire de services de contrôle a essayé d’entreprendre une action corrective (Redémarrer le service) après la fin inattendue du service Windows Search, mais cette action a échoué en raison de l’erreur suivante : %%1056 < End of report > merci

merci voilà le SCAN ======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 03/01/11 à 14:20 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TeamXscript : AD-Remover - FindyKill - UsbFix C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 18:22:47 le 05/01/2011, Mode normal Microsoft Windows 7 Édition Intégrale N (X64) jo@JO-PC (System manufacturer System Product Name) ============== RECHERCHE ============== Dossier trouvé: C:\Users\jo\AppData\Roaming\Mozilla\FireFox\Profiles\8be4gsxv.default\conduit Dossier trouvé: C:\Users\jo\AppData\LocalLow\Conduit Dossier trouvé: C:\Program Files (x86)\Conduit Dossier trouvé: C:\Users\jo\AppData\LocalLow\PriceGong -- Fichier ouvert: C:\Users\jo\AppData\Roaming\Mozilla\FireFox\Profiles\8be4gsxv.default\Prefs.js -- Ligne trouvée: user_pref("CT1060933.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER... Ligne trouvée: user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106... Ligne trouvée: user_pref("browser.search.defaultengine", "Ask.com"); Ligne trouvée: user_pref("browser.search.defaultenginename", "Ask.com"); Ligne trouvée: user_pref("browser.search.order.1", "Ask.com"); -- Fichier Fermé -- Clé trouvée: HKLM\Software\Classes\Toolbar.CT1060933 Clé trouvée: HKLM\Software\Conduit Clé trouvée: HKCU\Software\Conduit Clé trouvée: HKCU\Software\AppDataLow\Toolbar Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit Clé trouvée: HKCU\Software\AppDataLow\Software\PriceGong Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [3.6.13 (fr)] ** -- C:\Users\jo\AppData\Roaming\Mozilla\FireFox\Profiles\8be4gsxv.default\Prefs.js -- browser.download.lastDir, C:\\Users\\jo\\Desktop browser.search.defaultenginename, Ask.com browser.search.selectedEngine, Google browser.startup.homepage_override.mstone, rv:1.9.2.13 ======================================== ** Internet Explorer Version [8.0.7600.16385] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Show_ToolBar: yes Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Use Search Asst: no [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Enable Browser Extensions: yes Local Page: C:\Windows\SysWOW64\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157 Use Search Asst: no [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files (x86)\Ad-Remover\Backup: 3 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 30/04/2010 (5436 Octet(s)) C:\Ad-Report-SCAN[1].txt - 30/04/2010 (3394 Octet(s)) Fin à: 18:23:21, 05/01/2011 ============== E.O.F ============== Et le CLEAN ======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 03/01/11 à 14:20 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TeamXscript : AD-Remover - FindyKill - UsbFix C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 18:23:59 le 05/01/2011, Mode normal Microsoft Windows 7 Édition Intégrale N (X64) jo@JO-PC (System manufacturer System Product Name) ============== ACTION(S) ============== Dossier supprimé: C:\Users\jo\AppData\Roaming\Mozilla\FireFox\Profiles\8be4gsxv.default\conduit Dossier supprimé: C:\Users\jo\AppData\LocalLow\Conduit Dossier supprimé: C:\Program Files (x86)\Conduit Dossier supprimé: C:\Users\jo\AppData\LocalLow\PriceGong (!) -- Fichiers temporaires supprimés. -- Fichier ouvert: C:\Users\jo\AppData\Roaming\Mozilla\FireFox\Profiles\8be4gsxv.default\Prefs.js -- Ligne supprimée: Ligne supprimée: Ligne supprimée: user_pref("CT1060933.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER... Ligne supprimée: user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106... Ligne supprimée: user_pref("browser.search.defaultengine", "Ask.com"); Ligne supprimée: user_pref("browser.search.defaultenginename", "Ask.com"); Ligne supprimée: user_pref("browser.search.order.1", "Ask.com"); -- Fichier Fermé -- Clé supprimée: HKLM\Software\Classes\Toolbar.CT1060933 Clé supprimée: HKLM\Software\Conduit Clé supprimée: HKCU\Software\Conduit Clé supprimée: HKCU\Software\AppDataLow\Toolbar Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} ============== SCAN ADDITIONNEL ============== ** Mozilla Firefox Version [3.6.13 (fr)] ** -- C:\Users\jo\AppData\Roaming\Mozilla\FireFox\Profiles\8be4gsxv.default\Prefs.js -- browser.download.lastDir, C:\\Users\\jo\\Desktop browser.search.selectedEngine, Google browser.startup.homepage_override.mstone, rv:1.9.2.13 ======================================== ** Internet Explorer Version [8.0.7600.16385] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Search Asst: no [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Enable Browser Extensions: yes Local Page: C:\Windows\SysWOW64\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ Use Search Asst: no [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 36 Fichier(s) C:\Program Files (x86)\Ad-Remover\Backup: 17 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 30/04/2010 (3605 Octet(s)) C:\Ad-Report-SCAN[1].txt - 30/04/2010 (3523 Octet(s)) Fin à: 18:24:37, 05/01/2011 ============== E.O.F ============== merci

merci pour la rapidité de la réponse voilà le rapport Rapport de ZHPDiag v1.27.1421 par Nicolas Coolman, Update du 16/12/2010 Run by jo at 05/01/2011 16:30:26 Web site : ZHPDiag Outil de diagnostic Contact : nicolascoolman@yahoo.fr ---\\ Web Browser MSIE: Internet Explorer v8.0.7600.16385 MFIE: Mozilla Firefox v3.6.13 (fr) (Defaut) ---\\ System Information Windows 7, 64-bit (Build 7600) Processor: Intel64 Family 6 Model 26 Stepping 5, GenuineIntel Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 6135 MB (73% free) System drive C: has 344 GB (73%) free of 466 GB ---\\ Logged in mode Computer Name: JO-PC User Name: jo All Users Names: jo, HomeGroupUser$, Administrateur, Unselected Option: O1,O45,O61,O62,O65,O82 Logged in as Administrator ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 344 Go of 466 Go) D:\ CD-ROM drive (Free 0 Go of 0 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 376 Go of 932 Go) F:\ Hard drive, Flash drive, Thumb drive (Free 78 Go of 233 Go) G:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) H:\ Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified ---\\ Recherche particulière de fichiers génériques [MD5.9AAAEC8DAC27AA17B053E6352AD233AE] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 07:34:59.) -- C:\Windows\Explorer.exe [2870272] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] ---\\ Processus lancés [MD5.2DC64A3446C8C6E020E781456B46573D] - (.Microsoft Corporation - Tablet PC Input Panel Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe [10240] [MD5.034AC2B2757FE6841AB092ECADA891B9] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [26102056] [MD5.EB19BA6FF599AC0491DE0338B8568EDC] - (.Sony Ericsson Mobile Communications AB - Sony Ericsson PC Suite.) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [434176] [MD5.0D67D271267F3B8175A0D2CEC2FB0A41] - (.Thomas Ascher - ATnotes.) -- C:\Program Files (x86)\ATnotes\ATnotes.exe [1015808] [MD5.569E547273C25B019054A12A40400ECE] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11318784] [MD5.52DB6CDAC5BC7A1FC884E97C41C91213] - (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248040] [MD5.4B723F33D7331F20E06F3A2FD76EC1D5] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11312128] [MD5.E3A584DFC135C03A232994A765BE85EF] - (.Applian Technologies, Inc. - FLV Service for Freecorder 4.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936] [MD5.EE38DDA58C47C9A83B0BD32EC78E54D8] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160] [MD5.DAE3169BD4116F9994D8B59A1038FAB2] - (.Pas de propriétaire - Pas de description.) -- C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe [1064960] [MD5.89CF33E9040E3CC39F097238D3D97032] - (.Skype Technologies - Skype Extras Manager.) -- C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe [78008] [MD5.5447AF432CDA61159ADDE218C468FFD9] - (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208] [MD5.806A8E35707BEA615B209001E544F0F0] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [620544] ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2) P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java Deploy.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 1.9.0042.0.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npLegitCheckPlugin.dll P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npnul32.dll P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.0.0.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\nppl3260.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin2.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin3.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin4.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin5.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin6.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npqtplugin7.dll P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - 6.0.12.732.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\nprpjplug.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll P2 - FPN: [HKLM] [@ngm.nexoneu.com/NxGame] - (.Nexon - Nexon Game Controller 1.0.0.1.) -- C:\ProgramData\NexonEU\NGM\npNxGameeu.dll P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.732] - (.RealNetworks, Inc. - RealPlayer LiveConnect-Enabled Plug-In.) -- C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.732] - (.RealNetworks, Inc. - 6.0.12.732.) -- C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll P2 - FPN: [HKLM] [@videolan.org/vlc,version=1.1.2] - (.the VideoLAN Team - Version 1.1.2, copyright 1996-2010 The VideoLAN Team<br><a href="http:.) -- C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll P2 - FPN: [HKLM] [@wacom.com/wacom-plugin,version=1.1.0.3] - (.Wacom, Inc. - Wacom Dynamic Link Library.) -- C:\Program Files (x86)\TabletPlugins\npwacom.dll P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\jo\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll M2 - MFEP: prefs.js [jo - 8be4gsxv.default\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [] Freecorder Toolbar v2.7.2.0 (.Conduit Ltd..) M2 - MFEP: prefs.js [jo - 8be4gsxv.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.8.1 (.Michel Gutierrez.) ---\\ Internet Explorer, Démarrage,Recherche,URSearchHook (R0,R1,R3) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 2, 2) -- C:\Program Files (x86)\Freecorder\tbFree.dll R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\SysWOW64\ieframe.dll R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} . (.Conduit Ltd. - Conduit Toolbar.) (5, 7, 2, 2) -- C:\Program Files (x86)\Freecorder\tbFree.dll ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2) F2 - REG:system.ini: UserInit=userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\Freecorder\tbFree.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\Freecorder\tbFree.dll ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Run: [Freecorder FLV Service] . (.Applian Technologies, Inc. - FLV Service for Freecorder 4.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [switchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKCU\..\Run: [sony Ericsson PC Suite] . (.Sony Ericsson Mobile Communications AB - Sony Ericsson PC Suite.) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe O4 - HKCU\..\Run: [ATnotes.exe] . (.Thomas Ascher - ATnotes.) -- C:\Program Files (x86)\ATnotes\ATnotes.exe O4 - HKCU\..\Run: [KPeerNexonEU] . (.NEXON Inc. - Pas de description.) -- C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKLM\..\Wow6432Node\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [Freecorder FLV Service] . (.Applian Technologies, Inc. - FLV Service for Freecorder 4.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [switchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-21-1766064798-3825573771-3055223879-1000\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-21-1766064798-3825573771-3055223879-1000\..\Run: [sony Ericsson PC Suite] . (.Sony Ericsson Mobile Communications AB - Sony Ericsson PC Suite.) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe O4 - HKUS\S-1-5-21-1766064798-3825573771-3055223879-1000\..\Run: [ATnotes.exe] . (.Thomas Ascher - ATnotes.) -- C:\Program Files (x86)\ATnotes\ATnotes.exe O4 - HKUS\S-1-5-21-1766064798-3825573771-3055223879-1000\..\Run: [KPeerNexonEU] . (.NEXON Inc. - Pas de description.) -- C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.) O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.) O4 - Global Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk . (.Pas de propriétaire.) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ---\\ Autres liens utilisateurs (O4) O4 - Global Startup: C:\Documents And Settings\jo\Desktop\Glary Utilities.lnk . (.Glarysoft Ltd.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe O4 - Global Startup: C:\Documents And Settings\jo\Desktop\Le PIED - Raccourci.lnk . (.Pas de propriétaire.) -- E:\02 Boulot\Le PIED O4 - Global Startup: C:\Documents And Settings\jo\Desktop\Media Player Classic.lnk . (.MPC-HC Team.) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe O4 - Global Startup: C:\Documents And Settings\jo\Desktop\Screen Recorder.lnk . (.ZD Soft, www.zdsoft.com.) -- C:\Program Files (x86)\ZD Soft\Screen Recorder\ScnRec.exe O4 - Global Startup: C:\Documents And Settings\jo\Desktop\video du net - Raccourci.lnk . (.Pas de propriétaire.) -- E:\video du net O4 - Global Startup: C:\Documents And Settings\jo\Desktop\Virtual Windows XP.lnk . (.Pas de propriétaire.) -- C:\Windows\system32\rundll32.exe O4 - Global Startup: C:\Documents And Settings\jo\Desktop\XnView.lnk . (.XnView, http://www.xnview.com.) -- C:\Program Files (x86)\XnView\xnview.exe O4 - Global Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\jo\Desktop\Glary Utilities.lnk . (.Glarysoft Ltd.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe O4 - Global Startup: C:\Users\jo\Desktop\Le PIED - Raccourci.lnk . (.Pas de propriétaire.) -- E:\02 Boulot\Le PIED O4 - Global Startup: C:\Users\jo\Desktop\Media Player Classic.lnk . (.MPC-HC Team.) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe O4 - Global Startup: C:\Users\jo\Desktop\Screen Recorder.lnk . (.ZD Soft, www.zdsoft.com.) -- C:\Program Files (x86)\ZD Soft\Screen Recorder\ScnRec.exe O4 - Global Startup: C:\Users\jo\Desktop\video du net - Raccourci.lnk . (.Pas de propriétaire.) -- E:\video du net O4 - Global Startup: C:\Users\jo\Desktop\Virtual Windows XP.lnk . (.Pas de propriétaire.) -- C:\Windows\system32\rundll32.exe O4 - Global Startup: C:\Users\jo\Desktop\XnView.lnk . (.XnView, http://www.xnview.com.) -- C:\Program Files (x86)\XnView\xnview.exe O4 - Global Startup: C:\Users\jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ashampoo AudioCenter.lnk . (.ashampoo Technology GmbH & Co. KG.) -- C:\Program Files (x86)\Ashampoo\Ashampoo AudioCenter\AudioCenter.exe O4 - Global Startup: C:\Users\jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk . (.Koyote Soft - Renan Broquin.) -- C:\Program Files (x86)\Free Audio Pack\FreeConverter\FreeConverter.exe O4 - Global Startup: C:\Users\jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - Global Startup: C:\Users\jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - Clé orpheline O4 - Global Startup: C:\Users\jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Total Video Player.lnk . (.Pas de propriétaire.) -- C:\Program Files (x86)\Total Video Converter\tvp.exe O4 - Global Startup: C:\Users\jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Clé orpheline O4 - Global Startup: C:\Users\jo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XnView.lnk . (.XnView, http://www.xnview.com.) -- C:\Program Files (x86)\XnView\xnview.exe ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - (.not file.) - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\icon.ico ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{9358FD4F-8A8A-4F2F-9368-1594BB14F078}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{C852FBF1-56F3-4FD4-987F-F603BB53788A}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{9358FD4F-8A8A-4F2F-9368-1594BB14F078}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{C852FBF1-56F3-4FD4-987F-F603BB53788A}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{C852FBF1-56F3-4FD4-987F-F603BB53788A}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ---\\ Protocole additionnel et piratage de protocole (O18) O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: (Autodesk Licensing Service) . (.Autodesk - System Level Service Utility.) - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: (ekrn) . (.ESET - ESET Service.) - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: (EmmaDevMgmtSvc) . (.Sony Ericsson Mobile Communications - Emma Device Management Service.) - C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe O23 - Service: (EmmaUpdMgmtSvc) . (.Sony Ericsson Mobile Communications - Emma Update Management Service.) - C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) . (.Pas de propriétaire - Pas de description.) - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: (nvsvc) - Clé orpheline O23 - Service: (OMSI download service) . (.Pas de propriétaire - Pas de description.) - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: (TabletServiceWacom) - Clé orpheline ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.) ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GlaryInitialize.job [MD5.5447AF432CDA61159ADDE218C468FFD9] [APT] [AdobeAAMUpdater-1.0-jo-PC-jo] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [MD5.8536F3768E1BFD2F8441C732EFE2DE2E] [APT] [GlaryInitialize] (.Glarysoft Ltd.) -- C:\Program Files (x86)\Glary Utilities\initialize.exe [MD5.034AC2B2757FE6841AB092ECADA891B9] [APT] [{50D6D04D-9386-470F-9ED7-D82F4B45D02D}] (.Skype Technologies S.A..) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [MD5.00000000000000000000000000000000] [APT] [{B9907203-D334-4EEC-AD13-481978AC78E7}] (.Pas de propriétaire.) -- C:\Program Files (x86)\BlaBla\unins000.exe (.not file.) [MD5.187E0D2AB859AD03393DDD731076BE81] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\regutils.dll O40 - ASIC: Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.1 r52.) -- C:\Windows\SysWOW64\Macromed\Flash\Flash10g.ocx ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys O41 - Driver: C:\Windows\system32\cscsvc.dll (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys O41 - Driver: (ehdrv) . (.ESET - ESET Helper driver.) - C:\Windows\System32\DRIVERS\ehdrv.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: (vpcnfltr) . (.Microsoft Corporation - Virtual PC Network Filter Driver.) - C:\Windows\System32\DRIVERS\vpcnfltr.sys O41 - Driver: C:\Windows\system32\drivers\vpcvmm.sys (vpcvmm) . (.Microsoft Corporation - Moniteur d'ordinateur virtuel Virtual PC.) - C:\Windows\System32\drivers\vpcvmm.sys O41 - Driver: (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys ---\\ Logiciels installés (O42) O42 - Logiciel: 3dsmax ancillary install - (.Autodesk.) [HKLM] -- {7C8B5E63-821A-4DFB-BDFA-19854D88EC5C} O42 - Logiciel: ATnotes Version 9.5 - (.Thomas Ascher.) [HKLM] -- ATnotes_is1 O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- {46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB} O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated.) [HKLM] -- chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 O42 - Logiciel: Adobe Community Help - (.Adobe Systems Incorporated.) [HKLM] -- {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7} O42 - Logiciel: Adobe Creative Suite 5 Production Premium - (.Adobe Systems Incorporated.) [HKLM] -- {626B3D60-A661-4444-AAF5-6C75E55936E8} O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems, Inc..) [HKLM] -- {6E9EF98E-259E-416D-B5F8-0ABDB99942CE} O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems, Inc..) [HKLM] -- {BC41C09D-FAA9-4346-9FE6-1E0017BC551A} O42 - Logiciel: Adobe Reader X - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA0000000001} O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {17424F35-8B77-4ADF-BC63-BF9B81418539} O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {C41300B9-185D-475E-BFEC-39EF732F19B1} O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver O42 - Logiciel: Ashampoo AudioCenter - (.Pas de propriétaire.) [HKLM] -- Ashampoo AudioCenter O42 - Logiciel: Autodesk 3ds Max 9 32-bit - (.Autodesk.) [HKLM] -- {E96D4088-AAC5-437F-9E39-EC0E387897B4} O42 - Logiciel: Autodesk DWF Viewer 7 - (.Autodesk, Inc..) [HKLM] -- {9A346205-EA92-4406-B1AB-50379DA3F057} O42 - Logiciel: AviSynth 2.5 - (.Pas de propriétaire.) [HKLM] -- AviSynth O42 - Logiciel: Backburner - (.Discreet.) [HKLM] -- {3D347E6D-5A03-4342-B5BA-6A771885F379} O42 - Logiciel: Canon MOV Decoder - (.Canon Inc..) [HKLM] -- Canon MOV Decoder O42 - Logiciel: Canon MOV Encoder - (.Canon Inc..) [HKLM] -- Canon MOV Encoder O42 - Logiciel: Canon MovieEdit Task for ZoomBrowser EX - (.Canon Inc..) [HKLM] -- MovieEditTask O42 - Logiciel: Canon RAW Codec - (.Canon Inc..) [HKLM] -- Canon RAW Codec O42 - Logiciel: Canon Utilities CameraWindow - (.Canon Inc..) [HKLM] -- CameraWindowLauncher O42 - Logiciel: Canon Utilities Digital Photo Professional 3.8 - (.Canon Inc..) [HKLM] -- DPP O42 - Logiciel: Canon Utilities EOS Utility - (.Canon Inc..) [HKLM] -- EOS Utility O42 - Logiciel: Canon Utilities MyCamera - (.Canon Inc..) [HKLM] -- MyCamera O42 - Logiciel: Canon Utilities PhotoStitch - (.Canon Inc..) [HKLM] -- PhotoStitch O42 - Logiciel: Canon Utilities Picture Style Editor - (.Canon Inc..) [HKLM] -- Picture Style Editor O42 - Logiciel: Canon Utilities WFT-E1/E2/E3/E4/E5 Utility - (.Canon Inc..) [HKLM] -- WFTK O42 - Logiciel: Canon Utilities ZoomBrowser EX - (.Canon Inc..) [HKLM] -- ZoomBrowser EX O42 - Logiciel: Canon ZoomBrowser EX Memory Card Utility - (.Canon Inc..) [HKLM] -- ZoomBrowser EX Memory Card Utility O42 - Logiciel: Combat Arms EU - (.Pas de propriétaire.) [HKLM] -- Combat Arms EU O42 - Logiciel: Désinst. LG PC Suite III - (.LG Electronics.) [HKLM] -- {D94BA408-F110-488B-A65E-3AE7945F79E6}_is1 O42 - Logiciel: Emma Core - (.Sony Ericsson.) [HKLM] -- {34BDF3BF-AA61-42E7-8818-C16A304910FC} O42 - Logiciel: FBX Plugin 2006.08 for Max 9.0 - (.Pas de propriétaire.) [HKLM] -- FBX Plugin 2006.08 for Max 9.0 O42 - Logiciel: Facebook Plug-In - (.Facebook, Inc..) [HKCU] -- Facebook Plug-In O42 - Logiciel: Free Mp3 Wma Converter V 1.9 - (.Koyote Soft.) [HKLM] -- Free Mp3 Wma Converter_is1 O42 - Logiciel: Freecorder 4.02B Application - (.Applian Technologies Inc..) [HKLM] -- Freecorder4.02B O42 - Logiciel: Freecorder Toolbar - (.Freecorder.) [HKLM] -- Freecorder Toolbar O42 - Logiciel: French App Name - (.Adobe Systems Incorporated.) [HKLM] -- com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 O42 - Logiciel: French App Name - (.Adobe Systems Incorporated.) [HKLM] -- {DE3A9DC5-9A5D-6485-9662-347162C7E4CA} O42 - Logiciel: Glary Utilities 2.29.0.1032 - (.Glarysoft Ltd.) [HKLM] -- Glary Utilities_is1 O42 - Logiciel: Java 6 Update 20 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216020FF} O42 - Logiciel: K-Lite Mega Codec Pack 5.9.0 - (.Pas de propriétaire.) [HKLM] -- KLiteCodecPack_is1 O42 - Logiciel: LG Bluetooth Drivers - (.LG Electronics.) [HKLM] -- {AC7EE5F1-0DE4-4256-8E43-92B73C8E6019} O42 - Logiciel: LG MC USB U330 driver - (.LG Electronics.) [HKLM] -- {ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9} O42 - Logiciel: LG USB Modem Drivers - (.LG Electronics.) [HKLM] -- {D137B59C-551C-4659-8AA8-206FA650BF40} O42 - Logiciel: MSXML 4.0 SP2 (KB927978) - (.Microsoft Corporation.) [HKLM] -- {37477865-A3F1-4772-AD43-AAFC6BCFF99F} O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} O42 - Logiciel: Magic Bullet Denoiser 64 bit - (.Red Giant Software.) [HKLM] -- InstallShield_{340910E2-118B-4C1E-AE83-5C8360C3880B} O42 - Logiciel: Magic Bullet PhotoLooks for Photoshop 64 bit - (.Red Giant Software.) [HKLM] -- InstallShield_{7B397980-84A8-40F2-8E88-DFA50E516E8E} O42 - Logiciel: Magic Bullet Quick Looks Limited - (.Red Giant Software.) [HKLM] -- InstallShield_{3E2D0F27-4443-4C71-AE1B-CF8F248353AC} O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1 O42 - Logiciel: Microsoft_VC80_ATL_x86 - (.Adobe.) [HKLM] -- {0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25} O42 - Logiciel: Microsoft_VC80_CRT_x86 - (.Adobe.) [HKLM] -- {92D58719-BBC1-4CC3-A08B-56C9E884CC2C} O42 - Logiciel: Microsoft_VC80_MFCLOC_x86 - (.Adobe.) [HKLM] -- {D92BBB52-82FF-42ED-8A3C-4E062F944AB7} O42 - Logiciel: Microsoft_VC80_MFC_x86 - (.Adobe.) [HKLM] -- {D1A19B02-817E-4296-A45B-07853FD74D57} O42 - Logiciel: Microsoft_VC90_ATL_x86 - (.Adobe.) [HKLM] -- {033E378E-6AD3-4AD5-BDEB-CBD69B31046C} O42 - Logiciel: Microsoft_VC90_CRT_x86 - (.Adobe.) [HKLM] -- {08D2E121-7F6A-43EB-97FD-629B44903403} O42 - Logiciel: Microsoft_VC90_MFC_x86 - (.Adobe.) [HKLM] -- {635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A} O42 - Logiciel: Mozilla Firefox (3.6.13) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.13) O42 - Logiciel: MyBloomBox - (.UNKNOWN.) [HKLM] -- mybloombox O42 - Logiciel: MyBloomBox - (.UNKNOWN.) [HKLM] -- {B4ED5BD4-71B6-4905-25AE-18331859A3A7} O42 - Logiciel: OpenGL Extensions Viewer 3.0 - (.Pas de propriétaire.) [HKLM] -- GLVIEW3 O42 - Logiciel: OpenOffice.org 3.2 - (.OpenOffice.org.) [HKLM] -- {266517E6-D866-439D-919C-B8B1A52E6080} O42 - Logiciel: PDF Settings CS5 - (.Adobe Systems Incorporated.) [HKLM] -- {A78FE97A-C0C8-49CE-89D0-EDD524A17392} O42 - Logiciel: PSP Video 9 5.03 - (.Red Kawa.) [HKLM] -- PSP Video 9 O42 - Logiciel: Player tuto.com - (.UNKNOWN.) [HKLM] -- WeecastPlayer.A27AB7741756020517D10FDBA9AD7A2F55F5F984.1 O42 - Logiciel: Player tuto.com - (.UNKNOWN.) [HKLM] -- {047400EA-A127-AA7E-5E82-9F9CCD0423B3} O42 - Logiciel: PxMergeModule - (.Your Company Name.) [HKLM] -- {024521CF-C07E-4F8E-8481-0D75695E03AF} O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {E7004147-2CCA-431C-AA05-2AB166B9785D} O42 - Logiciel: SEMC OMSI Module - (.Sony Ericsson Mobile Communications AB.) [HKLM] -- SEMC OMSI Module O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {981029E0-7FC9-4CF3-AB39-6F133621921A} O42 - Logiciel: Skype™ 4.2 - (.Skype Technologies S.A..) [HKLM] -- {D103C4BA-F905-437A-8049-DB24763BBE36} O42 - Logiciel: Sony Ericsson PC Suite 6.011.00 - (.Sony Ericsson.) [HKLM] -- {2FFE93F0-BB72-4E52-8761-354D1AAA9387} O42 - Logiciel: Tablette Wacom - (.Wacom Technology Corp..) [HKLM] -- Wacom Tablet Driver O42 - Logiciel: Total Video Converter 3.11 - (.EffectMatrix Inc..) [HKLM] -- Total Video Converter 3.11_is1 O42 - Logiciel: Urban Terror 4.1 - (.Frozen Sand LLC.) [HKLM] -- Urban Terror_is1 O42 - Logiciel: VLC media player 1.1.2 - (.VideoLAN.) [HKLM] -- VLC media player O42 - Logiciel: WebTablet IE Plugin - (.Wacom Technology Corp..) [HKLM] -- Wacom WebTabletPlugin for IE O42 - Logiciel: WebTablet Netscape Plugin - (.Wacom Technology Corp..) [HKLM] -- Wacom WebTabletPlugin for Netscape O42 - Logiciel: XnView 1.97.6 - (.Gougelet Pierre-e.) [HKLM] -- XnView_is1 O42 - Logiciel: ZD Soft Screen Recorder 4.1.3.0 - (.ZD Soft.) [HKLM] -- ZD Soft Screen Recorder ---\\ HKCU & HKLM Software Keys [HKCU\Software\ASIO] [HKCU\Software\Adobe] [HKCU\Software\AhnLab] [HKCU\Software\AppDataLow\Software\Conduit] [HKCU\Software\AppDataLow\Software\Freecorder] [HKCU\Software\AppDataLow\Software\Monitored] [HKCU\Software\AppDataLow\Software\PriceGong] [HKCU\Software\AppDataLow\Software\settings] [HKCU\Software\AppDataLow\Software] [HKCU\Software\AppDataLow\Toolbar] [HKCU\Software\AppDataLow] [HKCU\Software\Apple Computer, Inc.] [HKCU\Software\Apple Inc.] [HKCU\Software\ApplianTechnologies] [HKCU\Software\Ascher] [HKCU\Software\Ashampoo] [HKCU\Software\Ask&Record] [HKCU\Software\Autodesk] [HKCU\Software\Binary Noise] [HKCU\Software\CDDB] [HKCU\Software\CamStudioOpenSource for Nick] [HKCU\Software\Canon] [HKCU\Software\Canon_Inc_IC] [HKCU\Software\Classes] [HKCU\Software\Clients] [HKCU\Software\Conduit] [HKCU\Software\CoreVorbis] [HKCU\Software\DivXNetworks] [HKCU\Software\ESET] [HKCU\Software\GNU] [HKCU\Software\GSpot Appliance Corp] [HKCU\Software\Gabest] [HKCU\Software\GlarySoft] [HKCU\Software\Haali] [HKCU\Software\HookNetwork] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\Kamuse Inc.] [HKCU\Software\LG Electronics Inc] [HKCU\Software\LG Media Player] [HKCU\Software\Licenses] [HKCU\Software\LowRegistry] [HKCU\Software\MONOGRAM] [HKCU\Software\Macromedia] [HKCU\Software\MainConcept] [HKCU\Software\Malwarebytes' Anti-Malware] [HKCU\Software\Mantlepiece] [HKCU\Software\MediaInfo] [HKCU\Software\Minnetonka Audio Software] [HKCU\Software\MozillaPlugins] [HKCU\Software\NVIDIA Corporation] [HKCU\Software\Netscape] [HKCU\Software\OpenOffice.org] [HKCU\Software\PACE Anti-Piracy] [HKCU\Software\Policies] [HKCU\Software\RealNetworks] [HKCU\Software\Realtech.VR] [HKCU\Software\Red Giant Software] [HKCU\Software\RedGiantSoftware] [HKCU\Software\SWiSHzone.com] [HKCU\Software\Skype] [HKCU\Software\Sony Ericsson] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Wow6432Node] [HKCU\Software\ZD Soft] [HKCU\Software\madFlac] [HKLM\Software\Adobe Systems] [HKLM\Software\Adobe] [HKLM\Software\Apple Computer, Inc.] [HKLM\Software\Apple Inc.] [HKLM\Software\Applian Technologies] [HKLM\Software\Autodesk] [HKLM\Software\CDDB] [HKLM\Software\Canon] [HKLM\Software\Canon_Inc_IC] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\Codec Tweak Tool] [HKLM\Software\Conduit] [HKLM\Software\ESET] [HKLM\Software\FLEXlm License Manager] [HKLM\Software\Freecorder] [HKLM\Software\GNU] [HKLM\Software\Gabest] [HKLM\Software\Google] [HKLM\Software\HaaliMkx] [HKLM\Software\Intel] [HKLM\Software\InterVideo] [HKLM\Software\JavaSoft] [HKLM\Software\JreMetrics] [HKLM\Software\KLCodecPack] [HKLM\Software\Khronos] [HKLM\Software\LG Electronics Inc] [HKLM\Software\Logitech] [HKLM\Software\Macromedia] [HKLM\Software\Macrovision] [HKLM\Software\Malwarebytes' Anti-Malware] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\NexonEU] [HKLM\Software\Nexon] [HKLM\Software\ODBC] [HKLM\Software\OpenOffice.org] [HKLM\Software\Policies] [HKLM\Software\RealNetworks] [HKLM\Software\Red Giant Software] [HKLM\Software\RegisteredApplications] [HKLM\Software\S3R521] [HKLM\Software\Skype] [HKLM\Software\Sonic] [HKLM\Software\Sony Ericsson] [HKLM\Software\Sun Microsystems] [HKLM\Software\UrbanTerror] [HKLM\Software\VideoLAN] [HKLM\Software\Wacom] [HKLM\Software\XnView] [HKLM\Software\ashampoo] [HKLM\Software\iTinySoft] [HKLM\Software\ioUrbanTerror] [HKLM\Software\mozilla.org] [HKLM\Software\realtech VR] ---\\ Contenu des dossiers ProgramFiles/ProgramData (O43) O43 - CFD: 08/12/2010 - 11:52:24 ----D- C:\Program Files\Adobe O43 - CFD: 01/12/2010 - 17:06:40 ----D- C:\Program Files\Blender Foundation O43 - CFD: 25/09/2010 - 12:14:32 ----D- C:\Program Files\Bonjour O43 - CFD: 05/01/2011 - 15:49:40 ----D- C:\Program Files\Common Files O43 - CFD: 12/10/2010 - 16:53:58 ----D- C:\Program Files\DVD Maker O43 - CFD: 03/06/2010 - 16:07:42 ----D- C:\Program Files\ESET O43 - CFD: 03/06/2010 - 15:38:32 -SH-D- C:\Program Files\Fichiers communs O43 - CFD: 05/01/2011 - 15:51:52 ----D- C:\Program Files\Internet Explorer O43 - CFD: 13/11/2010 - 15:20:20 ----D- C:\Program Files\iPod O43 - CFD: 13/11/2010 - 15:20:30 ----D- C:\Program Files\iTunes O43 - CFD: 01/09/2009 - 02:32:50 ----D- C:\Program Files\Microsoft Games O43 - CFD: 14/07/2009 - 06:38:16 ----D- C:\Program Files\MSBuild O43 - CFD: 28/12/2010 - 18:20:18 ----D- C:\Program Files\NVIDIA Corporation O43 - CFD: 14/07/2009 - 06:38:16 ----D- C:\Program Files\Reference Assemblies O43 - CFD: 14/07/2009 - 06:07:44 --H-D- C:\Program Files\Uninstall Information O43 - CFD: 01/09/2009 - 01:54:30 ----D- C:\Program Files\Windows Defender O43 - CFD: 01/09/2009 - 02:32:56 ----D- C:\Program Files\Windows Journal O43 - CFD: 28/12/2010 - 16:09:48 ----D- C:\Program Files\Windows Mail O43 - CFD: 28/12/2010 - 16:09:38 ----D- C:\Program Files\Windows Media Player O43 - CFD: 03/06/2010 - 15:38:32 ----D- C:\Program Files\Windows NT O43 - CFD: 01/09/2009 - 01:54:30 ----D- C:\Program Files\Windows Photo Viewer O43 - CFD: 12/10/2010 - 16:53:58 ----D- C:\Program Files\Windows Portable Devices O43 - CFD: 01/09/2009 - 01:54:32 ----D- C:\Program Files\Windows Sidebar O43 - CFD: 14/06/2010 - 13:29:38 ----D- C:\Program Files\Windows XP Mode O43 - CFD: 25/11/2010 - 17:33:54 ----D- C:\Program Files\Common Files\Adobe O43 - CFD: 03/06/2010 - 18:42:46 ----D- C:\Program Files\Common Files\Apple O43 - CFD: 01/12/2010 - 17:07:04 ----D- C:\Program Files\Common Files\Microsoft Shared O43 - CFD: 25/11/2010 - 21:48:02 ----D- C:\Program Files\Common Files\PACE Anti-Piracy O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\Services O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 25/11/2010 - 21:48:02 ----D- C:\Program Files\Common Files\System O43 - CFD: 07/12/2010 - 18:12:12 ----D- C:\ProgramData\Adobe O43 - CFD: 08/07/2010 - 02:25:52 ----D- C:\ProgramData\Adobe Systems O43 - CFD: 25/11/2010 - 17:31:42 ----D- C:\ProgramData\ALM O43 - CFD: 03/06/2010 - 18:42:30 ----D- C:\ProgramData\Apple O43 - CFD: 03/06/2010 - 18:43:42 ----D- C:\ProgramData\Apple Computer O43 - CFD: 14/07/2009 - 06:08:12 -SH-D- C:\ProgramData\Application Data O43 - CFD: 04/12/2010 - 17:59:44 ----D- C:\ProgramData\Autodesk O43 - CFD: 03/06/2010 - 15:38:32 -SH-D- C:\ProgramData\Bureau O43 - CFD: 12/07/2010 - 18:49:34 ----D- C:\ProgramData\BVRP Software O43 - CFD: 14/07/2009 - 06:08:12 -SH-D- C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - 06:08:12 -SH-D- C:\ProgramData\Documents O43 - CFD: 03/06/2010 - 16:07:42 ----D- C:\ProgramData\ESET O43 - CFD: 03/06/2010 - 15:38:32 -SH-D- C:\ProgramData\Favoris O43 - CFD: 14/07/2009 - 06:08:12 -SH-D- C:\ProgramData\Favorites O43 - CFD: 24/11/2010 - 15:12:22 ----D- C:\ProgramData\FLEXnet O43 - CFD: 22/09/2010 - 17:30:46 ----D- C:\ProgramData\LGMOBILEAX O43 - CFD: 05/01/2011 - 14:24:42 ----D- C:\ProgramData\Malwarebytes O43 - CFD: 03/06/2010 - 15:38:32 -SH-D- C:\ProgramData\Menu Démarrer O43 - CFD: 05/01/2011 - 15:49:42 -S-AD- C:\ProgramData\Microsoft O43 - CFD: 03/06/2010 - 15:38:32 -SH-D- C:\ProgramData\Modèles O43 - CFD: 13/12/2010 - 18:57:18 ----D- C:\ProgramData\Nexon O43 - CFD: 13/12/2010 - 18:57:18 ----D- C:\ProgramData\NexonEU O43 - CFD: 28/12/2010 - 18:24:42 ----D- C:\ProgramData\NVIDIA O43 - CFD: 28/12/2010 - 18:19:52 ----D- C:\ProgramData\NVIDIA Corporation O43 - CFD: 25/11/2010 - 21:48:02 ----D- C:\ProgramData\PACE Anti-Piracy O43 - CFD: 28/12/2010 - 14:48:32 ----D- C:\ProgramData\realtech VR O43 - CFD: 25/11/2010 - 17:46:06 ----D- C:\ProgramData\regid.1986-12.com.adobe O43 - CFD: 03/06/2010 - 15:53:10 ----D- C:\ProgramData\Skype O43 - CFD: 05/09/2010 - 19:49:18 ----D- C:\ProgramData\Sony Ericsson O43 - CFD: 14/07/2009 - 06:08:12 -SH-D- C:\ProgramData\Start Menu O43 - CFD: 25/07/2010 - 16:53:40 ----D- C:\ProgramData\Sun O43 - CFD: 14/07/2009 - 06:08:12 -SH-D- C:\ProgramData\Templates O43 - CFD: 12/10/2010 - 16:25:12 ----D- C:\ProgramData\Windows Genuine Advantage O43 - CFD: 13/06/2010 - 21:41:00 ----D- C:\ProgramData\ZoomBrowser O43 - CFD: 25/11/2010 - 17:33:54 ----D- C:\Program Files\Common Files\Adobe O43 - CFD: 03/06/2010 - 18:42:46 ----D- C:\Program Files\Common Files\Apple O43 - CFD: 01/12/2010 - 17:07:04 ----D- C:\Program Files\Common Files\Microsoft Shared O43 - CFD: 25/11/2010 - 21:48:02 ----D- C:\Program Files\Common Files\PACE Anti-Piracy O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\Services O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files\Common Files\SpeechEngines O43 - CFD: 25/11/2010 - 21:48:02 ----D- C:\Program Files\Common Files\System O43 - CFD: 08/12/2010 - 11:52:08 ----D- C:\Program Files (x86)\Adobe O43 - CFD: 25/11/2010 - 17:05:00 ----D- C:\Program Files (x86)\Adobe Media Player O43 - CFD: 19/10/2010 - 13:44:58 ----D- C:\Program Files (x86)\adslTV O43 - CFD: 03/06/2010 - 18:42:56 ----D- C:\Program Files (x86)\Apple Software Update O43 - CFD: 12/10/2010 - 15:54:20 ----D- C:\Program Files (x86)\Ashampoo O43 - CFD: 15/11/2010 - 00:11:18 ----D- C:\Program Files (x86)\ATnotes O43 - CFD: 04/12/2010 - 17:59:30 ----D- C:\Program Files (x86)\Autodesk O43 - CFD: 27/08/2010 - 20:48:14 ----D- C:\Program Files (x86)\AviSynth 2.5 O43 - CFD: 25/09/2010 - 12:14:32 ----D- C:\Program Files (x86)\Bonjour O43 - CFD: 13/06/2010 - 22:00:48 ----D- C:\Program Files (x86)\Canon O43 - CFD: 05/01/2011 - 15:49:40 ----D- C:\Program Files (x86)\Common Files O43 - CFD: 19/10/2010 - 12:15:52 ----D- C:\Program Files (x86)\Conduit O43 - CFD: 12/10/2010 - 16:01:24 ----D- C:\Program Files (x86)\Free Audio Pack O43 - CFD: 19/10/2010 - 13:45:26 ----D- C:\Program Files (x86)\Freecorder O43 - CFD: 05/01/2011 - 15:51:42 ----D- C:\Program Files (x86)\Glary Utilities O43 - CFD: 17/12/2010 - 03:08:12 --H-D- C:\Program Files (x86)\InstallShield Installation Information O43 - CFD: 05/01/2011 - 15:51:52 ----D- C:\Program Files (x86)\Internet Explorer O43 - CFD: 13/11/2010 - 15:20:30 ----D- C:\Program Files (x86)\iTunes O43 - CFD: 25/07/2010 - 16:53:08 ----D- C:\Program Files (x86)\Java O43 - CFD: 25/07/2010 - 16:54:40 ----D- C:\Program Files (x86)\JRE O43 - CFD: 03/06/2010 - 16:21:04 ----D- C:\Program Files (x86)\K-Lite Codec Pack O43 - CFD: 11/11/2010 - 19:31:26 ----D- C:\Program Files (x86)\LG Electronics O43 - CFD: 17/12/2010 - 03:08:06 ----D- C:\Program Files (x86)\LooksBuilder O43 - CFD: 05/01/2011 - 16:01:14 ----D- C:\Program Files (x86)\Malwarebytes' Anti-Malware O43 - CFD: 05/01/2011 - 15:41:20 ----D- C:\Program Files (x86)\Microsoft Silverlight O43 - CFD: 04/01/2011 - 17:12:06 ----D- C:\Program Files (x86)\Microsoft SQL Server Compact Edition O43 - CFD: 05/01/2011 - 15:51:42 ----D- C:\Program Files (x86)\Mozilla Firefox O43 - CFD: 14/07/2009 - 06:38:16 ----D- C:\Program Files (x86)\MSBuild O43 - CFD: 11/11/2010 - 19:31:46 ----D- C:\Program Files (x86)\MSXML 4.0 O43 - CFD: 25/11/2010 - 17:04:40 ----D- C:\Program Files (x86)\My Company Name O43 - CFD: 10/11/2010 - 15:01:16 ----D- C:\Program Files (x86)\MyBloomBox O43 - CFD: 25/07/2010 - 16:54:38 ----D- C:\Program Files (x86)\OpenOffice.org 3 O43 - CFD: 01/12/2010 - 13:08:02 ----D- C:\Program Files (x86)\Player tuto.com O43 - CFD: 25/11/2010 - 16:04:20 ----D- C:\Program Files (x86)\QuickTime O43 - CFD: 28/12/2010 - 14:48:26 ----D- C:\Program Files (x86)\realtech VR O43 - CFD: 27/08/2010 - 20:47:38 ----D- C:\Program Files (x86)\Red Kawa O43 - CFD: 14/07/2009 - 06:38:16 ----D- C:\Program Files (x86)\Reference Assemblies O43 - CFD: 03/06/2010 - 15:53:20 R---D- C:\Program Files (x86)\Skype O43 - CFD: 05/09/2010 - 19:49:24 ----D- C:\Program Files (x86)\Sony Ericsson O43 - CFD: 03/06/2010 - 15:49:44 ----D- C:\Program Files (x86)\Tablet O43 - CFD: 03/06/2010 - 15:49:48 ----D- C:\Program Files (x86)\TabletPlugins O43 - CFD: 25/11/2010 - 23:29:30 ----D- C:\Program Files (x86)\Total Video Converter O43 - CFD: 14/07/2009 - 06:08:22 --H-D- C:\Program Files (x86)\Uninstall Information O43 - CFD: 28/12/2010 - 18:27:40 ----D- C:\Program Files (x86)\UrbanTerror O43 - CFD: 01/12/2010 - 15:18:48 ----D- C:\Program Files (x86)\VideoLAN O43 - CFD: 01/09/2009 - 01:54:32 ----D- C:\Program Files (x86)\Windows Defender O43 - CFD: 05/01/2011 - 15:41:20 ----D- C:\Program Files (x86)\Windows Live O43 - CFD: 28/12/2010 - 16:09:48 ----D- C:\Program Files (x86)\Windows Mail O43 - CFD: 28/12/2010 - 16:09:38 ----D- C:\Program Files (x86)\Windows Media Player O43 - CFD: 14/07/2009 - 06:38:16 ----D- C:\Program Files (x86)\Windows NT O43 - CFD: 01/09/2009 - 01:54:32 ----D- C:\Program Files (x86)\Windows Photo Viewer O43 - CFD: 12/10/2010 - 16:53:56 ----D- C:\Program Files (x86)\Windows Portable Devices O43 - CFD: 01/09/2009 - 01:54:32 ----D- C:\Program Files (x86)\Windows Sidebar O43 - CFD: 14/06/2010 - 13:32:26 ----D- C:\Program Files (x86)\Windows Virtual PC O43 - CFD: 14/07/2010 - 23:00:16 ----D- C:\Program Files (x86)\WinRAR O43 - CFD: 22/08/2010 - 16:43:24 ----D- C:\Program Files (x86)\XnView O43 - CFD: 01/12/2010 - 16:24:36 ----D- C:\Program Files (x86)\ZD Soft O43 - CFD: 05/01/2011 - 16:30:34 ----D- C:\Program Files (x86)\ZHPDiag O43 - CFD: 07/12/2010 - 18:10:28 ----D- C:\Program Files (x86)\Common Files\Adobe O43 - CFD: 30/11/2010 - 19:10:08 ----D- C:\Program Files (x86)\Common Files\Adobe AIR O43 - CFD: 14/07/2010 - 23:04:14 ----D- C:\Program Files (x86)\Common Files\Adobe Systems Shared O43 - CFD: 13/11/2010 - 15:20:20 ----D- C:\Program Files (x86)\Common Files\Apple O43 - CFD: 04/12/2010 - 17:59:28 ----D- C:\Program Files (x86)\Common Files\Autodesk Shared O43 - CFD: 12/06/2010 - 22:53:02 ----D- C:\Program Files (x86)\Common Files\Canon O43 - CFD: 11/11/2010 - 19:31:12 ----D- C:\Program Files (x86)\Common Files\InstallShield O43 - CFD: 25/07/2010 - 16:53:40 ----D- C:\Program Files (x86)\Common Files\Java O43 - CFD: 01/09/2009 - 01:54:32 ----D- C:\Program Files (x86)\Common Files\microsoft shared O43 - CFD: 25/11/2010 - 17:04:40 ----D- C:\Program Files (x86)\Common Files\PX Storage Engine O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files (x86)\Common Files\Services O43 - CFD: 03/06/2010 - 15:53:10 ----D- C:\Program Files (x86)\Common Files\Skype O43 - CFD: 25/11/2010 - 17:04:40 ----D- C:\Program Files (x86)\Common Files\Sonic Shared O43 - CFD: 05/09/2010 - 19:49:30 ----D- C:\Program Files (x86)\Common Files\Sony Ericsson O43 - CFD: 14/07/2009 - 04:20:10 ----D- C:\Program Files (x86)\Common Files\SpeechEngines O43 - CFD: 01/09/2009 - 01:54:32 ----D- C:\Program Files (x86)\Common Files\System O43 - CFD: 04/01/2011 - 17:02:02 ----D- C:\Program Files (x86)\Common Files\Windows Live ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.5A0E0FD9A911867F25A457DB853EB101] - 05/01/2011 - 16:19:24 --HA- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [13456] O44 - LFC:[MD5.5A0E0FD9A911867F25A457DB853EB101] - 05/01/2011 - 16:19:24 --HA- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [13456] O44 - LFC:[MD5.B7B5D4EC48842D043FB77B085957A5B4] - 05/01/2011 - 16:16:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\PerfStringBackup.INI [1524562] O44 - LFC:[MD5.5ED368D061F41B1B21171858264AC0F0] - 05/01/2011 - 16:16:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfc009.dat [103908] O44 - LFC:[MD5.38315FFDB3FD8BA2B67DE33563BE3F9C] - 05/01/2011 - 16:16:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfc00C.dat [128112] O44 - LFC:[MD5.0A4FEC1704B25F56BB1201065478A486] - 05/01/2011 - 16:16:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfh009.dat [607530] O44 - LFC:[MD5.2F1E5731A8DEAC32FF8D27051831ED80] - 05/01/2011 - 16:16:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\perfh00C.dat [696612] O44 - LFC:[MD5.6A9813FDF361C6A0B85FDC459F7016CF] - 05/01/2011 - 16:12:11 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\setupact.log [38103] O44 - LFC:[MD5.7DC94D8DDE82C3C24356BF1470BAC3E1] - 05/01/2011 - 16:12:10 -S-A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.09000000000000000000000028EE1800] - 05/01/2011 - 16:11:17 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\WindowsUpdate.log [1172388] O44 - LFC:[MD5.C0224AC6AC450FCD0482D01533E2B7E0] - 05/01/2011 - 14:05:53 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\ComboFix.txt [19958] O44 - LFC:[MD5.E4F14C7D795B3511C3BED29541CFF48B] - 05/01/2011 - 13:30:30 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\FyK.txt [1741] O44 - LFC:[MD5.005291136D455B9EE98634F6162A4EB4] - 05/01/2011 - 13:27:35 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\FindyKill_Upload_Me_jo-PC.zip [798] O44 - LFC:[MD5.186BE46AAF4D45644D86993CFD9C2AAB] - 05/01/2011 - 11:07:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-CLEAN[1].txt [5436] O44 - LFC:[MD5.3E771814D56B3EB9FD3FA987B7AD1C5F] - 05/01/2011 - 11:04:09 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Ad-Report-SCAN[1].txt [4466] O44 - LFC:[MD5.E071902BEED1411211CFD2C8339D4A1C] - 30/12/2010 - 17:27:20 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\Wacom_Tablet.dat [16425] O44 - LFC:[MD5.7EA6D6F53154557D17500A2C992A75DB] - 28/12/2010 - 18:24:28 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\PFRO.log [4116] O44 - LFC:[MD5.8BC51B9A06134EE997E500E968968D97] - 28/12/2010 - 16:14:51 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\msxml4-KB973688-enu.LOG [281054] O44 - LFC:[MD5.EF8B435414CEBF182D2F001D4C52C3D6] - 28/12/2010 - 16:14:42 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\msxml4-KB954430-enu.LOG [285732] O44 - LFC:[MD5.5EBF8B71D37F65997EA913275C33CB2C] - 28/12/2010 - 16:11:31 ---A- . (.Pas de propriétaire - Pas de description.) -- C:\Windows\SysNative\FNTCACHE.DAT [5143896] O44 - LFC:[MD5.8A7A52A9024E5343C531DA37E867890E] - 28/12/2010 - 15:00:25 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\SysNative\atmlib.dll [46080] O44 - LFC:[MD5.8A7A52A9024E5343C531DA37E867890E] - 28/12/2010 - 15:00:25 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll [34304] O44 - LFC:[MD5.B2BE9288DC4C3A8532FACCAB7191F71A] - 28/12/2010 - 15:00:25 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\SysNative\atmfd.dll [367104] O44 - LFC:[MD5.B2BE9288DC4C3A8532FACCAB7191F71A] - 28/12/2010 - 15:00:25 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [294400] O44 - LFC:[MD5.20DD38604E8A4CC9FC2E69B0F3A0383D] - 13/12/2010 - 17:02:36 ---A- . (.NEXON Inc. - Pas de description.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [446464] ---\\ Déni du service (Local Security Authority) (LSA) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll ---\\ MountPoints2 Shell Key (MPSK) (O51) O51 - MPSK:{6b67ff4a-766b-11df-afd1-e0cb4ea689a4}\Shell\AutoRun\command. (.Pas de propriétaire - Pas de description.) -- "K:\WD SmartWare.exe (.not file.) ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \Drivers32\"vidc.iv41"="Ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\Windows\System32\Ir41_32.ax O52 - TDSD: \Drivers32\"vidc.iv50"="Ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\Windows\System32\Ir50_32.dll O52 - TDSD: \Drivers32\"vidc.i263"="i263_32.drv" . (.Intel Corporation - Intel I.263 Video Driver 2.55.012.) -- C:\Windows\System32\i263_32.drv O52 - TDSD: \Drivers32\"msacm.l3fhg"="mp3fhg.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Audio Layer-3 Codec for MSACM.) -- C:\Windows\System32\mp3fhg.acm O52 - TDSD: \Drivers32\"msacm.divxa32"="divxa32.acm" . (.Kristal Studi - DivX WMA Audi.) -- C:\Windows\System32\divxa32.acm O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\x264vfw.dll O52 - TDSD: \Drivers32\"VIDC.DIVX"="divx.dll" . (.DivX, Inc. - DivX.) -- C:\Windows\System32\divx.dll O52 - TDSD: \Drivers32\"VIDC.VP60"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \Drivers32\"VIDC.VP61"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \Drivers32\"VIDC.VP62"="vp6vfw.dll" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \Drivers32\"VIDC.VP70"="vp7vfw.dll" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp7vfw.dll O52 - TDSD: \Drivers32\"VIDC.XVID"="xvidvfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\xvidvfw.dll O52 - TDSD: \Drivers32\"VIDC.HFYU"="huffyuv.dll" . (.Disappearing Inc. - Huffyuv lossless video codec.) -- C:\Windows\System32\huffyuv.dll O52 - TDSD: \Drivers32\"VIDC.YV12"="yv12vfw.dll" . (.www.helixcommunity.org - Helix YV12 YUV Codec.) -- C:\Windows\System32\yv12vfw.dll O52 - TDSD: \Drivers32\"msacm.ac3acm"="ac3acm.acm" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm O52 - TDSD: \Drivers32\"msacm.lameacm"="lameACM.acm" . (.http://www.mp3dev.org/ - Lame MP3 codec engine.) -- C:\Windows\System32\lameACM.acm O52 - TDSD: \Drivers32\"VIDC.FFDS"="ff_vfw.dll" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ff_vfw.dll O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\SysWOW64\l3codeca.acm" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"Ir41_32.ax"="Indeo® video 4.5" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"Ir50_32.dll"="Indeo® video 5.1" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"i263_32.drv"="Intel I.263 Video Driver 2.55.1.16" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"mp3fhg.acm"="Fraunhofer IIS MPEG Layer-3 Codec (Professional) v3.3.2" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"divxa32.acm"="DivX WMA" . (.Kristal Studi - DivX WMA Audi.) -- C:\Windows\System32\divxa32.acm O52 - TDSD: \drivers.desc\"x264vfw.dll"="x264 H.264 Video Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"divx.dll"="DivX 6.8.5" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"vp6vfw.dll"="On2 VP6" . (.On2.com - VP6 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp6vfw.dll O52 - TDSD: \drivers.desc\"vp7vfw.dll"="On2 VP7" . (.On2.com - VP70 VIDEO FOR WINDOWS CODEC.) -- C:\Windows\System32\vp7vfw.dll O52 - TDSD: \drivers.desc\"xvidvfw.dll"="Xvid MPEG-4 Video Codec 1.2.2" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"lameACM.acm"="Lame ACM MP3 CODEC v3.98.2" . (.Pas de propriétaire - Pas de description.) -- (.not file.) O52 - TDSD: \drivers.desc\"huffyuv.dll"="Huffyuv lossless codec" . (.Disappearing Inc. - Huffyuv lossless video codec.) -- C:\Windows\System32\huffyuv.dll O52 - TDSD: \drivers.desc\"ac3acm.acm"="AC-3 ACM Codec" . (.fccHandler - AC-3 ACM Codec.) -- C:\Windows\System32\ac3acm.acm O52 - TDSD: \drivers.desc\"ff_vfw.dll"="ffdshow video encoder" . (.Pas de propriétaire - Pas de description.) -- C:\Windows\System32\ff_vfw.dll O52 - TDSD: \drivers.desc\"C:\Windows\SysWOW64\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\system32\credssp.dll ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"= O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"= O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0 ---\\ Liste des Drivers Système (SDL) (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\system32\drivers\adp94xx.sys [491088] O58 - SDL:[MD5.597F78224EE9224EA1A13D6350CED962] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) -- C:\Windows\system32\drivers\adpahci.sys [339536] O58 - SDL:[MD5.E109549C90F62FB570B9540C4B148E54] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) -- C:\Windows\system32\drivers\adpu320.sys [182864] O58 - SDL:[MD5.5812713A477A3AD7363C7438CA2EE038] - 14/07/2009 - 02:52:21 ---A- . (.Acer Laboratories Inc. - ALi mini IDE Driver.) -- C:\Windows\system32\drivers\aliide.sys [15440] O58 - SDL:[MD5.7A4B413614C055935567CF88A9734D38] - 14/07/2009 - 02:52:21 ---A- . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) -- C:\Windows\system32\drivers\amdsata.sys [106576] O58 - SDL:[MD5.F67F933E79241ED32FF46A4F29B5120B] - 14/07/2009 - 02:52:20 ---A- . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller Driver for Windows -.) -- C:\Windows\system32\drivers\amdsbs.sys [194128] O58 - SDL:[MD5.B4AD0CACBAB298671DD6F6EF7E20679D] - 14/07/2009 - 02:52:21 ---A- . (.Advanced Micro Devices - Storage Filter Driver.) -- C:\Windows\system32\drivers\amdxata.sys [28752] O58 - SDL:[MD5.C484F8CEB1717C540242531DB7845C4E] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) -- C:\Windows\system32\drivers\arc.sys [87632] O58 - SDL:[MD5.019AF6924AEFE7839F61C830227FE79C] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) -- C:\Windows\system32\drivers\arcsas.sys [97856] O58 - SDL:[MD5.03B7145C889603537E9FFEABB1AD1089] - 29/03/2005 - 00:30:38 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\system32\drivers\ASACPI.sys [8192] O58 - SDL:[MD5.CA0318D3FA86C173533685C2171C55AB] - 22/12/2006 - 20:05:52 ---A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\system32\drivers\athrxusb.sys [559104] O58 - SDL:[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - 10/06/2009 - 21:34:23 ---A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) -- C:\Windows\system32\drivers\b57nd60a.sys [270848] O58 - SDL:[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) -- C:\Windows\system32\drivers\BrFiltLo.sys [18432] O58 - SDL:[MD5.B114D3098E9BDB8BEA8B053685831BE6] - 10/06/2009 - 21:41:06 ---A- . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) -- C:\Windows\system32\drivers\BrFiltUp.sys [8704] O58 - SDL:[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - 14/07/2009 - 02:19:07 ---A- . (.Brother Industries Ltd. - Pilote Brother Série I/F (WDM).) -- C:\Windows\system32\drivers\BrSerId.sys [286720] O58 - SDL:[MD5.A6ECA2151B08A09CACECA35C07F05B42] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) -- C:\Windows\system32\drivers\BrSerWdm.sys [47104] O58 - SDL:[MD5.B79968002C277E869CF38BD22CD61524] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB MDM Driver.) -- C:\Windows\system32\drivers\BrUsbMdm.sys [14976] O58 - SDL:[MD5.A87528880231C54E75EA7A44943B38BF] - 10/06/2009 - 21:41:10 ---A- . (.Brother Industries Ltd. - Brother USB Serial Driver.) -- C:\Windows\system32\drivers\BrUsbSer.sys [14720] O58 - SDL:[MD5.3E5B191307609F7514148C6832BB0842] - 10/06/2009 - 21:34:28 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) -- C:\Windows\system32\drivers\bxvbda.sys [468480] O58 - SDL:[MD5.E19D3F095812725D88F9001985B94EDD] - 14/07/2009 - 02:52:31 ---A- . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\cmdide.sys [17488] O58 - SDL:[MD5.3AB77769EFEB99EECBADCBF3D44B91E7] - 07/04/2010 - 20:03:52 ---A- . (.ESET - Amon monitor.) -- C:\Windows\system32\drivers\eamonm.sys [163888] O58 - SDL:[MD5.FDBA3178662060496C6545666FC6BBE5] - 07/04/2010 - 20:07:10 ---A- . (.ESET - ESET Helper driver.) -- C:\Windows\system32\drivers\ehdrv.sys [139704] O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\system32\drivers\elxstor.sys [530496] O58 - SDL:[MD5.5E1F39388A1458399C0CF9455F52802C] - 07/04/2010 - 20:08:26 ---A- . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\system32\drivers\epfw.sys [169592] O58 - SDL:[MD5.2C872AD616B678BA562F133886027E11] - 07/04/2010 - 20:08:28 ---A- . (.ESET - ESET Personal Firewall NDIS filter.) -- C:\Windows\system32\drivers\epfwndis.sys [33608] O58 - SDL:[MD5.92920690DC7A0AA60B093F9397041472] - 07/04/2010 - 20:08:30 ---A- . (.ESET - ESET Personal Firewall driver.) -- C:\Windows\system32\drivers\epfwwfp.sys [50600] O58 - SDL:[MD5.DC5D737F51BE844D8C82C695EB17372F] - 10/06/2009 - 21:34:33 ---A- . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) -- C:\Windows\system32\drivers\evbda.sys [3286016] O58 - SDL:[MD5.E403AACF8C7BB11375122D2464560311] - 18/05/2009 - 12:17:08 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\Windows\system32\drivers\GEARAspiWDM.sys [34152] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\system32\drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.0886D440058F203EBA0E1825E4355914] - 14/07/2009 - 02:47:48 ---A- . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Driver.) -- C:\Windows\system32\drivers\HpSAMD.sys [77888] O58 - SDL:[MD5.D83EFB6FD45DF9D55E9A1AFC63640D50] - 14/07/2009 - 02:48:04 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) -- C:\Windows\system32\drivers\iaStorV.sys [410688] O58 - SDL:[MD5.5C18831C61933628F5BB0EA2675B9D21] - 14/07/2009 - 02:48:04 ---A- . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) -- C:\Windows\system32\drivers\iirsp.sys [44112] O58 - SDL:[MD5.565F93BB7C0361E61B3DAEA670C354D6] - 29/09/2009 - 08:15:00 ---A- . (.LG Electronics Inc. - LG BT 64 Bit Bus Enumerator.) -- C:\Windows\system32\drivers\lgbtbs64.sys [14848] O58 - SDL:[MD5.174803F2EEA3B22165DFE0E5A1F20685] - 29/09/2009 - 08:15:02 ---A- . (.LG Electronics Inc. - LG Bluetooth Transport Driver.) -- C:\Windows\system32\drivers\lgbtpt64.sys [16384] O58 - SDL:[MD5.678CB7B4D20D700E075B3B1054737008] - 08/07/2008 - 14:55:52 ---A- . (.MCCI Corporation - LG Mobile Driver.) -- C:\Windows\system32\drivers\lgmdbus.sys [115200] O58 - SDL:[MD5.D49BE8F07334F6D8A7BE07097E2D2121] - 08/07/2008 - 14:55:52 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\lgmdcm.sys [14848] O58 - SDL:[MD5.D49BE8F07334F6D8A7BE07097E2D2121] - 08/07/2008 - 14:55:52 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\lgmdcmnt.sys [14848] O58 - SDL:[MD5.620E7EDF1D6C5F882C4C7FCB13F0D45C] - 08/07/2008 - 14:55:54 ---A- . (.MCCI Corporation - LG Mobile USB WMC Modem Filter Driver.) -- C:\Windows\system32\drivers\lgmdmdfl.sys [18944] O58 - SDL:[MD5.BAAC03B6E2016B5A16977E7571411302] - 08/07/2008 - 14:55:54 ---A- . (.MCCI Corporation - LG Mobile USB WMC Modem WDM Driver.) -- C:\Windows\system32\drivers\lgmdmdm.sys [158720] O58 - SDL:[MD5.33CEC7F1FC47B05FAB306E88A2B68883] - 08/07/2008 - 14:55:54 ---A- . (.MCCI Corporation - LG Mobile USB WMC Device Management Driver.) -- C:\Windows\system32\drivers\lgmdmgmt.sys [137216] O58 - SDL:[MD5.9D2C14824A059EAD09809D359A4E9A04] - 08/07/2008 - 14:55:54 ---A- . (.MCCI Corporation - LG Mobile USB WMC OBEX Interface Device Driver.) -- C:\Windows\system32\drivers\lgmdobex.sys [136704] O58 - SDL:[MD5.F286FE6AC69C10E19933A2A389DF25F5] - 08/07/2008 - 14:55:54 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\lgmdwh.sys [15872] O58 - SDL:[MD5.F286FE6AC69C10E19933A2A389DF25F5] - 08/07/2008 - 14:55:54 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\lgmdwhnt.sys [15872] O58 - SDL:[MD5.ABF477857B7CED873362EC92C6CE10A7] - 29/09/2009 - 08:15:00 ---A- . (.LG Electronics Inc. - LG 64 bit Virtual Modem Driver.) -- C:\Windows\system32\drivers\lgvmdm64.sys [17408] O58 - SDL:[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_fc.sys [114752] O58 - SDL:[MD5.1047184A9FDC8BDBFF857175875EE810] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas.sys [106560] O58 - SDL:[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_sas2.sys [65600] O58 - SDL:[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) -- C:\Windows\system32\drivers\lsi_scsi.sys [115776] O58 - SDL:[MD5.3D3C4B63F11F63F50253E734F0ACE9F2] - 20/12/2010 - 18:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\system32\drivers\mbam.sys [24152] O58 - SDL:[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for.) -- C:\Windows\system32\drivers\megasas.sys [35392] O58 - SDL:[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - 14/07/2009 - 02:48:04 ---A- . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) -- C:\Windows\system32\drivers\MegaSR.sys [284736] O58 - SDL:[MD5.81B8D0C1CE44A7FDBD596B693783950C] - 10/06/2009 - 21:35:38 ---A- . (.Ralink Technology, Corp. - Ralink 802.11 USB Wireless Adapter Driver.) -- C:\Windows\system32\drivers\netr7364.sys [707072] O58 - SDL:[MD5.77889813BE4D166CDAB78DDBA990DA92] - 14/07/2009 - 02:48:26 ---A- . (.IBM Corporation - IBM ServeRAID Controller Driver.) -- C:\Windows\system32\drivers\nfrd960.sys [51264] O58 - SDL:[MD5.E55CAB397F77D5208DB18A78B1B7C0D5] - 10/07/2010 - 05:38:00 ---A- . (.NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 258.96.) -- C:\Windows\system32\drivers\nvlddmkm.sys [13187176] O58 - SDL:[MD5.3E38712941E9BB4DDBEE00AFFE3FED3D] - 14/07/2009 - 02:48:27 ---A- . (.NVIDIA Corporation - NVIDIA® nForce RAID Driver.) -- C:\Windows\system32\drivers\nvraid.sys [149056] O58 - SDL:[MD5.477DC4D6DEB99BE37084C9AC6D013DA1] - 14/07/2009 - 02:45:45 ---A- . (.NVIDIA Corporation - NVIDIA® nForce Sata Performance Driver.) -- C:\Windows\system32\drivers\nvstor.sys [167488] O58 - SDL:[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - 14/07/2009 - 02:45:46 ---A- . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) -- C:\Windows\system32\drivers\ql2300.sys [1524816] O58 - SDL:[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - 14/07/2009 - 02:45:45 ---A- . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) -- C:\Windows\system32\drivers\ql40xx.sys [128592] O58 - SDL:[MD5.4B42BC58294E83A6A92EC8B88C14C4A3] - 23/06/2010 - 09:10:56 ---A- . (.Realtek - Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver.) -- C:\Windows\system32\drivers\Rt64win7.sys [344680] O58 - SDL:[MD5.301FBA4594FB5C0A469299A65106B4AA] - 25/03/2009 - 15:48:00 ---A- . (.MCCI Corporation - Sony Ericsson Device 1018 Driver.) -- C:\Windows\system32\drivers\s1018bus.sys [113704] O58 - SDL:[MD5.7AB18E2E23108C9664A100748AE7001F] - 25/03/2009 - 15:48:00 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s1018cm.sys [14888] O58 - SDL:[MD5.7AB18E2E23108C9664A100748AE7001F] - 25/03/2009 - 15:48:00 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s1018cmnt.sys [14888] O58 - SDL:[MD5.E212C8B9C2225E92DC920FD7DBDF20EC] - 25/03/2009 - 15:48:00 ---A- . (.MCCI Corporation - Ericsson Mobile Platform S1018 USB WMC Extended Ethernet (WDM c.) -- C:\Windows\system32\drivers\s1018cr.sys [13864] O58 - SDL:[MD5.D1D7C744F79710357E60FC04D125ED01] - 25/03/2009 - 15:48:00 ---A- . (.MCCI Corporation - Sony Ericsson Device 1018 USB WMC Modem Filter Driver.) -- C:\Windows\system32\drivers\s1018mdfl.sys [19496] O58 - SDL:[MD5.7DBE12CCCD837D4266B2DDD80A329C09] - 25/03/2009 - 15:48:00 ---A- . (.MCCI Corporation - Sony Ericsson Device 1018 USB WMC Modem WDM Driver.) -- C:\Windows\system32\drivers\s1018mdm.sys [153128] O58 - SDL:[MD5.065FF5E62D2D18A6D93FD925546CD549] - 25/03/2009 - 15:48:00 ---A- . (.MCCI Corporation - Sony Ericsson Device 1018 USB WMC Device Management Driver.) -- C:\Windows\system32\drivers\s1018mgmt.sys [133160] O58 - SDL:[MD5.5101D815BDF0D667E3D5F0EA727CAAEE] - 25/03/2009 - 15:48:00 ---A- . (.MCCI Corporation - Ericsson Mobile Platform S1018 USB WMC Extended Ethernet (NDIS.) -- C:\Windows\system32\drivers\s1018nd5.sys [34856] O58 - SDL:[MD5.13F220C65B444AC9BDA49DACFC3230BB] - 25/03/2009 - 15:48:00 ---A- . (.MCCI Corporation - Sony Ericsson Device 1018 USB WMC OBEX Interface Device Driver.) -- C:\Windows\system32\drivers\s1018obex.sys [128552] O58 - SDL:[MD5.CE7D8BCE80211D8A35F6BD7A87791860] - 25/03/2009 - 15:48:00 ---A- . (.MCCI Corporation - Sony Ericsson Device 1018 USB Ethernet Emulation.) -- C:\Windows\system32\drivers\s1018unic.sys [146472] O58 - SDL:[MD5.F2EBEECF94D91F8820F986B421AD5A81] - 25/03/2009 - 15:48:00 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s1018wh.sys [15912] O58 - SDL:[MD5.F2EBEECF94D91F8820F986B421AD5A81] - 25/03/2009 - 15:48:00 ---A- . (.MCCI Corporation - Windows 2000/XP support functions.) -- C:\Windows\system32\drivers\s1018whnt.sys [15912] O58 - SDL:[MD5.3EA8A16169C26AFBEB544E0E48421186] - 10/06/2009 - 21:37:19 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\Windows\system32\drivers\secdrv.sys [23040] O58 - SDL:[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - 14/07/2009 - 02:45:45 ---A- . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) -- C:\Windows\system32\drivers\sisraid2.sys [43584] O58 - SDL:[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - 14/07/2009 - 02:45:46 ---A- . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) -- C:\Windows\system32\drivers\sisraid4.sys [80464] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\system32\drivers\stexstor.sys [24656] O58 - SDL:[MD5.F724B03C3DFAACF08D17D38BF3333583] - 28/09/2010 - 15:44:52 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\system32\drivers\usbaapl64.sys [51712] O58 - SDL:[MD5.E5689D93FFE4E5D66C0178761240DD54] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) -- C:\Windows\system32\drivers\viaide.sys [17488] O58 - SDL:[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - 14/07/2009 - 02:45:55 ---A- . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) -- C:\Windows\system32\drivers\vsmraid.sys [161872] O58 - SDL:[MD5.37E4600E2CDAD3C1A3613A25B97D457C] - 24/01/2010 - 13:32:24 ---A- . (.Wacom Technology - Wacom HID Mouse Monitor Filter Driver.) -- C:\Windows\system32\drivers\wacmoumonitor.sys [18216] O58 - SDL:[MD5.E04D43C7D1641E95D35CAE6086C7E350] - 16/02/2007 - 09:12:36 ---A- . (.Wacom Technology - Wacom Mouse Filter Driver.) -- C:\Windows\system32\drivers\wacommousefilter.sys [12848] O58 - SDL:[MD5.EC1CEB237E365330C1FCFC4876AA0AC0] - 21/09/2009 - 14:29:22 ---A- . (.Wacom Technology - Virtual Hid Device.) -- C:\Windows\system32\drivers\wacomvhid.sys [16168] O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 18:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys [38224] O58 - SDL:[MD5.E974E1AA0B3F87F9044BEAAADFACF598] - 25/12/2009 - 17:50:54 ---A- . (.ZD Soft - ZD Soft Screen Capture Driver.) -- C:\Windows\SysWOW64\drivers\scncap.sys [9984] ---\\ Liste des outils de nettoyage (LATC) (O63) O63 - Logiciel: ZHPDiag 1.27 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O63 - Logiciel: RSIT - (.random/random.) ---\\ Liste des services Legacy (LALS) (O64) O64 - Services: CurCS - C:\Windows\system32\drivers\afd.sys (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD O64 - Services: CurCS - C:\Windows\system32\Drivers\BEEP.sys - (.not file.) - Beep (Beep) .(.Pas de propriétaire - Pas de description.) - LEGACY_BEEP O64 - Services: CurCS - C:\Windows\system32\browser.dll (bowser) .(.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) - LEGACY_BOWSER O64 - Services: CurCS - C:\Windows\System32\DRIVERS\cdfs.sys - CD/DVD File System Reader (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS O64 - Services: CurCS - C:\Windows\system32\clfs.sys (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS O64 - Services: CurCS - C:\Windows\System32\Drivers\cng.sys - CNG (CNG) .(.Microsoft Corporation - Kernel Cryptography, Next Generation.) - LEGACY_CNG O64 - Services: CurCS - C:\Windows\system32\cscsvc.dll (CSC) .(.Microsoft Corporation - DLL du service CSC.) - LEGACY_CSC O64 - Services: CurCS - C:\Windows\system32\drivers\dfsc.sys (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC O64 - Services: CurCS - C:\Windows\system32\drivers\discache.sys (discache) .(.Microsoft Corporation - System Indexer/Cache Driver.) - LEGACY_DISCACHE O64 - Services: CurCS - C:\Windows\system32\drivers\dxgkrnl.sys - LDDM Graphics Subsystem (DXGKrnl) .(.Microsoft Corporation - DirectX Graphics Kernel.) - LEGACY_DXGKRNL O64 - Services: CurCS - C:\Windows\System32\DRIVERS\eamonm.sys - eamonm (eamonm) .(.ESET - Amon monitor.) - LEGACY_EAMONM O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ehdrv.sys - ehdrv (ehdrv) .(.ESET - ESET Helper driver.) - LEGACY_EHDRV O64 - Services: CurCS - C:\Windows\System32\DRIVERS\epfw.sys - epfw (epfw) .(.ESET - ESET Personal Firewall driver.) - LEGACY_EPFW O64 - Services: CurCS - C:\Windows\System32\DRIVERS\epfwwfp.sys - epfwwfp (epfwwfp) .(.ESET - ESET Personal Firewall driver.) - LEGACY_EPFWWFP O64 - Services: CurCS - C:\Windows\system32\Drivers\FASTFAT.sys - (.not file.) - FAT12/16/32 File System Driver (fastfat) .(.Pas de propriétaire - Pas de description.) - LEGACY_FASTFAT O64 - Services: CurCS - C:\Windows\system32\drivers\fileinfo.sys (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO O64 - Services: CurCS - C:\Windows\system32\drivers\fltmgr.sys (FltMgr) .(.Microsoft Corporation - Gestionnaire de filtres de système de fichi.) - LEGACY_FLTMGR O64 - Services: CurCS - C:\Windows\system32\Drivers\FS_REC.sys - Fs_Rec (Fs_Rec) .(.Pas de propriétaire - Pas de description.) - LEGACY_FS_REC O64 - Services: CurCS - C:\Windows\system32\drivers\fvevol.sys (fvevol) .(.Microsoft Corporation - BitLocker Drive Encryption Driver.) - LEGACY_FVEVOL O64 - Services: CurCS - C:\Windows\system32\drivers\http.sys (HTTP) .(.Microsoft Corporation - HTTP Pile du protocole.) - LEGACY_HTTP O64 - Services: CurCS - C:\Windows\system32\drivers\hwpolicy.sys (hwpolicy) .(.Microsoft Corporation - Hardware Policy Driver.) - LEGACY_HWPOLICY O64 - Services: CurCS - C:\Windows\System32\Drivers\ksecdd.sys - KSecDD (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD O64 - Services: CurCS - C:\Windows\System32\Drivers\ksecpkg.sys - KSecPkg (KSecPkg) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECPKG O64 - Services: CurCS - C:\Windows\System32\DRIVERS\lltdio.sys - Link-Layer Topology Discovery Mapper I/O Driver (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO O64 - Services: CurCS - C:\Windows\system32\drivers\luafv.sys (luafv) .(.Microsoft Corporation - Pilote de filtre de virtualisation de fichi.) - LEGACY_LUAFV O64 - Services: CurCS - (.not file.) - MacDrive file system driver (MDFSYSNT) .(.Pas de propriétaire - Pas de description.) - LEGACY_MDFSYSNT O64 - Services: CurCS - C:\Windows\system32\drivers\mountmgr.sys (mountmgr) .(.Microsoft Corporation - Gestionnaire des points de montage.) - LEGACY_MOUNTMGR O64 - Services: CurCS - C:\Windows\system32\FirewallAPI.dll (mpsdrv) .(.Microsoft Corporation - API du Pare-feu Windows.) - LEGACY_MPSDRV O64 - Services: CurCS - C:\Windows\system32\wkssvc.dll (mrxsmb) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB O64 - Services: CurCS - C:\Windows\system32\wkssvc.dll (mrxsmb10) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB10 O64 - Services: CurCS - C:\Windows\system32\wkssvc.dll (mrxsmb20) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB20 O64 - Services: CurCS - C:\Windows\system32\Drivers\MSFS.sys - Msfs (Msfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_MSFS O64 - Services: CurCS - C:\Windows\System32\DRIVERS\msisadrv.sys - msisadrv (msisadrv) .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV O64 - Services: CurCS - C:\Windows\system32\drivers\mup.sys (Mup) .(.Microsoft Corporation - Multiple UNC Provider Driver.) - LEGACY_MUP O64 - Services: CurCS - C:\Windows\System32\DRIVERS\nwifi.sys - NativeWiFi Filter (NativeWifiP) .(.Microsoft Corporation - Pilote de miniport WiFi natif.) - LEGACY_NATIVEWIFIP O64 - Services: CurCS - C:\Windows\system32\drivers\ndis.sys (NDIS) .(.Microsoft Corporation - Pilote NDIS 6.20.) - LEGACY_NDIS O64 - Services: CurCS - C:\Windows\System32\DRIVERS\ndisuio.sys - NDIS Usermode I/O Protocol (Ndisuio) .(.Microsoft Corporation - Pilote d’E/S du mode utilisateur NDIS.) - LEGACY_NDISUIO O64 - Services: CurCS - C:\Windows\system32\Drivers\NDPROXY.sys - NDProxy (NDProxy) .(.Pas de propriétaire - Pas de description.) - LEGACY_NDPROXY O64 - Services: CurCS - C:\Windows\System32\DRIVERS\netbios.sys - NetBIOS Interface (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS O64 - Services: CurCS - C:\Windows\system32\drivers\netbt.sys (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT O64 - Services: CurCS - C:\Windows\system32\Drivers\NPFS.sys - Npfs (Npfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NPFS O64 - Services: CurCS - C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY O64 - Services: CurCS - C:\Windows\system32\Drivers\NTFS.sys - Ntfs (Ntfs) .(.Pas de propriétaire - Pas de description.) - LEGACY_NTFS O64 - Services: CurCS - C:\Windows\system32\Drivers\NULL.sys - Null (Null) .(.Pas de propriétaire - Pas de description.) - LEGACY_NULL O64 - Services: CurCS - C:\Windows\System32\drivers\pcw.sys - Performance Counters for Windows Driver (pcw) .(.Microsoft Corporation - Performance Counters for Windows Driver.) - LEGACY_PCW O64 - Services: CurCS - C:\Windows\System32\drivers\peauth.sys - PEAUTH (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH O64 - Services: CurCS - C:\Windows\system32\drivers\pacer.sys (Psched) .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED O64 - Services: CurCS - C:\Windows\system32\wkssvc.dll (rdbss) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_RDBSS O64 - Services: CurCS - C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD O64 - Services: CurCS - C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) .(.Microsoft Corporation - RDP Encoder Miniport.) - LEGACY_RDPENCDD O64 - Services: CurCS - C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) .(.Microsoft Corporation - RDP Reflector Driver Miniport.) - LEGACY_RDPREFMP O64 - Services: CurCS - C:\Windows\System32\DRIVERS\rspndr.sys - Link-Layer Topology Discovery Responder (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR O64 - Services: CurCS - C:\Windows\system32\Drivers\SECDRV.sys - (.not file.) - Security Driver (secdrv) .(.Pas de propriétaire - Pas de description.) - LEGACY_SECDRV O64 - Services: CurCS - C:\Windows\system32\Drivers\SPLDR.sys - (.not file.) - Security Processor Loader Driver (spldr) .(.Pas de propriétaire - Pas de description.) - LEGACY_SPLDR O64 - Services: CurCS - C:\Windows\system32\srvsvc.dll (srv) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV O64 - Services: CurCS - C:\Windows\system32\srvsvc.dll (srv2) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV2 O64 - Services: CurCS - C:\Windows\System32\DRIVERS\srvnet.sys - srvnet (srvnet) .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET O64 - Services: CurCS - C:\Windows\system32\vmstorfltres.dll (storflt) .(.Microsoft Corporation - Fichier DLL de ressources du filtre de stoc.) - LEGACY_STORFLT O64 - Services: CurCS - C:\Windows\system32\tcpipcfg.dll (Tcpip) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TCPIP O64 - Services: CurCS - C:\Windows\System32\drivers\tcpipreg.sys - TCP/IP Registry Compatibility (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG O64 - Services: CurCS - C:\Windows\system32\tcpipcfg.dll (tdx) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TDX O64 - Services: CurCS - C:\Windows\System32\DRIVERS\udfs.sys - udfs (udfs) .(.Microsoft Corporation - UDF File System Driver.) - LEGACY_UDFS O64 - Services: CurCS - C:\Windows\system32\drivers\vga.sys - VgaSave (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE O64 - Services: CurCS - C:\Windows\system32\drivers\volmgrx.sys (volmgrx) .(.Microsoft Corporation - Pilote d’extension du gestionnaire de volum.) - LEGACY_VOLMGRX O64 - Services: CurCS - C:\Windows\System32\DRIVERS\volsnap.sys - Volumes de stockage (volsnap) .(.Microsoft Corporation - Pilote de cliché instantané du volume.) - LEGACY_VOLSNAP O64 - Services: CurCS - C:\Windows\System32\DRIVERS\vpcnfltr.sys - Virtual PC Network Filter Driver (vpcnfltr) .(.Microsoft Corporation - Virtual PC Network Filter Driver.) - LEGACY_VPCNFLTR O64 - Services: CurCS - C:\Windows\System32\DRIVERS\vwififlt.sys - Virtual WiFi Filter Driver (vwififlt) .(.Microsoft Corporation - Virtual WiFi Filter Driver.) - LEGACY_VWIFIFLT O64 - Services: CurCS - C:\Windows\system32\rascfg.dll (Wanarpv6) .(.Microsoft Corporation - Objets de configuration RAS.) - LEGACY_WANARPV6 O64 - Services: CurCS - C:\Windows\System32\drivers\Wdf01000.sys - Kernel Mode Driver Frameworks service (Wdf01000) .(.Microsoft Corporation - Runtime de l’infrastructure de pilotes en m.) - LEGACY_WDF01000 O64 - Services: CurCS - C:\Windows\System32\DRIVERS\wfplwf.sys - WFP Lightweight Filter (WfpLwf) .(.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - LEGACY_WFPLWF O64 - Services: CurCS - C:\Windows\System32\drivers\WudfPf.sys - User Mode Driver Frameworks Platform Driver (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF ---\\ Observateur d'évènement d'application (OEA) (O66) O66 - EventLog: ID=1000 (Application Error) - (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe O66 - EventLog: ID=1000 (Application Error) - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe O66 - EventLog: ID=1000 (Application Error) - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O66 - EventLog: ID=1000 (Application Error) - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Blender Foundation\Blender\blender.exe O66 - EventLog: ID=1000 (Application Error) - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Pas de propriétaire - Pas de description.) -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Pas de propriétaire - Pas de description.) -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.) O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Pas de propriétaire - Pas de description.) -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: prefs.js [jo - 8be4gsxv.default] user_pref("CT1060933.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1060933&octid=EB_ORIGINAL_CTID&SearchSource=1"); O69 - SBI: prefs.js [jo - 8be4gsxv.default] user_pref("CT1060933.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q="); O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - {searchTerms} - Bing O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} [DefaultScope] - (Ask Search) - http://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=10168&src=crm&q={searchTerms}&locale=fr_FR&apn_ptnrs=GL&apn_dtid=YYYYYYYYFR&apn_uid=809E8B29-2069-4073-B939-4AE50F0B4F39&apn_sauid=2EFDD54E-EF1F-4E69-BCF8-6ED3BDCC553C ---\\ Recherche des services démarrés par Svchost (SSS) (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [0] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [0] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [0] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\system32\srvsvc.dll [0] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [0] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [0] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [0] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\System32\rasmans.dll [0] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [75264] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [49664] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [0] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [241664] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\System32\termsrv.dll [0] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\system32\wuaueng.dll [0] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [0] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [328192] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [0] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\system32\iscsiexe.dll [0] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\system32\schedsvc.dll [0] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\system32\sessenv.dll [99328] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\system32\wbem\WMIsvc.dll [0] O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Service Installation de logiciels.) -- C:\Windows\System32\appmgmts.dll [149504] ---\\ Recherche particuliere à la racine de certains dossiers (SPRF) (O84) [MD5.719AF0A81B65A4AEB4BA7BD6644BB1A7] [sPRF] (.Pas de propriétaire - Pas de description.) -- C:\Users\jo\AppData\Local\Temp\WLM2011Installer.exe [1289216] [MD5.64281AF23447705DAB84E1A198D920C7] [sPRF] (.Microsoft Corporation - Windows Live Installer.) -- C:\Users\jo\AppData\Local\Temp\WLM_2011.exe [1289576] ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 14/07/2010 72704 | "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe SR - | Auto 16/10/2010 37664 | "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 04/12/2010 72704 | "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk Licensing Service) . (.Autodesk.) - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe SR - | Auto 27/07/2010 345376 | "C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Bonjour Service) . (.Apple Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe SS - | Demand 07/04/2010 42336 | "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (EhttpSrv) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe SR - | Auto 07/04/2010 810120 | "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe SR - | Auto 01/07/2010 403064 | C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe (EmmaDevMgmtSvc) . (.Sony Ericsson Mobile Communications.) - C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe SR - | Auto 01/07/2010 193656 | C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe (EmmaUpdMgmtSvc) . (.Sony Ericsson Mobile Communications.) - C:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe SR - | Demand 11/11/2010 932640 | "C:\Program Files\iPod\bin\iPodService.exe (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Auto 29/09/2006 65536 | "C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (mi-raysat_3dsmax9_32) . (.Pas de propriétaire.) - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe SR - | Auto 29/09/2006 0 | C:\Windows\system32\nvvsvc.exe (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 30/04/2009 90112 | C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (OMSI download service) . (.Pas de propriétaire.) - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe SS - | Demand 19/02/2010 517096 | "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SR - | Auto 19/02/2010 0 | C:\Windows\system32\Wacom_Tablet.exe (TabletServiceWacom) . (.Wacom Technology, Corp..) - C:\Windows\system32\Wacom_Tablet.exe SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\system32\svchost.exe ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, GMER - Rootkit Detector and Remover Run by jo at 05/01/2011 16:31:35 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by jo at 05/01/2011 16:31:35 Use the desktop link 'MBRCheck' to have full report ---\\ Infection BT - BHO/Toolbar (Possible) O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} [DefaultScope] - (Ask Search) - http://websearch.ask.com/redirect?client=ie&tb=GLSV5&o=10168&src=crm&q={searchTerms}&locale=fr_FR&apn_ptnrs=GL&apn_dtid=YYYYYYYYFR&apn_uid=809E8B29-2069-4073-B939-4AE50F0B4F39&apn_sauid=2EFDD54E-EF1F-4E69-BCF8-6ED3BDCC553C End of the scan (1035 lines in 01mn 09s)(0)

Bonjour à tous, Depuis hier ma connexion à internet est d'une lenteur extrême, j'ai beaucoup de mal à ouvrir ne serait ce que la page de démarrage de mon navigateur. Je télécharge entre 10 et 0 k/s, bref ça rame un max. les pilotes de ma carte réseau et récepteur wifi sont à jour. Mon anti virus ne trouve rien de spécial (nod 32 de eset security) Il y a deux autres Pc chez moi qui fonctionnent parfaitement sur internet. J'ai essayer différent logiciels de nettoyage de malwares, il y a avait deux trois fichiers un peu louches je les ai supprimé mais rien y fait J'avais fait une mise à jour de windows il y a deux jours, j'ai donc fait une restauration du systeme à une date antérieure toujours sans effet. J'avoue que je suis à court d'idée je commence à me dire que ce n'est peut être même pas un virus, mais du coup je sais plus quoi faire. C'est le PC sur lequel je travaille j'ai donc besoin qu'il soit opérationnel. Si vous pouvez m'aider Merci d'avance

Bonjour à tous n'ayant pas eu de réponse j'ai finalement reformaté mon PC. Ma connection est repartie comme à l'origine pendant une journée, mais progressivement j'ai à nouveau perdu de plus en plus de bande passante et je me retrouve à nouveau à 37k . Je commence à désespérer et je suis vraiment à court d'idée. Si quelqu'un peut m'aider ça serait franchement génial. merci

Bonjour à tous n'ayant pas eu de réponse j'ai finalement reformaté mon PC. Ma connection est repartie comme à l'origine pendant une journée, mais progressivement j'ai à nouveau perdu de plus en plus de bande passante et je me retrouve à nouveau à 37k . Je commence à désespérer et je suis vraiment à court d'idée. Si quelqu'un peut m'aider ça serait franchement génial. merci

bon dernière tentative avant de reformater là je ne sais vraiment plus quoi faire, j'ai mis 20min à pouvoir envoyer ce message...

bonjour à tous J'imagine que vous etes tous bien occupés et que vous etes peu pour traiter beaucoup de demandes. Mais là c'est de pire en pire et ça me ralenti beaucoup dans mon travail. Si quelqu'un pouvait juste au moins m'orienter merci d'avance

Bonjour j'ai depuis quelques jours un ralentissement très étrange lors de ma navigation sur internet les pages mettent un temps fou à se charger. J'ai fais un test de bande passante sur le site et je tombe autour de 60 k au mieux et certains test ne sont même pas passés. Avec une bande passante comme ça rien c'est pas étonnant que mes pages aient du mal à s'afficher, ce qui l'est par contre c'est que j'ai un autre PC sur la meme box qui lui tourne à environ 1000k. J'y comprends rien. j'ai donc fais les trucs d'usage, scan complet de mon ordi avec mon anti virus mis à jour ( eset smart security), j'ai également fais tourner malwarebyte mais aucun des deux ne trouve quoi que ce soit. J'ai donc lancé un anti rootkit et j'ai trouvé des trucs qui tournaient, j'ai les ai supprimé mais rien à faire à chaque redémarrage il y en a des différents. Si vous avez des idées. voilà le rapport de mon anti rootkit Area: Windows registry Description: Hidden registry value Location: \HKEY_USERS\S-1-5-21-489480452-4232851175-147431883-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts\C:\Users\jo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk Removable: No Notes: DWORD 0x1 = 1 Area: Local hard drives Description: Unknown hidden file Location: C:\Windows\System32\config\COMPONENTS{016888b8-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms Removable: Yes (but clean up not recommended for this file) Notes: (no more detail available) Area: Local hard drives Description: Unknown hidden file Location: C:\Windows\System32\config\COMPONENTS{016888b8-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms Removable: Yes (but clean up not recommended for this file) Notes: (no more detail available) Area: Local hard drives Description: Unknown hidden file Location: C:\Windows\System32\config\COMPONENTS{016888b8-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms Removable: Yes (but clean up not recommended for this file) Notes: (no more detail available) j'ai aussi fait un scan avec hijackthis mais c'est très obscur pour moi le voici Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:27:59, on 29/04/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files (x86)\QuickTime\qttask.exe C:\Program Files (x86)\Sophos\Sophos Anti-Rootkit\sargui.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Adobe\Adobe After Effects 7.0\Support Files\AfterFX.exe C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O13 - Gopher Prefix: O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8482 bytes Merci d'avance pour votre aide johan