Aller au contenu

f0ele

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    3

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Francais

f0ele's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. f0ele
    Merci pour ta reponse, mais le mode sans echec ne fonctionne pas sur mon pc, je ne peux malheuresement pas faire cette manip je n'ai acces a mon systeme que par le cd. Lorsque je lance le safe mode, le systeme reboot en boucle. Lorsque je lance depuis une clef usb l'antivirus il plante car je ne suis pas en reel "administrateur" a partir du cd. A tres bientot
  2. f0ele
    Bonjour et merci pour ton aide. J'ai bien executer ce que tu m'as comseiller, mais en redemarrant en mode normal, le virus reapparait, impossible de redemarrer sur une session normal. Merci encore F0ELE
  3. f0ele
    Bonjour a tous, J'ai moi aussi attrapper ce virus, je ne sais vraiment plus quoi faire, mon ordinateur ne veut plus demarrer, voici le rapport apres une analyse OTLPE OTL logfile created on: 12/19/2011 6:28:33 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 24.42 Gb Total Space | 2.97 Gb Free Space | 12.17% Space Free | Partition Type: NTFS Drive D: | 50.11 Gb Total Space | 2.42 Gb Free Space | 4.84% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - [2011/12/15 11:09:06 | 000,056,320 | -H-- | M] () [Auto] -- C:\WINNT\system32\41759070AD310639DBA0.sys -- (MSUNatService) SRV - [2011/06/08 06:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011/03/30 08:31:44 | 000,507,904 | ---- | M] (Siemens IT Solutions and Services GmbH) [Auto] -- C:\WINNT\CATPC\mosaic\MBEService\MBESrvS.exe -- (MBEService) SRV - [2011/03/10 17:32:22 | 000,632,176 | ---- | M] (Juniper Networks) [Auto] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010/10/14 11:40:16 | 001,349,920 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\OfficeScan NT\tmlisten.exe -- (tmlisten) SRV - [2010/10/14 11:30:20 | 001,418,672 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\OfficeScan NT\ntrtscan.exe -- (ntrtscan) SRV - [2010/07/23 09:34:26 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2010/01/07 05:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\OfficeScan NT\TmProxy.exe -- (TmProxy) SRV - [2008/07/02 07:25:52 | 000,607,744 | ---- | M] (Siemens AG) [Auto] -- C:\WINNT\CATPC\CATSYS\CatSystemSvc.exe -- (CatSystemSvc) SRV - [2008/01/08 17:00:00 | 000,057,344 | ---- | M] (O2Micro International) [Auto] -- C:\WINNT\system32\o2flash.exe -- (O2Flash) SRV - [2007/12/18 10:57:34 | 000,416,864 | ---- | M] (Fiberlink Communications Corp.) [Auto] -- C:\Program Files\SFR Global Access\SFR Global Access\ServiceMgr.exe -- (ServiceMgr) SRV - [2007/12/18 10:57:32 | 000,105,568 | ---- | M] (Fiberlink Communications Corp.) [Auto] -- C:\Program Files\SFR Global Access\SFR Global Access\FLUtilsSvc.exe -- (FLUtilsSvc) SRV - [2007/12/18 04:48:40 | 000,196,704 | ---- | M] (OptionNV) [Auto] -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc) SRV - [2007/02/25 15:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2006/10/12 13:30:46 | 002,138,112 | ---- | M] (BigFix Inc.) [Auto] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient) SRV - [2006/02/08 20:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec) SRV - [2006/02/08 20:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32) SRV - [2004/09/10 01:32:48 | 000,053,248 | ---- | M] (Brother Industries, Ltd.) [Auto] -- C:\WINNT\System32\BrmfBAgS.exe -- (brmfbags) SRV - [2004/04/17 23:11:14 | 000,036,864 | ---- | M] () [Auto] -- C:\Program Files\BackupPC\cygrunsrv.exe -- (BackupPC) SRV - [2002/06/20 12:52:30 | 000,065,536 | ---- | M] () [Auto] -- C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe -- (CBBS) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand] -- -- (Netaapl) DRV - File not found [Kernel | On_Demand] -- -- (MBX2MIDK) DRV - File not found [Kernel | On_Demand] -- -- (MBX2DFU) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2011/08/07 02:40:40 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINNT\system32\drivers\sptd.sys -- (sptd) DRV - [2011/07/12 04:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\OfficeScan NT\TmXpflt.sys -- (TmFilter) DRV - [2011/07/12 04:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\OfficeScan NT\TmPreflt.sys -- (TmPreFilter) DRV - [2011/07/12 04:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\OfficeScan NT\vsapiNT.sys -- (VSApiNt) DRV - [2011/05/18 03:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011/05/18 03:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011/05/18 03:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011/05/18 03:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010/11/08 13:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\WINNT\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2010/08/27 09:39:05 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\VMM.sys -- (vmm) DRV - [2010/07/23 09:25:46 | 000,062,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2010/07/23 09:25:38 | 000,052,304 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2010/07/23 09:25:30 | 000,163,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2010/02/24 05:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINNT\system32\drivers\acedrv11.sys -- (acedrv11) DRV - [2010/02/18 19:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\tcpip6.sys -- (tcpip6) DRV - [2010/01/26 21:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\npf.sys -- (npf) DRV - [2009/08/03 07:06:52 | 000,129,176 | ---- | M] (Alesis) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\AlesisFirewire.sys -- (AlesisFirewire) DRV - [2009/08/03 07:06:52 | 000,030,872 | ---- | M] (Alesis) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\AlesisFirewireMidi.sys -- (AlesisFirewireMidi) DRV - [2009/08/03 07:06:52 | 000,028,184 | ---- | M] (Alesis) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\AlesisFirewireAudio.sys -- (AlesisFirewireAudio) DRV - [2008/12/03 21:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\diginet.sys -- (DigiNet) DRV - [2008/09/19 03:04:00 | 000,290,432 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008/04/13 22:51:44 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\mf.sys -- (mf) DRV - [2008/01/08 17:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\o2media.sys -- (O2MDRDR) DRV - [2007/12/18 10:28:24 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand] -- C:\Program Files\SFR Global Access\SFR Global Access\FIBWLANAPI5.sys -- (FIBWLANAPI5) DRV - [2007/06/21 06:58:32 | 000,547,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ar5211.sys -- (AR5211) DRV - [2007/06/11 08:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosrfusb.sys -- (tosrfusb) DRV - [2007/05/24 08:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2007/05/21 17:00:00 | 000,095,616 | ---- | M] (O2Micro) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ozscr.sys -- (O2SCBUS) DRV - [2007/04/24 08:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2007/04/16 22:25:12 | 000,035,328 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\gtf32bus.sys -- (GTF32BUS) DRV - [2007/04/16 22:25:12 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\gtptser.sys -- (GTPTSER) DRV - [2007/03/11 20:32:40 | 004,486,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/03/01 11:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2007/01/28 23:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\VMNetSrv.sys -- (VPCNetS2) DRV - [2007/01/22 04:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2006/11/20 11:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2006/10/10 13:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosporte.sys -- (tosporte) DRV - [2006/09/28 09:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\pnetmdm.sys -- (pnetmdm) DRV - [2006/06/28 21:13:08 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006/02/08 20:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2006/02/08 20:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\kbstuff5.sys -- (kbstuff) DRV - [2006/02/08 20:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\idisw2km.sys -- (idisw2km) DRV - [2005/11/01 14:06:36 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto] -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd) DRV - [2005/09/27 01:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINNT\System32\drivers\TPkd.sys -- (TPkd) DRV - [2005/09/23 00:48:44 | 000,028,544 | ---- | M] (O2Micro ) [Kernel | Boot] -- C:\WINNT\system32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2005/06/06 17:35:38 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2005/03/31 22:41:26 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2005/01/06 23:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004/01/16 21:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\fuj02e3.sys -- (FUJ02E3) DRV - [2001/08/17 07:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\BrParImg.sys -- (brparimg) DRV - [2001/08/17 07:12:18 | 000,039,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\BrParwdm.sys -- (BrParWdm) DRV - [2001/08/17 07:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\BrFilt.sys -- (brfilt) DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2001/08/17 06:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\enum1394.sys -- (ENUM1394) DRV - [2001/08/01 15:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\fuj02b1.sys -- (FUJ02B1) DRV - [2000/02/22 09:46:40 | 000,009,152 | ---- | M] () [Kernel | Auto] -- C:\WINNT\System32\drivers\Ticalc.sys -- (TICalc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = https://portal.siemens.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61111 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.siemens.fr IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.siemens.fr IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 30 69 4D EC 79 CC 01 [binary data] IE - HKU\fr025451_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\fr025451_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\fr025451_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.123.2:81 IE - HKU\fr025451_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxyconf-uba.siemens.net/ IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=<proxyserver>:<Port>;https=<proxyserver>:<Port>;ftp=<proxyserver>:<Port>;gopher=localhost:1;socks=<proxyserver>:<Port> IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.fr001.siemens.net/pacfiles/proxy.pac ========== FireFox ========== FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1 FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2 FF - prefs.js..extensions.enabledItems: [email protected]:2.8.0.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/10/25 12:31:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/10/25 12:31:16 | 000,000,000 | ---D | M] [2011/10/27 09:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fr025451\Application Data\Mozilla\Extensions [2009/12/08 15:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fr025451\Application Data\Mozilla\Extensions\[email protected] [2011/10/27 09:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/07/06 07:21:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011/11/27 12:13:57 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected] [2011/07/06 07:21:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2011/12/16 14:03:32 | 000,000,834 | ---- | M]) - C:\WINNT\system32\drivers\etc\HOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 139.10.13.45 user.sbs.fr O1 - Hosts: 139.16.69.65 CHLGSAS1 O1 - Hosts: 139.16.69.67 NGAS2 O1 - Hosts: 74.208.105.171 gs.apple.com O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (wiseHelper Class) - {9BF12F0E-67C3-41db-A597-8AEA428FEAC0} - File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINNT\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [backupdir] C:\Program Files\BackupPC\backupdir.exe () O4 - HKLM..\Run: [backuppc_notif] C:\Program Files\BackupPC\BPNotification.exe (Siemens Business Services) O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation) O4 - HKLM..\Run: [DirXconnect settings] C:\Program Files\Siemens\DIRXDISCOVER\dxdSetup.exe (Siemens AG) O4 - HKLM..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [LtMoh] File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\OfficeScan NT\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [sIECAST] C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens AG) O4 - HKLM..\Run: [sSRPM Enrollment Wizard] C:\Program Files\Tools4ever\SSRPM\Enrollment Wizard\SSRPMEnroll.exe (Tools4ever) O4 - HKLM..\Run: [sSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED) O4 - HKLM..\Run: [uSM] C:\Program Files\Siemens\USM\USM.exe (Siemens AG) O4 - HKLM..\Run: [WDF_Mon] C:\Program Files\Windows Desktop Firewall Monitor\WDFMON.EXE (Siemens IT Solutions and Services) O4 - HKU\fr025451_ON_C..\Run: [] File not found O4 - HKU\fr025451_ON_C..\Run: [chromium] File not found O4 - HKU\fr025451_ON_C..\Run: [MsnMsgr] File not found O4 - HKU\fr025451_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\.DEFAULT..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG) O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG) O4 - HKU\Inst2000_MED_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O4 - Startup: C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\La Chaîne Météo.lnk = C:\Program Files\La Chaîne Météo\La Chaîne Météo.exe () O4 - Startup: C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for iPhone\PdaNetPC.exe () O4 - Startup: C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\Thoosje Sidebar.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\MAIN present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: nointernetopenwith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1800 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0 O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\fr025451_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\fr025451_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\fr025451_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKU\fr025451_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = access.cpl (Microsoft Corporation) O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = Administrative Tools O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 3 = fax.cpl O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 4 = Fonts O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 5 = hdwwiz.cpl (Microsoft Corporation) O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 6 = inetcpl.cpl (Microsoft Corporation) O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 7 = irprops.cpl (Microsoft Corporation) O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 8 = joy.cpl (Microsoft Corporation) O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 9 = Network and Dial-up Connections O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 10 = nusrmgr.cpl (Microsoft Corporation) O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 11 = nwc.cpl (Microsoft Corporation) O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 12 = Scheduled Tasks O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 13 = sticpl.cpl O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 14 = telephon.cpl (Microsoft Corporation) O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConnectHomeDirToRoot = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0 O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKU\Inst2000_MED_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\Inst2000_MED_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\Inst2000_MED_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKU\Inst2000_MED_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\Inst2000_MED_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra Button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - Reg Error: Key error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: gouv.fr ([*.impots] * in Local intranet) O15 - HKLM\..Trusted Domains: gouv.fr ([*.ir.dgi.minefi] * in Local intranet) O15 - HKLM\..Trusted Domains: gouv.fr ([tva.dgi.minefi] * in Local intranet) O15 - HKLM\..Trusted Domains: infineon.com ([*.extra-eu] * in Local intranet) O15 - HKLM\..Trusted Domains: nokiasiemensnetworks.be ([intranet] https in Sites de confiance) O15 - HKLM\..Trusted Domains: sbs.fr ([*.par] * in Sites de confiance) O15 - HKLM\..Trusted Domains: sbs.fr ([its.par] * in Sites de confiance) O15 - HKLM\..Trusted Domains: sbs.fr ([sdso158a.par] * in Sites de confiance) O15 - HKLM\..Trusted Domains: siemens.com ([*.automation] * in Sites de confiance) O15 - HKLM\..Trusted Domains: siemens.fr ([*.mti] * in Sites de confiance) O15 - HKLM\..Trusted Domains: siemens.fr ([*.par] * in Sites de confiance) O15 - HKLM\..Trusted Domains: siemens.fr ([sdso158a.par] * in Sites de confiance) O15 - HKU\.DEFAULT\..Trusted Domains: gouv.fr ([*.impots] * in Local intranet) O15 - HKU\.DEFAULT\..Trusted Domains: gouv.fr ([*.ir.dgi.minefi] * in Local intranet) O15 - HKU\.DEFAULT\..Trusted Domains: gouv.fr ([tva.dgi.minefi] * in Local intranet) O15 - HKU\.DEFAULT\..Trusted Domains: infineon.com ([*.extra-eu] * in Local intranet) O15 - HKU\.DEFAULT\..Trusted Domains: nokiasiemensnetworks.be ([intranet] https in Sites de confiance) O15 - HKU\.DEFAULT\..Trusted Domains: sbs.fr ([*.par] * in Sites de confiance) O15 - HKU\.DEFAULT\..Trusted Domains: sbs.fr ([its.par] * in Sites de confiance) O15 - HKU\.DEFAULT\..Trusted Domains: sbs.fr ([sdso158a.par] * in Sites de confiance) O15 - HKU\.DEFAULT\..Trusted Domains: siemens.com ([*.automation] * in Sites de confiance) O15 - HKU\.DEFAULT\..Trusted Domains: siemens.fr ([*.mti] * in Sites de confiance) O15 - HKU\.DEFAULT\..Trusted Domains: siemens.fr ([*.par] * in Sites de confiance) O15 - HKU\.DEFAULT\..Trusted Domains: siemens.fr ([sdso158a.par] * in Sites de confiance) O15 - HKU\fr025451_ON_C\..Trusted Domains: gouv.fr ([*.impots] * in Local intranet) O15 - HKU\fr025451_ON_C\..Trusted Domains: gouv.fr ([*.ir.dgi.minefi] * in Local intranet) O15 - HKU\fr025451_ON_C\..Trusted Domains: gouv.fr ([tva.dgi.minefi] * in Local intranet) O15 - HKU\fr025451_ON_C\..Trusted Domains: infineon.com ([*.extra-eu] * in Local intranet) O15 - HKU\fr025451_ON_C\..Trusted Domains: nokiasiemensnetworks.be ([intranet] https in Sites de confiance) O15 - HKU\fr025451_ON_C\..Trusted Domains: sbs.fr ([*.par] * in Sites de confiance) O15 - HKU\fr025451_ON_C\..Trusted Domains: sbs.fr ([its.par] * in Sites de confiance) O15 - HKU\fr025451_ON_C\..Trusted Domains: sbs.fr ([sdso158a.par] * in Sites de confiance) O15 - HKU\fr025451_ON_C\..Trusted Domains: siemens.com ([*.automation] * in Sites de confiance) O15 - HKU\fr025451_ON_C\..Trusted Domains: siemens.fr ([*.mti] * in Sites de confiance) O15 - HKU\fr025451_ON_C\..Trusted Domains: siemens.fr ([*.par] * in Sites de confiance) O15 - HKU\fr025451_ON_C\..Trusted Domains: siemens.fr ([sdso158a.par] * in Sites de confiance) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://localhost:8080/swservice/plugins/awswaxf.cab (Macromedia Authorware Web Player Control) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/fr/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {7066F4E2-EABF-4F73-90E6-F01D18000F56} http://localhost:8080/swservice/plugins/Annotation.cab (Annotation Control) O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} http://localhost:8080/swservice/plugins/tsccinst.cab (TSCCInstall Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} http://www.digitalpublishing.de/launcher/dpLaunchPlugin.cab (dp Launcher Plugin) O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/plugins/MaConfig_5_1_5_0.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ura.siemens.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr001.siemens.net O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAPpc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAPpc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\System32\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (CatUInit) - C:\WINNT\System32\CatUInit.exe (Siemens AG) O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\41759070AD310639DBA0.exe) - C:\WINNT\system32\41759070AD310639DBA0.exe () O20 - HKLM Winlogon: GinaDLL - (SSRPMGINA.dll) - C:\WINNT\System32\SSRPMGINA.dll (Tools4ever) O20 - Winlogon\Notify\FLWLEvents: DllName - C:\Program Files\SFR Global Access\SFR Global Access\FiberlinkNetProv.dll - C:\Program Files\SFR Global Access\SFR Global Access\FiberlinkNetProv.dll (Fiberlink Communications Corp.) O20 - Winlogon\Notify\PSUTY: DllName - PSUWNP.dll - C:\WINNT\System32\PSUWNP.dll (FUJITSU LIMITED) O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/10/30 06:26:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - File not found ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {0E9A3196-39EA-409D-8EB4-20D7FABC191A} - Microsoft .NET Framework 1.0 Hotfix (KB928367) ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007 R2 ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {14303301-758B-402B-9A0D-2C6A591680DB} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461) ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461) ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINNT\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINNT\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINNT\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINNT\system32\rundll32.exe" "C:\WINNT\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - ir32_32.dll File not found Drivers32: vidc.iv32 - ir32_32.dll File not found Drivers32: vidc.iv41 - ir41_32.ax File not found Drivers32: vidc.iv50 - ir50_32.dll File not found Drivers32: vidc.tscc - C:\WINNT\System32\tsccvid.dll (TechSmith Corporation) ========== Files/Folders - Created Within 30 Days ========== [2011/12/19 11:43:41 | 001,036,288 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\explorer.exe [2011/12/19 11:42:37 | 001,036,288 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\explorer.exe [2011/12/19 05:56:38 | 000,000,000 | ---D | C] -- C:\WINNT\LastGood [2011/12/19 02:40:22 | 000,000,000 | ---D | C] -- C:\1d3277359ecc08439e9e6c6b2643 [2011/12/18 22:31:12 | 000,000,000 | ---D | C] -- C:\_OTL [2011/12/18 22:20:43 | 026,705,144 | ---- | C] (Emsi Software GmbH ) -- C:\EmsisoftAntiMalwareSetup.exe [2011/12/18 22:17:28 | 000,000,000 | ---D | C] -- C:\ZHPDiag [2011/12/18 21:36:55 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware [2011/12/18 21:27:12 | 001,036,288 | ---- | C] (Microsoft Corporation) -- C:\explorer.exe [2011/12/18 17:01:41 | 000,000,000 | -HSD | C] -- C:\found.000 [2011/12/18 13:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\~Backup [2011/12/16 17:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2011/12/16 17:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/12/16 17:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/12/16 11:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Mariage Pierre Yves [2011/12/15 15:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\BSP 200.2 [2011/12/15 15:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Documents Siemens [2011/12/12 11:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Tatouage [2011/12/12 03:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Application Data\VDownloader [2011/12/12 03:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Local Settings\Application Data\VDownloader [2011/12/12 03:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap [2011/12/12 03:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VDownloader [2011/12/12 03:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\VDownloader [2011/12/12 03:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Xi [2011/12/11 09:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Maison Roquefort la Bedoule [2011/12/09 17:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2011/12/09 17:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2011/12/09 17:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011/12/09 11:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight [2011/12/09 11:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011/12/09 07:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN [2011/12/08 04:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Application Data\com.adobe.example.widget.F826D533138FC008516DC0DE4625BA08DCDBC443.1 [2011/12/08 04:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\La Chaîne Météo [2011/12/08 04:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2011/12/08 03:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Local Settings\Application Data\Stardock [2011/12/08 03:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Thoosje Vista Sidebar [2011/12/06 07:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Idées de terrasse [2011/12/06 03:27:03 | 000,000,000 | ---D | C] -- C:\CB-DOC [2011/12/06 03:26:54 | 000,000,000 | ---D | C] -- C:\WINNT\A6W_DATA [2011/12/05 16:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Local Settings\Application Data\Google [2011/12/05 06:11:13 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaws.exe [2011/12/05 06:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaw.exe [2011/12/05 06:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\java.exe [2011/11/27 12:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V [2011/11/24 14:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Photos pour retirages gratuit [2009/10/30 07:48:10 | 003,125,248 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll [2009/10/30 07:48:09 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll [2009/10/30 07:48:09 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll [2009/10/30 07:48:08 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx [2008/04/13 17:30:00 | 000,554,008 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao360.dll [2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/12/19 05:55:43 | 000,000,002 | -HS- | M] () -- C:\Documents and Settings\fr025451\RECYCLER [2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011/12/19 05:55:10 | 000,000,248 | -H-- | M] () -- C:\WINNT\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2011/12/19 05:54:00 | 000,000,509 | ---- | M] () -- C:\WINNT\SMSCFG.ini [2011/12/19 05:53:11 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat [2011/12/19 05:53:09 | 2135,756,800 | -HS- | M] () -- C:\hiberfil.sys [2011/12/18 22:20:43 | 026,705,144 | ---- | M] (Emsi Software GmbH ) -- C:\EmsisoftAntiMalwareSetup.exe [2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\explorer.exe [2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\explorer.exe [2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\explorer.exe [2011/12/16 17:17:16 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/12/16 17:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2011/12/16 17:04:03 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job [2011/12/16 16:05:42 | 000,000,069 | ---- | M] () -- C:\WINNT\NeroDigital.ini [2011/12/16 16:03:15 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\fr025451\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/12/16 11:48:24 | 000,030,346 | RHS- | M] () -- C:\Documents and Settings\fr025451\ntuser.pol [2011/12/16 11:14:00 | 000,016,322 | ---- | M] () -- C:\WINNT\cfgall.ini [2011/12/16 08:42:22 | 000,057,494 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2011/12/16 07:38:16 | 000,000,350 | ---- | M] () -- C:\WINNT\tasks\At1.job [2011/12/16 01:50:46 | 000,513,246 | ---- | M] () -- C:\WINNT\System32\perfh009.dat [2011/12/16 01:50:45 | 000,092,106 | ---- | M] () -- C:\WINNT\System32\perfc009.dat [2011/12/15 11:09:07 | 000,056,320 | -H-- | M] () -- C:\WINNT\System32\41759070AD310639DBA0.exe [2011/12/15 11:09:06 | 000,056,320 | -H-- | M] () -- C:\WINNT\System32\41759070AD310639DBA0.sys [2011/12/15 03:32:37 | 000,075,763 | ---- | M] () -- C:\WINNT\Run32S60.mch [2011/12/15 03:16:16 | 000,000,035 | ---- | M] () -- C:\WINNT\A6W.INI [2011/12/14 20:54:40 | 000,505,427 | ---- | M] () -- C:\Documents and Settings\fr025451\Desktop\Nouvelle_reglementation2008.pdf [2011/12/14 13:44:36 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\fr025451\Application Data\Microsoft\Internet Explorer\Quick Launch\Siemens Healthcare SPC (2).lnk [2011/12/13 04:14:09 | 000,225,302 | ---- | M] () -- C:\Documents and Settings\fr025451\Desktop\__partenaires.ticketnet.fr_recapcommande.pdf [2011/12/12 14:15:28 | 000,138,464 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/12/12 03:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VDownloader [2011/12/10 03:45:26 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl [2011/12/09 17:50:46 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk [2011/12/09 17:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2011/12/09 11:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight [2011/12/09 07:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN [2011/12/09 02:50:54 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\La Chaîne Météo.lnk [2011/12/09 02:33:01 | 000,000,526 | ---- | M] () -- C:\WINNT\AWSHKWV.INI [2011/12/08 04:28:11 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\La Chaîne Météo.lnk [2011/12/08 03:26:38 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\Thoosje Sidebar.lnk [2011/12/07 13:33:02 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\fr025451\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Communicator 2007 R2.lnk [2011/12/07 09:39:01 | 000,244,720 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT [2011/12/06 13:50:14 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh324 [2011/12/05 08:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer [2011/12/05 02:19:45 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\fr025451\Application Data\Microsoft\Internet Explorer\Quick Launch\Spotify.lnk [2011/12/02 05:48:25 | 000,000,386 | ---- | M] () -- C:\WINNT\BrmfBidi.ini [2011/11/24 15:50:24 | 000,002,250 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oceanlog 2.x.lnk [2011/11/23 19:08:10 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh323 [2011/11/23 19:08:10 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh322 [2011/11/23 19:08:10 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh321 [2011/11/23 19:08:10 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh320 [2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh324 [2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh323 [2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh322 [2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh321 [2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh320 [2011/12/16 17:17:16 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/12/15 11:09:07 | 000,056,320 | -H-- | C] () -- C:\WINNT\System32\41759070AD310639DBA0.exe [2011/12/15 11:09:06 | 000,056,320 | -H-- | C] () -- C:\WINNT\System32\41759070AD310639DBA0.sys [2011/12/14 20:54:40 | 000,505,427 | ---- | C] () -- C:\Documents and Settings\fr025451\Desktop\Nouvelle_reglementation2008.pdf [2011/12/13 04:14:06 | 000,225,302 | ---- | C] () -- C:\Documents and Settings\fr025451\Desktop\__partenaires.ticketnet.fr_recapcommande.pdf [2011/12/12 03:23:52 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2011/12/09 17:50:46 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk [2011/12/08 04:29:32 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\La Chaîne Météo.lnk [2011/12/08 04:28:11 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\La Chaîne Météo.lnk [2011/12/08 03:26:38 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\Thoosje Sidebar.lnk [2011/12/06 03:30:46 | 000,075,763 | ---- | C] () -- C:\WINNT\Run32S60.mch [2011/12/06 03:26:54 | 000,000,035 | ---- | C] () -- C:\WINNT\A6W.INI [2011/12/06 03:26:53 | 000,000,526 | ---- | C] () -- C:\WINNT\AWSHKWV.INI [2011/12/05 02:19:45 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\Microsoft\Internet Explorer\Quick Launch\Spotify.lnk [2011/09/28 12:23:51 | 000,221,184 | --S- | C] () -- C:\WINNT\System32\glut32.dll [2011/05/27 06:00:37 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\$_hpcst$.hpc [2011/03/04 16:53:10 | 000,000,098 | ---- | C] () -- C:\WINNT\WirelessFTP.INI [2011/02/12 03:12:36 | 000,000,209 | ---- | C] () -- C:\WINNT\Brpfx04a.ini [2011/02/12 03:12:36 | 000,000,092 | ---- | C] () -- C:\WINNT\brpcfx.ini [2011/02/12 03:12:36 | 000,000,052 | ---- | C] () -- C:\WINNT\BRPP2KA.INI [2011/01/28 17:02:23 | 000,138,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2011/01/02 15:25:37 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\PnkBstrK.sys [2011/01/02 15:25:33 | 000,103,736 | ---- | C] () -- C:\WINNT\System32\PnkBstrB.exe [2011/01/02 15:24:10 | 000,066,872 | ---- | C] () -- C:\WINNT\System32\PnkBstrA.exe [2010/12/23 14:12:06 | 000,005,763 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\5C8E.4C1 [2010/11/29 08:37:31 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat [2010/11/04 11:45:37 | 000,009,152 | ---- | C] () -- C:\WINNT\System32\drivers\Ticalc.sys [2010/11/04 11:45:37 | 000,000,711 | ---- | C] () -- C:\WINNT\Wlink89.ini [2010/08/18 07:54:42 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat [2010/07/23 03:25:52 | 000,129,423 | ---- | C] () -- C:\WINNT\Install_IE7_CATS_after_reboot.EXE [2010/07/23 03:15:34 | 000,183,134 | ---- | C] () -- C:\WINNT\refresh_desktop.exe [2010/06/27 12:38:14 | 000,000,042 | ---- | C] () -- C:\WINNT\ce52e.INI [2010/05/27 12:13:46 | 000,000,095 | ---- | C] () -- C:\WINNT\p7vrvisx.INI [2010/05/27 11:42:36 | 000,020,480 | ---- | C] () -- C:\WINNT\CallUninst.exe [2010/02/15 06:10:55 | 000,035,000 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat [2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- C:\WINNT\System32\pthreadVC.dll [2010/01/15 10:09:36 | 000,000,097 | ---- | C] () -- C:\WINNT\SIM_HM.INI [2009/12/11 06:44:24 | 000,000,185 | ---- | C] () -- C:\WINNT\aristos.INI [2009/12/08 03:26:21 | 000,217,088 | ---- | C] () -- C:\WINNT\System32\qtmlClient.dll [2009/11/25 03:43:18 | 000,002,143 | ---- | C] () -- C:\WINNT\xcs_err.ini [2009/11/25 03:43:17 | 000,121,920 | R--- | C] () -- C:\WINNT\spc_find.exe [2009/11/25 03:43:16 | 000,017,343 | ---- | C] () -- C:\WINNT\ACSCOM.DLL [2009/11/25 03:43:16 | 000,001,221 | ---- | C] () -- C:\WINNT\card_xcs.ini [2009/11/25 03:43:16 | 000,000,208 | ---- | C] () -- C:\WINNT\fl_co_.ini [2009/11/25 03:43:16 | 000,000,058 | ---- | C] () -- C:\WINNT\cardxcs_.ini [2009/11/24 04:21:40 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\fr025451\BackupPcError.dat [2009/11/13 09:15:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\wgjpi.data [2009/11/12 10:06:06 | 000,716,800 | R--- | C] () -- C:\WINNT\System32\Memorybar.exe [2009/11/03 04:28:18 | 000,000,019 | ---- | C] () -- C:\WINNT\nt_test.ini [2009/11/01 16:01:10 | 000,116,224 | ---- | C] () -- C:\WINNT\System32\pdfcmnnt.dll [2009/10/31 04:40:41 | 000,130,406 | ---- | C] () -- C:\WINNT\manual_catupd.EXE [2009/10/30 18:07:15 | 000,000,386 | ---- | C] () -- C:\WINNT\BrmfBidi.ini [2009/10/30 18:06:44 | 000,000,441 | ---- | C] () -- C:\WINNT\BRWMARK.INI [2009/10/30 18:06:44 | 000,000,065 | ---- | C] () -- C:\WINNT\System32\BD7225N.DAT [2009/10/30 18:04:21 | 000,000,052 | ---- | C] () -- C:\WINNT\System32\BrmfBAgP.ini [2009/10/30 18:04:21 | 000,000,036 | ---- | C] () -- C:\WINNT\System32\BrmfBiPP.dat [2009/10/30 18:04:21 | 000,000,029 | ---- | C] () -- C:\WINNT\System32\BrmfBAgS.ini [2009/10/30 17:55:10 | 000,000,000 | ---- | C] () -- C:\WINNT\PROTOCOL.INI [2009/10/30 14:11:38 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4785.dll [2009/10/30 14:11:37 | 000,701,840 | ---- | C] () -- C:\WINNT\System32\igmedkrn.dll [2009/10/30 14:10:07 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat [2009/10/30 14:10:02 | 000,513,246 | ---- | C] () -- C:\WINNT\System32\perfh009.dat [2009/10/30 14:10:02 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat [2009/10/30 14:10:02 | 000,092,106 | ---- | C] () -- C:\WINNT\System32\perfc009.dat [2009/10/30 14:10:02 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat [2009/10/30 14:10:00 | 000,004,463 | ---- | C] () -- C:\WINNT\System32\oembios.dat [2009/10/30 14:09:59 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin [2009/10/30 14:09:55 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat [2009/10/30 14:09:46 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat [2009/10/30 14:09:46 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin [2009/10/30 14:09:29 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat [2009/10/30 14:09:18 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\Dcache.bin [2009/10/30 08:34:37 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini [2009/10/30 08:34:32 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\fr025451\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/30 08:25:04 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\fr025451\Local Settings\Application Data\fusioncache.dat [2009/10/30 08:19:08 | 000,048,687 | ---- | C] () -- C:\WINNT\SBSPOP01.exe [2009/10/30 08:16:51 | 000,000,509 | ---- | C] () -- C:\WINNT\SMSCFG.ini [2009/10/30 08:06:36 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\fr025451\RECYCLER [2009/10/30 08:04:24 | 000,030,346 | RHS- | C] () -- C:\Documents and Settings\fr025451\ntuser.pol [2009/10/30 08:03:05 | 000,025,253 | ---- | C] () -- C:\WINNT\whatmask.exe [2009/10/30 07:55:03 | 000,113,890 | ---- | C] () -- C:\WINNT\restore_saplogon.EXE [2009/10/30 07:48:09 | 000,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt [2009/10/30 07:48:08 | 000,955,904 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt [2009/10/30 07:45:59 | 001,064,960 | ---- | C] () -- C:\WINNT\System32\h5krnl32.dll [2009/10/30 07:45:59 | 000,188,928 | ---- | C] () -- C:\WINNT\System32\h5icon32.dll [2009/10/30 07:45:59 | 000,175,616 | ---- | C] () -- C:\WINNT\System32\h5menu32.dll [2009/10/30 07:45:59 | 000,095,744 | ---- | C] () -- C:\WINNT\System32\h5rtf32.dll [2009/10/30 07:45:59 | 000,051,200 | ---- | C] () -- C:\WINNT\System32\h5tool32.dll [2009/10/30 07:45:31 | 000,015,872 | ---- | C] () -- C:\WINNT\System32\vtssm32.dll [2009/10/30 07:45:11 | 000,002,745 | ---- | C] () -- C:\WINNT\saplogon.ini [2009/10/30 07:45:11 | 000,000,023 | ---- | C] () -- C:\WINNT\saproute.ini [2009/10/30 07:16:35 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI [2009/10/30 07:15:50 | 000,244,720 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT [2009/10/30 07:15:30 | 000,016,322 | ---- | C] () -- C:\WINNT\cfgall.ini [2009/10/30 07:05:45 | 000,000,470 | ---- | C] () -- C:\WINNT\ODBC.INI [2009/10/30 06:42:15 | 000,000,000 | ---- | C] () -- C:\WINNT\tosOBEX.INI [2009/10/30 06:28:36 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat [2009/10/30 06:24:29 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat [2009/04/16 09:32:46 | 000,040,517 | ---- | C] () -- C:\WINNT\System32\jRegistryKey.dll [2008/04/18 09:56:18 | 000,311,296 | ---- | C] () -- C:\WINNT\System32\siecaces.dll [2007/12/18 10:28:10 | 000,059,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml [2007/06/21 04:49:24 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\TosBtAcc.dll [2007/04/16 07:01:06 | 000,184,320 | ---- | C] () -- C:\WINNT\System32\gmp4_2_1.dll [2007/04/12 02:48:40 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\siecacsp.dll [2005/07/22 15:30:18 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\TosCommAPI.dll [2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI [2000/08/18 08:14:10 | 000,000,207 | ---- | C] () -- C:\WINNT\ORGD.INI [1997/06/25 09:24:16 | 000,040,448 | ---- | C] () -- C:\WINNT\System32\regobj.dll ========== LOP Check ========== [2010/02/02 03:36:14 | 000,000,000 | ---D | M] -- C:\WINNT\system32\config\systemprofile\Application Data\Application Updater [2011/02/03 03:02:25 | 000,000,000 | ---D | M] -- C:\WINNT\system32\config\systemprofile\Application Data\Fixit [2011/09/28 11:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\2020 Fusion [2010/02/10 16:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\3M [2010/11/15 16:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\AlesisFirewire [2011/09/24 13:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\ArchiFacile [2009/11/20 13:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\CatPC [2011/12/08 04:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\com.adobe.example.widget.F826D533138FC008516DC0DE4625BA08DCDBC443.1 [2011/02/12 20:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\digital publishing [2011/09/16 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Eltima Software [2010/09/15 11:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\FileZilla [2009/12/17 13:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\FreeVideoConverter [2010/12/20 11:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\GrabIt [2011/05/20 06:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Juniper Networks [2011/01/28 16:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\National Library of Medicine [2011/09/24 06:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\NesterSoft [2011/10/25 12:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Nokia [2011/10/25 12:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Nokia Ovi Suite [2009/12/08 03:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\PACE Anti-Piracy [2011/10/25 12:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\PC Suite [2010/02/03 17:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\PhotoFiltre [2011/01/05 11:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\ProtectDISC [2011/04/11 10:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Siemens [2011/10/26 12:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Sierra Wireless [2011/12/14 19:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Spotify [2010/07/23 03:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Steelray Software [2010/12/20 11:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\SuperNZB [2009/12/08 15:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\TomTom [2009/12/13 18:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Trillium Lane [2011/12/12 03:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\VDownloader [2011/02/17 03:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\WindSolutions [2010/12/27 16:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software [2011/09/28 11:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iDeal Designer Hygena [2009/10/30 08:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks [2011/11/04 06:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs [2010/05/12 04:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2011/10/25 12:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache [2009/12/08 03:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy [2011/10/25 12:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite [2009/10/30 08:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SFR Global Access [2010/05/12 04:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2010/09/30 13:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/06/11 11:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2011/10/28 10:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite [2011/02/17 03:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions [2010/05/01 04:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/10/31 15:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2011/12/16 07:38:16 | 000,000,350 | ---- | M] () -- C:\WINNT\Tasks\At1.job [2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2011/12/19 05:55:10 | 000,000,248 | -H-- | M] () -- C:\WINNT\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Custom Scans ========== Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*. Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe Invalid Environment Variable: %APPDATA%\*. Invalid Environment Variable: %APPDATA%\*.exe < %SYSTEMDRIVE%\*.exe > [2011/12/18 22:20:43 | 026,705,144 | ---- | M] (Emsi Software GmbH ) -- C:\EmsisoftAntiMalwareSetup.exe [2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\explorer.exe < MD5 for: AEC.SYS > [2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:aec.sys [2008/04/13 17:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINNT\system32\drivers\aec.sys < MD5 for: AGP440.SYS > [2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys < MD5 for: ALG.EXE > [2008/04/13 22:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINNT\system32\alg.exe [2008/04/13 22:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINNT\system32\dllcache\alg.exe < MD5 for: ATAPI.SYS > [2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\system32\drivers\atapi.sys < MD5 for: CDROM.SYS > [2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:cdrom.sys [2008/04/13 22:51:44 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINNT\system32\drivers\cdrom.sys < MD5 for: CSRSS.EXE > [2008/04/13 22:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINNT\system32\csrss.exe [2008/04/13 22:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINNT\system32\dllcache\csrss.exe < MD5 for: CTFMON.EXE > [2008/04/13 22:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINNT\system32\ctfmon.exe [2008/04/13 22:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINNT\system32\dllcache\ctfmon.exe < MD5 for: DISK.SYS > [2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:disk.sys [2008/04/13 22:51:44 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINNT\system32\drivers\disk.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 22:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\system32\dllcache\eventlog.dll [2008/04/13 22:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\explorer.exe [2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINNT\system32\dllcache\explorer.exe [2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINNT\system32\explorer.exe < MD5 for: I8042PRT.SYS > [2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:i8042prt.sys [2008/04/13 19:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINNT\system32\drivers\i8042prt.sys < MD5 for: IASTOR.SYS > [2007/02/11 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINNT\CATPC\9\iastor.sys < MD5 for: IMAPI.SYS > [2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:imapi.sys [2008/04/13 22:51:44 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINNT\system32\drivers\imapi.sys < MD5 for: INTELIDE.SYS > [2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:intelide.sys < MD5 for: MOUNTMGR.SYS > [2008/04/13 17:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINNT\system32\dllcache\mountmgr.sys [2008/04/13 17:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINNT\system32\drivers\mountmgr.sys < MD5 for: MRXSMB.SYS > [2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:mrxsmb.sys [2009/12/04 12:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINNT\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys [2008/10/24 06:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINNT\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys [2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINNT\Driver Cache\i386\mrxsmb.sys [2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINNT\system32\dllcache\mrxsmb.sys [2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINNT\system32\drivers\mrxsmb.sys [2010/02/24 06:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINNT\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys [2011/07/15 08:29:35 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=FB2FCCC70F7174C7BF64F48E96D3ADF4 -- C:\WINNT\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys [2011/02/17 08:19:38 | 000,457,472 | ---- | M] (Microsoft Corporation) MD5=FB7DFD15D760AD339837A470F0E780D3 -- C:\WINNT\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys < MD5 for: NDIS.SYS > [2008/04/13 17:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINNT\system32\dllcache\ndis.sys [2008/04/13 17:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINNT\system32\drivers\ndis.sys < MD5 for: NETLOGON.DLL > [2008/04/16 23:50:11 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINNT\system32\dllcache\netlogon.dll [2008/04/16 23:50:11 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINNT\system32\netlogon.dll < MD5 for: RASACD.SYS > [2001/08/23 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINNT\system32\dllcache\rasacd.sys [2001/08/23 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINNT\system32\drivers\rasacd.sys < MD5 for: RDPCDD.SYS > [2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINNT\system32\dllcache\rdpcdd.sys [2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINNT\system32\drivers\rdpcdd.sys < MD5 for: REDBOOK.SYS > [2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:redbook.sys [2008/04/13 19:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINNT\system32\drivers\redbook.sys < MD5 for: SCECLI.DLL > [2008/04/13 22:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\system32\dllcache\scecli.dll [2008/04/13 22:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\system32\scecli.dll < MD5 for: SERVICES.EXE > [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINNT\$hf_mig$\KB956572\SP3QFE\services.exe [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINNT\system32\dllcache\services.exe [2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINNT\system32\services.exe < MD5 for: SMSS.EXE > [2008/04/13 22:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINNT\system32\dllcache\smss.exe [2008/04/13 22:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINNT\system32\smss.exe < MD5 for: SPOOLSV.EXE > [2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINNT\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINNT\system32\dllcache\spoolsv.exe [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINNT\system32\spoolsv.exe < MD5 for: SVCHOST.EXE > [2008/04/13 22:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\dllcache\svchost.exe [2008/04/13 22:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\svchost.exe < MD5 for: TCPIP.SYS > [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINNT\system32\dllcache\tcpip.sys [2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINNT\system32\drivers\tcpip.sys [2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINNT\$hf_mig$\KB2509553\SP3QFE\tcpip.sys [2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINNT\$hf_mig$\KB951748\SP3QFE\tcpip.sys < MD5 for: TERMDD.SYS > [2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:termdd.sys [2008/04/13 23:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINNT\system32\drivers\termdd.sys < MD5 for: USERINIT.EXE > [2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\dllcache\userinit.exe [2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\userinit.exe < MD5 for: WIN32K.SYS > [2010/08/31 08:38:48 | 001,861,888 | ---- | M] (Microsoft Corporation) MD5=51420D569A883CC13D656783B2C86D8E -- C:\WINNT\$hf_mig$\KB981957\SP3QFE\win32k.sys [2010/12/31 08:14:45 | 001,864,064 | ---- | M] (Microsoft Corporation) MD5=62FC2280FBEA1DCC64A276BCF71709D9 -- C:\WINNT\$hf_mig$\KB2479628\SP3QFE\win32k.sys [2009/04/17 10:20:20 | 001,847,808 | ---- | M] (Microsoft Corporation) MD5=7CEDA3396DECF312144BC788D699EE48 -- C:\WINNT\$hf_mig$\KB968537\SP3QFE\win32k.sys [2010/05/02 05:04:16 | 001,860,352 | ---- | M] (Microsoft Corporation) MD5=A3D4A7B714D4A74B7CD4296302F1A9FA -- C:\WINNT\$hf_mig$\KB979559\SP3QFE\win32k.sys [2011/06/02 09:07:35 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=BE79F0A0273DEF353BA5D1F43CBAD858 -- C:\WINNT\$hf_mig$\KB2555917\SP3QFE\win32k.sys [2010/06/23 21:14:38 | 001,861,120 | ---- | M] (Microsoft Corporation) MD5=C0B2DA12C5CB448F9EA3AF16416745CB -- C:\WINNT\$hf_mig$\KB2160329\SP3QFE\win32k.sys [2011/03/03 08:27:43 | 001,866,880 | ---- | M] (Microsoft Corporation) MD5=D302C0D9ADC931B598405D2C953B334B -- C:\WINNT\$hf_mig$\KB2506223\SP3QFE\win32k.sys [2011/06/02 09:02:05 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=E97153BE7D053976348554EFD71C53A8 -- C:\WINNT\system32\dllcache\win32k.sys [2011/06/02 09:02:05 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=E97153BE7D053976348554EFD71C53A8 -- C:\WINNT\system32\win32k.sys [2010/10/26 08:27:10 | 001,862,272 | ---- | M] (Microsoft Corporation) MD5=ED970A04FDAEAB9D9A5FA9B25E9196A8 -- C:\WINNT\$hf_mig$\KB2436673\SP3QFE\win32k.sys [2009/08/14 11:49:40 | 001,859,712 | ---- | M] (Microsoft Corporation) MD5=F6B54A56F02D24BF43E72662D44A6B14 -- C:\WINNT\$hf_mig$\KB969947\SP3QFE\win32k.sys < MD5 for: WINLOGON.EXE > [2008/04/13 22:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\dllcache\winlogon.exe [2008/04/13 22:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\winlogon.exe < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011/03/03 01:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dnsapi.dll [2011/06/23 13:36:29 | 011,081,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\ieframe.dll [2011/06/23 13:36:30 | 001,991,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\iertutil.dll [2008/04/13 22:42:02 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\mstask.dll [2008/04/16 23:50:11 | 000,068,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\ntdsapi.dll [2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\shell32.dll [2 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009/10/30 07:15:15 | 000,094,208 | ---- | M] () -- C:\WINNT\System32\config\default.sav [2009/10/30 07:15:15 | 001,093,632 | ---- | M] () -- C:\WINNT\System32\config\software.sav [2009/10/30 07:15:15 | 000,937,984 | ---- | M] () -- C:\WINNT\System32\config\system.sav < CREATERESTOREPOINT > ========== Alternate Data Streams ========== @Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1340E25B @Alternate Data Stream - 1351 bytes -> C:\Program Files\Outlook Express:i9CkdJIVMGJpN3LVwHNzX @Alternate Data Stream - 1294 bytes -> C:\Documents and Settings\fr025451\Cookies:uiGuDJBaKXX53jX2IjdGAmj @Alternate Data Stream - 1237 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:QN8NIpVOlohr2VKM4vZhRTTX @Alternate Data Stream - 1223 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:2nmI9EtZUExGE4AnQv57FB0COeUYEH @Alternate Data Stream - 1207 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:6cfDGIFENDIP1CKuNRfACAH < End of report > Merci encore de votre aide A tres bientot -------------- EDIT ------------------- Messages désimbriqués du sujet initial : http://forum.zebulon.fr/trojan-bundespolizei-t187592.html
×
×
  • Créer...