Virus divers et variés

iota · le 31 janvier 2011

Bonjour!

Je me retrouve depuis hier avec plusieurs infections. Des fichiers infectés ont étés trouvés avec antivir (principalement le "guard") et antimalware (utilisation en mode sans échec), mais ça ne semble pas suffire. Les symptômes? Détections de virus, pages ouvertes sur ie avec du son alors que j'utilise firefox, et ouverture sur des pages que firefox m'a automatiquement bloqué.

Rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:04:53, on 31/01/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\windows\System32\smss.exe

C:\windows\system32\winlogon.exe

C:\windows\system32\services.exe

C:\windows\system32\lsass.exe

C:\windows\system32\svchost.exe

C:\windows\System32\svchost.exe

C:\windows\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\windows\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\windows\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\program files\steam\steam.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

C:\windows\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\windows\system32\wuauclt.exe

C:\Documents and Settings\iota\Mes documents\Téléchargements\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.window s .fr/ie8/bienvenue

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: gonmakt - Invalid registry found

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\windows\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\windows\system32\services.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\windows\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\windows\System32\SCardSvr.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\windows\system32\smlogsvc.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\windows\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--

End of file - 11950 bytes

Voici les fichiers trouvés par antivir ces deux derniers jours:

Type: Fichier

Source : C:\WINDOWS\system32\gonmakt.dll

État : Contaminé

Objet quarantaine : 4f00749e.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/Spy.Gen

Date/Heure : 31/01/2011, 16:30

Type: Fichier

Source : C:\WINDOWS\Temp\0.5977751569365053.exe

État : Contaminé

Objet quarantaine : 575c12dd.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/Dropper.Gen

Date/Heure : 31/01/2011, 12:24

Type: Fichier

Source : C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\2\149ce82-64e974d2

État : Contaminé

Objet quarantaine : 4fcf3d62.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/Dropper.Gen

Date/Heure : 31/01/2011, 12:24

Type: Fichier

Source : C:\System Volume Information\_restore{3056FFEF-899F-4564-B24E-1F1AF2132254}\RP329\A0092271.exe

État : Contaminé

Objet quarantaine : 5f096fd5.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/Dynamer.dtc.48

Date/Heure : 30/01/2011, 23:22

Type: Fichier

Source : C:\Documents and Settings\LocalService\2pod.exe

État : Contaminé

Objet quarantaine : 4f0073d0.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/Dropper.Gen

Date/Heure : 30/01/2011, 22:04

Type: Fichier

Source : C:\Documents and Settings\LocalService\1pod.exe

État : Contaminé

Objet quarantaine : 4f0073ed.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/Dropper.Gen

Date/Heure : 30/01/2011, 22:03

Type: Fichier

Source : C:\WINDOWS\Temp\18A.tmp

État : Contaminé

Objet quarantaine : 4f321f4d.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/Crypt.XPACK.Gen3

Date/Heure : 30/01/2011, 20:37

Type: Fichier

Source : C:\WINDOWS\Temp\18C.tmp

État : Contaminé

Objet quarantaine : 05f46a02.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/Crypt.XPACK.Gen3

Date/Heure : 30/01/2011, 20:37

Type: Fichier

Source : C:\WINDOWS\Temp\18B.tmp

État : Contaminé

Objet quarantaine : 57a430ea.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/Crypt.XPACK.Gen3

Date/Heure : 30/01/2011, 20:37

Type: Fichier

Source : C:\Documents and Settings\iota\Local Settings\Temp\sshnas21.dll

État : Contaminé

Objet quarantaine : 4f191cc4.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/ATRAPS.Gen

Date/Heure : 30/01/2011, 20:34

Type: Fichier

Source : C:\WINDOWS\system32\sshnas21.dll

État : Contaminé

Objet quarantaine : 47461972.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/ATRAPS.Gen

Date/Heure : 30/01/2011, 20:32

Type: Fichier

Source : C:\WINDOWS\system32\sshnas21.dll

État : Contaminé

Objet quarantaine : 4f191c6b.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/ATRAPS.Gen

Date/Heure : 30/01/2011, 20:31

Type: Fichier

Source : C:\WINDOWS\system32\sshnas21.dll

État : Contaminé

Objet quarantaine : 4f191ddb.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/ATRAPS.Gen

Date/Heure : 30/01/2011, 20:30

Type: Fichier

Source : C:\WINDOWS\system32\sshnas21.dll

État : Contaminé

Objet quarantaine : 4f191d1d.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/ATRAPS.Gen

Date/Heure : 30/01/2011, 20:29

Type: Fichier

Source : C:\Documents and Settings\iota\Local Settings\Temp\Gvy.exe

État : Contaminé

Objet quarantaine : 4f0a1d45.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/ATRAPS.Gen

Date/Heure : 30/01/2011, 20:27

Type: Fichier

Source : C:\Documents and Settings\iota\Local Settings\Temp\Gvv.exe

État : Contaminé

Objet quarantaine : 4f0f182e.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/ATRAPS.Gen

Date/Heure : 30/01/2011, 20:15

Type: Fichier

Source : C:\WINDOWS\Gwipoa.exe

État : Contaminé

Objet quarantaine : 4f1e19b6.qua

Restauré : NON

Chargé vers Avira : NON

Système d'exploitation : Windows 2000/XP/VISTA Workstation

Moteur de recherche : 8.02.04.158

Fichier de définitions des virus : 7.11.02.31

Message : Contient le cheval de Troie TR/ATRAPS.Gen

Date/Heure : 30/01/2011, 20:13

Et les rapport antimalware:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5640

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

31/01/2011 14:12:58

mbam-log-2011-01-31 (14-12-57).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 166804

Temps écoulé: 24 minute(s), 38 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 1

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

c:\WINDOWS\Temp\0.6118201085289195.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Il avait deja trouvé ca auparavant:

Fichier(s) infecté(s):
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\WINDOWS\Temp\18A.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

Merci par avance!

Modifié le 31 janvier 2011 par iota

jeanmimigab · le 31 janvier 2011

Bonsoir,

Tu as touchés le gros lot :grin6:

Fais cela stp...

Télécharge >> TFC.exe << impérativement sur ton bureau
Ferme tous les programmes en cour de fonctionnement...
Fais un double-clic sur l'icône de TFC pour le lancer
Une demande va apparaitre pour te demander de redémarrer ton pc, cliques sur "YES" et laisse faire TFC.

ensuite...

Télécharge TDSSKiller (Kapersky Lab) sur ton bureau en allant sur cette page web

Comment combattre les programmes malveillants de la famille Rootkit.Win32.TDSS?

Dezzipe le et fais un double-clic dessus pour l'exécuter et si une détection apparait après le scanne,suis les instructions et autorise le redémarrage du pc

Poste le rapport "C:\TDSSKiller_Quarantine\date_heure

Ensuite...

Une fois que le PC a redémarrer, lance encore une fois TFC.exe et patiente le temps du redémarrage.

ensuite...

Après avoir effectué la mise à jour de malwarebyte, Choisis "exécuter un examen rapide", à la fin du scanne, coches tous les éléments trouvés,et clique sur supprimer la sélection.
Poste moi le rapport stp.

Il me faut donc le rapport TDSSKiller et Malwarebyte stp...

Bon courage

Modifié le 31 janvier 2011 par jeanmimigab

iota · le 31 janvier 2011

2011/01/31 20:07:56.0546 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
2011/01/31 20:07:56.0546 ================================================================================

2011/01/31 20:07:56.0546 SystemInfo:

2011/01/31 20:07:56.0546

2011/01/31 20:07:56.0546 OS Version: 5.1.2600 ServicePack: 3.0

2011/01/31 20:07:56.0546 Product type: Workstation

2011/01/31 20:07:56.0546 ComputerName: IOTACORP

2011/01/31 20:07:56.0546 UserName: iota

2011/01/31 20:07:56.0546 Windows directory: C:\windows

2011/01/31 20:07:56.0546 System windows directory: C:\windows

2011/01/31 20:07:56.0546 Processor architecture: Intel x86

2011/01/31 20:07:56.0546 Number of processors: 2

2011/01/31 20:07:56.0546 Page size: 0x1000

2011/01/31 20:07:56.0546 Boot type: Normal boot

2011/01/31 20:07:56.0546 ================================================================================

2011/01/31 20:07:56.0859 Initialize success

2011/01/31 20:07:59.0296 ================================================================================

2011/01/31 20:07:59.0296 Scan started

2011/01/31 20:07:59.0296 Mode: Manual;

2011/01/31 20:07:59.0296 ================================================================================

2011/01/31 20:08:00.0859 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\windows\system32\DRIVERS\ACPI.sys

2011/01/31 20:08:00.0906 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\windows\system32\DRIVERS\ACPIEC.sys

2011/01/31 20:08:00.0968 aec (8bed39e3c35d6a489438b8141717a557) C:\windows\system32\drivers\aec.sys

2011/01/31 20:08:01.0046 AFD (7e775010ef291da96ad17ca4b17137d7) C:\windows\System32\drivers\afd.sys

2011/01/31 20:08:01.0156 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\windows\system32\DRIVERS\arp1394.sys

2011/01/31 20:08:01.0250 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\windows\system32\DRIVERS\asyncmac.sys

2011/01/31 20:08:01.0406 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\windows\system32\DRIVERS\atapi.sys

2011/01/31 20:08:01.0437 Atmarpc (9916c1225104ba14794209cfa8012159) C:\windows\system32\DRIVERS\atmarpc.sys

2011/01/31 20:08:01.0500 audstub (d9f724aa26c010a217c97606b160ed68) C:\windows\system32\DRIVERS\audstub.sys

2011/01/31 20:08:01.0703 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/01/31 20:08:01.0875 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\windows\system32\DRIVERS\avgntflt.sys

2011/01/31 20:08:02.0031 avipbb (c306f96b5eac2d58774780ec4af5467b) C:\windows\system32\DRIVERS\avipbb.sys

2011/01/31 20:08:02.0234 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\windows\system32\drivers\Beep.sys

2011/01/31 20:08:02.0468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\windows\system32\drivers\cbidf2k.sys

2011/01/31 20:08:02.0578 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\windows\system32\DRIVERS\CCDECODE.sys

2011/01/31 20:08:02.0625 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\windows\system32\drivers\Cdaudio.sys

2011/01/31 20:08:02.0671 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\windows\system32\drivers\Cdfs.sys

2011/01/31 20:08:02.0703 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\windows\system32\DRIVERS\cdrom.sys

2011/01/31 20:08:02.0781 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\windows\system32\DRIVERS\CmBatt.sys

2011/01/31 20:08:02.0812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\windows\system32\DRIVERS\compbatt.sys

2011/01/31 20:08:02.0875 Disk (044452051f3e02e7963599fc8f4f3e25) C:\windows\system32\DRIVERS\disk.sys

2011/01/31 20:08:02.0953 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\windows\system32\drivers\dmboot.sys

2011/01/31 20:08:03.0031 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\windows\system32\drivers\dmio.sys

2011/01/31 20:08:03.0156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\windows\system32\drivers\dmload.sys

2011/01/31 20:08:03.0203 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\windows\system32\drivers\DMusic.sys

2011/01/31 20:08:03.0421 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys

2011/01/31 20:08:03.0453 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\windows\system32\drivers\drmkaud.sys

2011/01/31 20:08:03.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\windows\system32\drivers\Fastfat.sys

2011/01/31 20:08:03.0640 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\windows\system32\drivers\Fdc.sys

2011/01/31 20:08:03.0671 Fips (31f923eb2170fc172c81abda0045d18c) C:\windows\system32\drivers\Fips.sys

2011/01/31 20:08:03.0703 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\windows\system32\drivers\Flpydisk.sys

2011/01/31 20:08:03.0765 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\windows\system32\drivers\fltmgr.sys

2011/01/31 20:08:03.0875 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS

2011/01/31 20:08:04.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\windows\system32\drivers\Fs_Rec.sys

2011/01/31 20:08:04.0109 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\windows\system32\DRIVERS\ftdisk.sys

2011/01/31 20:08:04.0187 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

2011/01/31 20:08:04.0218 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\windows\system32\DRIVERS\msgpc.sys

2011/01/31 20:08:04.0281 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\windows\system32\DRIVERS\HDAudBus.sys

2011/01/31 20:08:04.0343 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\windows\system32\DRIVERS\hidusb.sys

2011/01/31 20:08:04.0437 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\windows\system32\DRIVERS\HSFHWAZL.sys

2011/01/31 20:08:04.0640 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\windows\system32\DRIVERS\HSF_DPV.sys

2011/01/31 20:08:04.0765 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\windows\system32\Drivers\HTTP.sys

2011/01/31 20:08:04.0906 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\windows\system32\DRIVERS\i8042prt.sys

2011/01/31 20:08:05.0406 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\windows\system32\DRIVERS\igxpmp32.sys

2011/01/31 20:08:05.0718 IFXTPM (0a359837e021bc04a04a6fd189492c65) C:\windows\system32\DRIVERS\IFXTPM.SYS

2011/01/31 20:08:05.0765 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\windows\system32\DRIVERS\imapi.sys

2011/01/31 20:08:05.0937 intelppm (ad340800c35a42d4de1641a37feea34c) C:\windows\system32\DRIVERS\intelppm.sys

2011/01/31 20:08:05.0968 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\windows\system32\drivers\ip6fw.sys

2011/01/31 20:08:06.0140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\windows\system32\DRIVERS\ipfltdrv.sys

2011/01/31 20:08:06.0265 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\windows\system32\DRIVERS\ipinip.sys

2011/01/31 20:08:06.0296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\windows\system32\DRIVERS\ipnat.sys

2011/01/31 20:08:06.0328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\windows\system32\DRIVERS\ipsec.sys

2011/01/31 20:08:06.0390 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\windows\system32\DRIVERS\irenum.sys

2011/01/31 20:08:06.0453 isapnp (355836975a67b6554bca60328cd6cb74) C:\windows\system32\DRIVERS\isapnp.sys

2011/01/31 20:08:06.0546 Kbdclass (16813155807c6881f4bfbf6657424659) C:\windows\system32\DRIVERS\kbdclass.sys

2011/01/31 20:08:06.0578 kmixer (692bcf44383d056aed41b045a323d378) C:\windows\system32\drivers\kmixer.sys

2011/01/31 20:08:06.0640 KSecDD (b467646c54cc746128904e1654c750c1) C:\windows\system32\drivers\KSecDD.sys

2011/01/31 20:08:06.0718 mdmxsdk (e246a32c445056996074a397da56e815) C:\windows\system32\DRIVERS\mdmxsdk.sys

2011/01/31 20:08:06.0765 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\windows\system32\drivers\mnmdd.sys

2011/01/31 20:08:06.0875 Modem (510ade9327fe84c10254e1902697e25f) C:\windows\system32\drivers\Modem.sys

2011/01/31 20:08:06.0937 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\windows\system32\DRIVERS\mouclass.sys

2011/01/31 20:08:07.0062 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\windows\system32\DRIVERS\mouhid.sys

2011/01/31 20:08:07.0093 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\windows\system32\drivers\MountMgr.sys

2011/01/31 20:08:07.0125 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\windows\system32\DRIVERS\mrxdav.sys

2011/01/31 20:08:07.0218 MRxSmb (f3aefb11abc521122b67095044169e98) C:\windows\system32\DRIVERS\mrxsmb.sys

2011/01/31 20:08:07.0281 Msfs (c941ea2454ba8350021d774daf0f1027) C:\windows\system32\drivers\Msfs.sys

2011/01/31 20:08:07.0312 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\windows\system32\drivers\MSKSSRV.sys

2011/01/31 20:08:07.0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\windows\system32\drivers\MSPCLOCK.sys

2011/01/31 20:08:07.0421 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\windows\system32\drivers\MSPQM.sys

2011/01/31 20:08:07.0468 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\windows\system32\DRIVERS\mssmbios.sys

2011/01/31 20:08:07.0515 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\windows\system32\drivers\MSTEE.sys

2011/01/31 20:08:07.0531 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\windows\system32\drivers\Mup.sys

2011/01/31 20:08:07.0578 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\windows\system32\DRIVERS\NABTSFEC.sys

2011/01/31 20:08:07.0687 NDIS (1df7f42665c94b825322fae71721130d) C:\windows\system32\drivers\NDIS.sys

2011/01/31 20:08:07.0750 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\windows\system32\DRIVERS\NdisIP.sys

2011/01/31 20:08:07.0781 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\windows\system32\DRIVERS\ndistapi.sys

2011/01/31 20:08:07.0843 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\windows\system32\DRIVERS\ndisuio.sys

2011/01/31 20:08:07.0937 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\windows\system32\DRIVERS\ndiswan.sys

2011/01/31 20:08:08.0000 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\windows\system32\drivers\NDProxy.sys

2011/01/31 20:08:08.0031 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\windows\system32\DRIVERS\netbios.sys

2011/01/31 20:08:08.0125 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\windows\system32\DRIVERS\netbt.sys

2011/01/31 20:08:08.0171 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\windows\system32\DRIVERS\nic1394.sys

2011/01/31 20:08:08.0187 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\windows\system32\drivers\Npfs.sys

2011/01/31 20:08:08.0250 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\windows\system32\drivers\Ntfs.sys

2011/01/31 20:08:08.0328 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\windows\system32\DRIVERS\NuidFltr.sys

2011/01/31 20:08:08.0468 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\windows\system32\drivers\Null.sys

2011/01/31 20:08:08.0671 nv (6866504ee1570ef783309abfb56f87e5) C:\windows\system32\DRIVERS\nv4_mini.sys

2011/01/31 20:08:08.0953 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\windows\system32\DRIVERS\nwlnkflt.sys

2011/01/31 20:08:09.0000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\windows\system32\DRIVERS\nwlnkfwd.sys

2011/01/31 20:08:09.0109 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\windows\system32\DRIVERS\ohci1394.sys

2011/01/31 20:08:09.0140 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\windows\system32\drivers\Parport.sys

2011/01/31 20:08:09.0156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\windows\system32\drivers\PartMgr.sys

2011/01/31 20:08:09.0203 ParVdm (9575c5630db8fb804649a6959737154c) C:\windows\system32\drivers\ParVdm.sys

2011/01/31 20:08:09.0265 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\windows\system32\DRIVERS\pccsmcfd.sys

2011/01/31 20:08:09.0359 PCI (043410877bda580c528f45165f7125bc) C:\windows\system32\DRIVERS\pci.sys

2011/01/31 20:08:09.0406 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\windows\system32\DRIVERS\pciide.sys

2011/01/31 20:08:09.0421 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\windows\system32\DRIVERS\pcmcia.sys

2011/01/31 20:08:09.0500 PenClass (4a108cc9cc0e0605e68cce7021479879) C:\windows\system32\drivers\PenClass.sys

2011/01/31 20:08:09.0656 Point32 (60a044879c4fa76314494f5fddc43b93) C:\windows\system32\DRIVERS\point32.sys

2011/01/31 20:08:09.0718 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\windows\system32\DRIVERS\raspptp.sys

2011/01/31 20:08:09.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\windows\system32\DRIVERS\psched.sys

2011/01/31 20:08:09.0828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\windows\system32\DRIVERS\ptilink.sys

2011/01/31 20:08:09.0906 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\windows\system32\Drivers\PxHelp20.sys

2011/01/31 20:08:10.0140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\windows\system32\DRIVERS\rasacd.sys

2011/01/31 20:08:10.0171 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\windows\system32\DRIVERS\rasl2tp.sys

2011/01/31 20:08:10.0265 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\windows\system32\DRIVERS\raspppoe.sys

2011/01/31 20:08:10.0328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\windows\system32\DRIVERS\raspti.sys

2011/01/31 20:08:10.0375 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\windows\system32\DRIVERS\rdbss.sys

2011/01/31 20:08:10.0390 RDPCDD (4912d5b403614ce99c28420f75353332) C:\windows\system32\DRIVERS\RDPCDD.sys

2011/01/31 20:08:10.0421 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\windows\system32\DRIVERS\rdpdr.sys

2011/01/31 20:08:10.0484 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\windows\system32\drivers\RDPWD.sys

2011/01/31 20:08:10.0906 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\windows\system32\DRIVERS\redbook.sys

2011/01/31 20:08:10.0984 SCDEmu (ee7a1b6e155258288d99be61190e1112) C:\windows\system32\drivers\SCDEmu.sys

2011/01/31 20:08:11.0109 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\DRIVERS\secdrv.sys

2011/01/31 20:08:11.0187 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\windows\system32\drivers\Serial.sys

2011/01/31 20:08:11.0218 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\windows\system32\drivers\Sfloppy.sys

2011/01/31 20:08:11.0250 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\windows\system32\DRIVERS\SLIP.sys

2011/01/31 20:08:11.0312 SNC (1a992c8136c015453e82041c35b299da) C:\windows\system32\DRIVERS\SonyNC.sys

2011/01/31 20:08:11.0390 SPI (bfd0e6f53957af8156084c436b825f70) C:\windows\system32\DRIVERS\SonyPI.sys

2011/01/31 20:08:11.0406 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\windows\system32\drivers\splitter.sys

2011/01/31 20:08:11.0531 sr (39626e6dc1fb39434ec40c42722b660a) C:\windows\system32\DRIVERS\sr.sys

2011/01/31 20:08:11.0578 Srv (0f6aefad3641a657e18081f52d0c15af) C:\windows\system32\DRIVERS\srv.sys

2011/01/31 20:08:11.0703 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\windows\system32\DRIVERS\sscdbus.sys

2011/01/31 20:08:11.0750 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\windows\system32\DRIVERS\sscdmdfl.sys

2011/01/31 20:08:11.0828 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\windows\system32\DRIVERS\sscdmdm.sys

2011/01/31 20:08:11.0906 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys

2011/01/31 20:08:12.0109 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\windows\system32\drivers\sthda.sys

2011/01/31 20:08:12.0187 streamip (77813007ba6265c4b6098187e6ed79d2) C:\windows\system32\DRIVERS\StreamIP.sys

2011/01/31 20:08:12.0234 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\windows\system32\DRIVERS\swenum.sys

2011/01/31 20:08:12.0265 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\windows\system32\drivers\swmidi.sys

2011/01/31 20:08:12.0343 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\windows\system32\drivers\sysaudio.sys

2011/01/31 20:08:12.0437 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\windows\system32\DRIVERS\tcpip.sys

2011/01/31 20:08:12.0593 TcUsb (64abea4001f8eb869385e65d85bc302b) C:\windows\system32\Drivers\tcusb.sys

2011/01/31 20:08:12.0656 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\windows\system32\drivers\TDPIPE.sys

2011/01/31 20:08:12.0671 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\windows\system32\drivers\TDTCP.sys

2011/01/31 20:08:12.0765 TermDD (88155247177638048422893737429d9e) C:\windows\system32\DRIVERS\termdd.sys

2011/01/31 20:08:12.0843 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\windows\system32\drivers\ti21sony.sys

2011/01/31 20:08:12.0890 toshidpt (e362d54fd394999c4178936396664e57) C:\windows\system32\drivers\Toshidpt.sys

2011/01/31 20:08:13.0015 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\windows\system32\DRIVERS\tosporte.sys

2011/01/31 20:08:13.0078 tosrfbd (b758fda2e4389dc41688e4b8cee832a0) C:\windows\system32\DRIVERS\tosrfbd.sys

2011/01/31 20:08:13.0109 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\windows\system32\Drivers\tosrfbnp.sys

2011/01/31 20:08:13.0187 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\windows\system32\Drivers\tosrfcom.sys

2011/01/31 20:08:13.0234 Tosrfhid (28099a4e52148319afa685d93a2244d0) C:\windows\system32\DRIVERS\Tosrfhid.sys

2011/01/31 20:08:13.0250 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\windows\system32\DRIVERS\tosrfnds.sys

2011/01/31 20:08:13.0328 TosRfSnd (7c0999169ef696f10761bf8275027330) C:\windows\system32\drivers\tosrfsnd.sys

2011/01/31 20:08:13.0437 Tosrfusb (20cc46c5d3326122e1a0a8c9dad00e0d) C:\windows\system32\DRIVERS\tosrfusb.sys

2011/01/31 20:08:13.0515 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\windows\system32\drivers\Udfs.sys

2011/01/31 20:08:13.0625 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\windows\system32\DRIVERS\update.sys

2011/01/31 20:08:13.0734 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\windows\system32\Drivers\usbaapl.sys

2011/01/31 20:08:13.0765 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\windows\system32\DRIVERS\usbccgp.sys

2011/01/31 20:08:13.0843 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\windows\system32\DRIVERS\usbehci.sys

2011/01/31 20:08:13.0875 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\windows\system32\DRIVERS\usbhub.sys

2011/01/31 20:08:13.0968 usbprint (a717c8721046828520c9edf31288fc00) C:\windows\system32\DRIVERS\usbprint.sys

2011/01/31 20:08:14.0078 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\windows\system32\DRIVERS\usbscan.sys

2011/01/31 20:08:14.0203 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\windows\system32\DRIVERS\USBSTOR.SYS

2011/01/31 20:08:14.0281 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\windows\system32\DRIVERS\usbuhci.sys

2011/01/31 20:08:14.0359 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\windows\system32\Drivers\usbvideo.sys

2011/01/31 20:08:14.0406 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\windows\System32\drivers\vga.sys

2011/01/31 20:08:14.0546 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\windows\system32\drivers\VolSnap.sys

2011/01/31 20:08:14.0765 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\windows\system32\DRIVERS\w39n51.sys

2011/01/31 20:08:14.0875 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\windows\system32\DRIVERS\wanarp.sys

2011/01/31 20:08:14.0984 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\windows\system32\DRIVERS\Wdf01000.sys

2011/01/31 20:08:15.0078 wdmaud (6768acf64b18196494413695f0c3a00f) C:\windows\system32\drivers\wdmaud.sys

2011/01/31 20:08:15.0187 WIBUKEY (4d7602b0b5ca33720cbe08cbc4a9d8e3) C:\windows\system32\DRIVERS\WibuKey.sys

2011/01/31 20:08:15.0312 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\windows\system32\DRIVERS\HSF_CNXT.sys

2011/01/31 20:08:15.0484 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\windows\system32\DRIVERS\WSTCODEC.SYS

2011/01/31 20:08:15.0531 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\windows\system32\DRIVERS\WudfPf.sys

2011/01/31 20:08:15.0609 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\windows\system32\DRIVERS\wudfrd.sys

2011/01/31 20:08:15.0734 yukonwxp (96982cb3611bd4db9ed7a5ff2c29219f) C:\windows\system32\DRIVERS\yk51x86.sys

2011/01/31 20:08:15.0781 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/01/31 20:08:15.0781 ================================================================================

2011/01/31 20:08:15.0781 Scan finished

2011/01/31 20:08:15.0781 ================================================================================

2011/01/31 20:08:15.0796 Detected object count: 1

2011/01/31 20:09:05.0921 \HardDisk0 - will be cured after reboot

2011/01/31 20:09:05.0921 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/01/31 20:09:11.0171 Deinitialize success

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5640

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

31/01/2011 20:47:03

mbam-log-2011-01-31 (20-47-03).txt

Type d'examen: Examen rapide

Elément(s) analysé(s): 167236

Temps écoulé: 4 minute(s), 4 seconde(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 3

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

voila ! Semblerait qu'il y'avait encore du nuisible dans le coin^^.

jeanmimigab · le 31 janvier 2011

hello,

TDSS avait infecté ta MBR, donc tant que celle-ci n'était pas traitée, ton infection se serait régénérée...

Fais cela pour que j'y vois plus claire...

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

NetSvcs

%systemroot%\system32\drivers\*.sys /lockedfiles

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

explorer.exe

userinit.exe

winlogon.exe

wininit.exe

tcpip.sys

Sfloppy.sys

Changer.sys

cdrom.sys

disk.sys

ndis.sys

usbscan.sys

usbprint.sys

tdtcp.sys

tdpipe.sys

swmidi.sys

splitter.sys

rdpwd.sys

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

RASACD.SYS

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).

* Copie et colle les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL

iota · le 31 janvier 2011

OTL logfile created on: 31/01/2011 21:05:40 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\iota\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,05 Gb Total Space | 21,97 Gb Free Space | 14,74% Space Free | Partition Type: NTFS

Computer Name: IOTACORP | User Name: iota | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\iota\Bureau\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe (TOSHIBA CORPORATION.)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)

PRC - C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\iota\Bureau\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll (Microsoft Corporation)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)

MOD - C:\WINDOWS\system32\mlang.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\TabHook.dll (Wacom Technology, Corp.)

========== Win32 Services (SafeList) ==========

SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()

SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (TabletService) -- C:\WINDOWS\system32\Tablet.exe (Wacom Technology, Corp.)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (CybelSoft)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (WIBUKEY) -- C:\WINDOWS\system32\drivers\WibuKey.sys (WIBU-SYSTEMS AG)

DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()

DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)

DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)

DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)

DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)

DRV - (SCDEmu) -- C:\windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)

DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)

DRV - (tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (TosRfSnd) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys (TOSHIBA Corporation)

DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)

DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments)

DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)

DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)

DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (SPI) -- C:\WINDOWS\system32\drivers\SonyPI.sys (Sony Corporation)

DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)

DRV - (PenClass) -- C:\windows\system32\drivers\PenClass.sys (Wacom Technology Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-1715567821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.window s .fr/ie8/bienvenue

IE - HKU\S-1-5-21-329068152-1715567821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-1715567821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2

FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/03 19:11:30 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/16 23:26:47 | 000,000,000 | ---D | M]

[2009/09/04 22:13:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\iota\Application Data\Mozilla\Extensions

[2011/01/31 18:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\iota\Application Data\Mozilla\Firefox\Profiles\mz24eg6v.default\extensions

[2009/09/15 11:14:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\iota\Application Data\Mozilla\Firefox\Profiles\mz24eg6v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/13 19:54:44 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\iota\Application Data\Mozilla\Firefox\Profiles\mz24eg6v.default\extensions\en-GB@dictionaries.addons.mozilla.org

[2011/01/31 18:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/01/07 22:01:44 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2009/09/04 23:12:53 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

[2010/03/01 23:24:30 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF

[2010/06/27 19:48:36 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2010/06/27 19:48:36 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/06/27 19:48:36 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2010/06/27 19:48:36 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2010/06/27 19:48:36 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/01/20 22:22:58 | 000,000,821 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 activate.adobe.com

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.

O3 - HKU\S-1-5-21-329068152-1715567821-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKU\.DEFAULT..\Run: [CE8SIIFGSU] File not found

O4 - HKU\S-1-5-18..\Run: [CE8SIIFGSU] File not found

O4 - HKU\S-1-5-21-329068152-1715567821-725345543-1003..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()

O4 - HKU\S-1-5-21-329068152-1715567821-725345543-1003..\Run: [steam] c:\program files\steam\steam.exe (Valve Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-329068152-1715567821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.s un.com/update/1.6.0/jin s tall-1_6_0_16-window s -i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.s un.com/update/1.6.0/jin s tall-1_6_0_16-window s -i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.s un.com/update/1.6.0/jin s tall-1_6_0_16-window s -i586.cab (Java Plug-in 1.6.0_16)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\gonmakt: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\iota\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\iota\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O29 - HKLM SecurityProviders - (mgxvnhyj.dll) - C:\windows\System32\mgxvnhyj.dll ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/01/06 11:50:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{1343b92c-04d4-11df-b334-0019c1b44477}\Shell - "" = AutoRun

O33 - MountPoints2\{1343b92c-04d4-11df-b334-0019c1b44477}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL zakzouk.vbs

O33 - MountPoints2\{1756d245-ff55-11de-b328-0019c1b44477}\Shell\AutoRun\command - "" = I:\VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe

O33 - MountPoints2\{1756d245-ff55-11de-b328-0019c1b44477}\Shell\open\command - "" = I:\VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe

O33 - MountPoints2\{1f206910-25db-11df-b362-0019c1b44477}\Shell\AutoRun\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe

O33 - MountPoints2\{1f206910-25db-11df-b362-0019c1b44477}\Shell\open\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe

O33 - MountPoints2\{2e60a8d3-d5bf-11de-b2df-0019c1b44477}\Shell\AutoRun\command - "" = sysusb/usbdur.exe

O33 - MountPoints2\{2e60a8d3-d5bf-11de-b2df-0019c1b44477}\Shell\explore\command - "" = sysusb/usbdur.exe

O33 - MountPoints2\{2e60a8d3-d5bf-11de-b2df-0019c1b44477}\Shell\open\command - "" = sysusb/usbdur.exe

O33 - MountPoints2\{b76cf27c-0b26-11df-b345-0019c1b44477}\Shell\AutoRun\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe

O33 - MountPoints2\{b76cf27c-0b26-11df-b345-0019c1b44477}\Shell\open\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe

O33 - MountPoints2\{e1908915-3840-11df-b376-0019c1b44477}\Shell\AutoRun\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe

O33 - MountPoints2\{e1908915-3840-11df-b376-0019c1b44477}\Shell\open\command - "" = VLkmed0349-v-sd90jk129-0G\1490304-609127988309-709234\taskmgr.exe

O33 - MountPoints2\{e3da5236-6e1b-11df-b3be-0019c1b44477}\Shell - "" = AutoRun

O33 - MountPoints2\{e3da5236-6e1b-11df-b3be-0019c1b44477}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{fb0c655e-e89f-11de-b308-0019c1b44477}\Shell\AutoRun\command - "" = I:\sysusb/usbdur.exe

O33 - MountPoints2\{fb0c655e-e89f-11de-b308-0019c1b44477}\Shell\explore\command - "" = I:\sysusb/usbdur.exe

O33 - MountPoints2\{fb0c655e-e89f-11de-b308-0019c1b44477}\Shell\open\command - "" = I:\sysusb/usbdur.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: SSHNAS - File not found

MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found

MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found

MsConfig - StartUpReg: Persistence - hkey= - key= - File not found

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {21F27821-FBAD-E216-868D-B0E869438898} - Internet Explorer

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4D94BED0-7E9A-787D-8CF3-02C6A9D719EE} - Internet Explorer

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {B340DBDB-C344-9D38-A49E-061FDF6BD5D4} - Personnalisation du navigateur

ActiveX: {BB515277-F963-DD4D-F6CC-CE34FE6F327F} - Rendu VML (Vector Graphics Rendering)

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C21DD7FC-18EE-D8EF-A838-1F5366525822} - Microsoft Windows Media Player 6.4

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E533E1D4-5994-E5F9-9B51-9A9DEC899C30} - Internet Explorer

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: >{CB58DED6-4AF3-4080-9DF1-DEE72075169F} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: SSHNAS - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/31 21:02:48 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\iota\Bureau\OTL.exe

[2011/01/31 20:07:53 | 001,350,232 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\iota\Bureau\TDSSKiller.exe

[2011/01/31 19:40:26 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\iota\Bureau\TFC.exe

[2011/01/31 19:37:45 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\up.exe

[2011/01/31 19:37:04 | 000,000,000 | ---D | C] -- C:\Adobe

[2011/01/31 13:11:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\iota\Recent

[2011/01/31 11:37:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2011/01/31 11:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2011/01/30 21:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2011/01/30 21:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2011/01/30 19:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2011/01/30 19:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2011/01/30 19:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WibuKey

[2011/01/30 19:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Graphisoft Shared

[2011/01/30 17:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iota\Mes documents\Updater5

[2011/01/30 15:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iota\Bureau\FLUIDES RESEAUX

[2011/01/30 15:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iota\Bureau\book

[2011/01/30 15:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iota\Bureau\persos divers

[2011/01/24 14:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Souris Microsoft

[2011/01/24 14:01:39 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\spmsgXP_2k3.dll

[2011/01/24 14:01:14 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wdfcoinstaller01009.dll

[2011/01/24 14:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint

[2011/01/24 13:51:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com

[2011/01/23 14:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\VMR2.part1

[2011/01/23 13:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Silverlight

[2011/01/20 22:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2011/01/20 22:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iota\Maxwell

[2011/01/19 11:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Vector Magic

[2011/01/12 13:54:31 | 000,000,000 | ---D | C] -- C:\01c4c24c21e4e782cf40

[2011/01/09 17:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Chrome

[2011/01/09 17:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Earth

[2011/01/09 11:58:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\kid_loco-the_remix_album-2009

[2011/01/09 11:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Kid.Loco.Party.Animals

[2011/01/07 22:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iota\Application Data\skypePM

[2011/01/07 22:01:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Skype

[2011/01/07 22:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Skype

[2011/01/07 22:01:25 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2011/01/07 22:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iota\Application Data\Skype

[2011/01/07 22:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype

[2011/01/03 19:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iota\Application Data\Malwarebytes

[2011/01/03 19:45:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys

[2011/01/03 19:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware

[2011/01/03 19:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2011/01/03 19:45:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2011/01/03 19:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/01/03 19:33:23 | 000,000,000 | ---D | C] -- C:\windows\System32\NtmsData

[2011/01/02 21:43:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iota\Bureau\partiel

[2011/01/02 15:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\iota\Application Data\Grasshopper

[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/31 21:02:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\iota\Bureau\OTL.exe

[2011/01/31 20:47:59 | 000,054,016 | ---- | M] () -- C:\windows\System32\drivers\oaqpp.sys

[2011/01/31 20:21:08 | 000,013,646 | ---- | M] () -- C:\windows\System32\wpa.dbl

[2011/01/31 20:21:06 | 000,001,056 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/01/31 20:20:48 | 000,012,400 | ---- | M] () -- C:\windows\System32\tablet.dat

[2011/01/31 20:20:35 | 000,001,052 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/01/31 20:20:26 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat

[2011/01/31 20:00:35 | 001,237,433 | ---- | M] () -- C:\Documents and Settings\iota\Bureau\tdsskiller.zip

[2011/01/31 19:06:31 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\iota\Bureau\TFC.exe

[2011/01/31 16:28:52 | 000,047,616 | ---- | M] () -- C:\windows\System32\mgxvnhyj.dll

[2011/01/30 19:17:47 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\iota\Application Data\Microsoft\Internet Explorer\Quick Launch\Start ArchiCAD 14.lnk

[2011/01/30 19:15:48 | 000,019,154 | ---- | M] () -- C:\windows\vpd.properties

[2011/01/30 19:11:24 | 000,231,424 | ---- | M] () -- C:\Documents and Settings\iota\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/01/28 13:46:06 | 000,501,138 | ---- | M] () -- C:\windows\System32\perfh00C.dat

[2011/01/28 13:46:06 | 000,432,690 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2011/01/28 13:46:06 | 000,080,946 | ---- | M] () -- C:\windows\System32\perfc00C.dat

[2011/01/28 13:46:06 | 000,067,646 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2011/01/25 00:14:39 | 001,668,816 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2011/01/24 23:20:41 | 000,000,294 | ---- | M] () -- C:\windows\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

[2011/01/24 14:01:49 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_point32_01009.Wdf

[2011/01/24 14:01:46 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2011/01/23 12:23:19 | 000,463,870 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\HLLVTKA.zip

[2011/01/22 19:39:18 | 001,350,232 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\iota\Bureau\TDSSKiller.exe

[2011/01/20 22:34:15 | 000,633,190 | ---- | M] () -- C:\Documents and Settings\iota\bbg.png

[2011/01/20 22:19:35 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Lightroom 3.2.lnk

[2011/01/20 22:08:20 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\iota\Bureau\Maxwell Render Node.lnk

[2011/01/20 22:08:20 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\iota\Bureau\Maxwell Monitor.lnk

[2011/01/20 22:08:20 | 000,001,775 | ---- | M] () -- C:\Documents and Settings\iota\Bureau\Maxwell Manager.lnk

[2011/01/20 22:08:19 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\iota\Bureau\Maxwell Render.lnk

[2011/01/20 22:08:19 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\iota\Bureau\Maxwell Studio.lnk

[2011/01/20 22:08:19 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\iota\Bureau\Material Editor.lnk

[2011/01/19 11:31:52 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\iota\Application Data\Microsoft\Internet Explorer\Quick Launch\Vector Magic.lnk

[2011/01/14 09:22:38 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk

[2011/01/13 19:04:58 | 000,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store

[2011/01/09 17:24:29 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\iota\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/01/09 17:23:52 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk

[2011/01/09 11:27:56 | 160,236,709 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Kid.Loco.Party.Animals.rar

[2011/01/08 12:05:28 | 109,998,115 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\kid_loco-the_remix_album-2009.rar

[2011/01/07 22:02:22 | 000,000,056 | -H-- | M] () -- C:\windows\System32\ezsidmv.dat

[2011/01/07 22:01:28 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk

[2011/01/02 17:44:22 | 026,702,022 | ---- | M] () -- C:\Documents and Settings\iota\Mes documents\htwk-lecture.pdf

[2011/01/02 15:21:25 | 011,058,131 | ---- | M] () -- C:\Documents and Settings\iota\Mes documents\Grasshopper%20Primer_Second%20Edition_090323.pdf

[2011/01/01 22:53:37 | 003,305,479 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\bunkercF.skp

[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/31 20:47:59 | 000,054,016 | ---- | C] () -- C:\windows\System32\drivers\oaqpp.sys

[2011/01/31 19:59:58 | 001,237,433 | ---- | C] () -- C:\Documents and Settings\iota\Bureau\tdsskiller.zip

[2011/01/31 16:28:52 | 000,047,616 | ---- | C] () -- C:\windows\System32\mgxvnhyj.dll

[2011/01/31 15:59:07 | 1237,667,840 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\AC14-FRA_X86.iso

[2011/01/30 19:17:47 | 000,000,916 | ---- | C] () -- C:\Documents and Settings\iota\Application Data\Microsoft\Internet Explorer\Quick Launch\Start ArchiCAD 14.lnk

[2011/01/24 14:02:04 | 000,000,294 | ---- | C] () -- C:\windows\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

[2011/01/24 14:01:49 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_point32_01009.Wdf

[2011/01/24 14:01:46 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

[2011/01/23 14:31:39 | 000,463,870 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\HLLVTKA.zip

[2011/01/20 22:34:14 | 000,633,190 | ---- | C] () -- C:\Documents and Settings\iota\bbg.png

[2011/01/20 22:19:35 | 000,001,834 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Lightroom 3.2.lnk

[2011/01/20 22:19:34 | 000,001,828 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Adobe Photoshop Lightroom 3.2.lnk

[2011/01/20 22:08:20 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\iota\Bureau\Maxwell Render Node.lnk

[2011/01/20 22:08:20 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\iota\Bureau\Maxwell Monitor.lnk

[2011/01/20 22:08:20 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\iota\Bureau\Maxwell Manager.lnk

[2011/01/20 22:08:19 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\iota\Bureau\Maxwell Render.lnk

[2011/01/20 22:08:19 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\iota\Bureau\Maxwell Studio.lnk

[2011/01/20 22:08:19 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\iota\Bureau\Material Editor.lnk

[2011/01/19 11:31:52 | 000,000,704 | ---- | C] () -- C:\Documents and Settings\iota\Application Data\Microsoft\Internet Explorer\Quick Launch\Vector Magic.lnk

[2011/01/13 19:04:58 | 000,006,148 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\.DS_Store

[2011/01/09 17:24:29 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk

[2011/01/09 17:24:29 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\iota\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/01/09 17:23:52 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk

[2011/01/09 12:28:44 | 003,305,479 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\bunkercF.skp

[2011/01/09 11:56:18 | 109,998,115 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\kid_loco-the_remix_album-2009.rar

[2011/01/09 11:56:11 | 160,236,709 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Kid.Loco.Party.Animals.rar

[2011/01/07 22:02:22 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat

[2011/01/07 22:01:28 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk

[2011/01/02 17:43:48 | 026,702,022 | ---- | C] () -- C:\Documents and Settings\iota\Mes documents\htwk-lecture.pdf

[2011/01/02 15:21:25 | 011,058,131 | ---- | C] () -- C:\Documents and Settings\iota\Mes documents\Grasshopper%20Primer_Second%20Edition_090323.pdf

[2010/07/03 22:08:48 | 000,508,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2010/06/19 23:07:28 | 000,015,360 | ---- | C] () -- C:\windows\System32\BASSMOD.dll

[2010/05/10 19:15:23 | 000,000,098 | ---- | C] () -- C:\windows\WirelessFTP.INI

[2010/02/03 18:09:42 | 000,000,721 | ---- | C] () -- C:\windows\MaxwellRender.ini

[2009/10/19 12:55:13 | 000,147,456 | ---- | C] () -- C:\windows\System32\igfxCoIn_v4926.dll

[2009/10/05 10:35:12 | 000,110,592 | ---- | C] () -- C:\windows\System32\FsUsbExDevice.Dll

[2009/10/05 10:35:12 | 000,036,608 | ---- | C] () -- C:\windows\System32\FsUsbExDisk.Sys

[2009/10/05 10:35:03 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\iota\Application Data\$_hpcst$.hpc

[2009/10/04 18:21:14 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll

[2009/09/13 13:56:40 | 000,015,744 | ---- | C] () -- C:\windows\System32\Wintab.dll

[2009/09/07 23:04:27 | 002,463,976 | ---- | C] () -- C:\windows\System32\NPSWF32.dll

[2009/09/04 22:17:39 | 000,231,424 | ---- | C] () -- C:\Documents and Settings\iota\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/04 20:34:19 | 000,004,205 | ---- | C] () -- C:\windows\ODBCINST.INI

[2009/09/04 20:21:18 | 000,000,000 | ---- | C] () -- C:\windows\tosOBEX.INI

[2009/09/04 16:55:49 | 000,098,304 | ---- | C] () -- C:\windows\System32\nvapi.dll

[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\windows\System32\drivers\StarOpen.sys

[2006/10/31 16:37:00 | 000,114,688 | ---- | C] () -- C:\windows\System32\TosBtAcc.dll

[2006/08/10 14:00:52 | 000,094,208 | ---- | C] () -- C:\windows\System32\TosBtHcrpAPI.dll

[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/01/19 00:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Abvent

[2010/10/21 21:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASGVIS

[2010/09/12 10:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASGVIS_bak

[2010/05/16 09:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2010/01/21 18:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2011/01/24 13:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com

[2010/03/08 22:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel

[2009/10/05 10:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2010/10/07 15:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2010/06/20 09:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/06/26 18:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2009/10/19 12:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB

[2010/05/17 21:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/09/08 11:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Abvent

[2010/01/21 22:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Abvent_Artlantis2

[2011/01/27 18:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Abvent_Artlantis3

[2010/05/16 09:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Autodesk

[2009/09/04 22:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Blender Foundation

[2010/12/15 02:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\DocClockGame

[2010/05/24 18:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\EPSON

[2010/06/03 00:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\FreeVideoConverter

[2011/01/30 19:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Graphisoft

[2011/01/02 15:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Grasshopper

[2010/11/03 21:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\gtk-2.0

[2010/06/28 18:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Moi

[2010/08/29 21:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Mount&Blade Warband

[2009/09/04 23:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\OpenOffice.org

[2009/10/05 10:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\PC Suite

[2010/03/02 00:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\pdfforge

[2011/01/25 03:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\PixPlant2

[2010/06/14 17:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\RandomControl

[2010/12/31 17:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Reign of Augustus

[2010/06/30 08:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\runic games

[2009/10/05 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Samsung

[2010/03/02 00:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Search Settings

[2010/06/27 09:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\The Creative Assembly

[2010/06/15 00:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Thinstall

[2010/05/10 19:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Toshiba

[2010/06/26 18:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Ubisoft

[2010/12/16 23:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %ALLUSERSPROFILE%\Application Data\*. >

[2010/01/19 00:39:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Abvent

[2011/01/20 22:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/09/07 23:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM

[2009/09/08 10:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple

[2010/05/17 21:45:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

[2010/10/21 21:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASGVIS

[2010/09/12 10:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ASGVIS_bak

[2010/05/16 09:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk

[2009/09/04 22:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira

[2010/01/21 18:25:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2010/10/14 19:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet

[2011/01/30 15:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/05/10 11:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel

[2011/01/24 13:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com

[2011/01/03 19:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/05/14 17:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee

[2010/03/08 22:41:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McNeel

[2011/01/23 13:03:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

[2011/01/12 13:54:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2009/10/05 10:37:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2010/03/21 17:33:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real

[2010/10/07 15:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe

[2011/01/07 22:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype

[2010/06/20 09:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/06/26 18:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft

[2009/10/19 12:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UIB

[2009/09/04 23:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

[2010/05/17 21:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

[2009/02/04 12:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\DifXInstall32.exe

[2010/04/28 14:45:04 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

[2010/09/01 18:51:18 | 000,507,904 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Distributed Rendering\XMLDRSpawner.exe

[2010/04/12 21:37:49 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Licensing\setvrlserver.exe

[2009/10/09 14:29:34 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Licensing\setvrlservice.exe

[2010/04/12 21:37:49 | 000,143,360 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Licensing\startvrlserver2.exe

[2010/04/12 21:37:49 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Licensing\vrlrequest.exe

[2010/04/12 21:37:49 | 001,626,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Licensing\vrlserver2.exe

[2010/09/01 18:48:59 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Licensing\Installer License Utility\InstallerLicenseApp.exe

[2010/09/01 18:48:57 | 000,069,632 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Licensing\License Manager\LicApp.exe

[2009/04/07 21:50:22 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Python26\python.exe

[2008/06/02 14:25:06 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Python26\Lib\distutils\command\wininst-6.0.exe

[2008/06/02 14:25:06 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Python26\Lib\distutils\command\wininst-7.1.exe

[2008/01/21 21:54:40 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Python26\Lib\distutils\command\wininst-8.0.exe

[2006/10/04 21:16:40 | 000,114,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Python26\Lib\distutils\command\wininst-8_d.exe

[2008/06/02 14:25:04 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Python26\Lib\distutils\command\wininst-9.0-amd64.exe

[2008/06/02 14:25:04 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Python26\Lib\distutils\command\wininst-9.0.exe

[2006/11/15 20:40:24 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ASGVIS\Python26\Lib\site-packages\Ft\Lib\DistExt\stubmain.exe

< %APPDATA%\*. >

[2009/09/08 11:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Abvent

[2010/01/21 22:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Abvent_Artlantis2

[2011/01/27 18:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Abvent_Artlantis3

[2011/01/20 22:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Adobe

[2010/05/24 08:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Apple Computer

[2010/05/16 09:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Autodesk

[2010/12/27 16:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Avira

[2009/09/04 22:30:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Blender Foundation

[2010/12/15 02:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\DocClockGame

[2011/01/23 21:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\dvdcss

[2010/05/24 18:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\EPSON

[2010/06/03 00:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\FreeVideoConverter

[2011/01/09 17:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Google

[2011/01/30 19:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Graphisoft

[2011/01/02 15:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Grasshopper

[2010/11/03 21:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\gtk-2.0

[2009/09/04 19:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Identities

[2010/08/05 20:23:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\InstallShield Installation Information

[2010/05/10 11:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Intel

[2009/09/04 22:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Macromedia

[2011/01/03 19:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Malwarebytes

[2011/01/24 14:02:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\iota\Application Data\Microsoft

[2010/06/28 18:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Moi

[2010/08/29 21:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Mount&Blade Warband

[2009/09/04 22:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Mozilla

[2009/09/04 23:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\OpenOffice.org

[2009/10/05 10:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\PC Suite

[2010/03/02 00:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\pdfforge

[2011/01/25 03:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\PixPlant2

[2010/06/14 17:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\RandomControl

[2010/03/21 17:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Real

[2010/12/31 17:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Reign of Augustus

[2010/06/30 08:56:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\runic games

[2009/10/05 10:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Samsung

[2010/03/02 00:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Search Settings

[2011/01/07 23:14:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Skype

[2011/01/07 22:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\skypePM

[2009/09/04 23:12:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Sun

[2010/06/27 09:08:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\The Creative Assembly

[2010/06/15 00:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Thinstall

[2010/05/10 19:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Toshiba

[2010/01/12 09:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\U3

[2010/06/26 18:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\Ubisoft

[2010/12/16 23:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\uTorrent

[2011/01/30 17:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\vlc

[2010/05/24 15:39:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\iota\Application Data\WinRAR

< %APPDATA%\*.exe /s >

[2010/08/05 20:22:23 | 000,331,776 | ---- | M] (Epic Games ) -- C:\Documents and Settings\iota\Application Data\InstallShield Installation Information\{6530FDAA-5B1F-4830-95BB-650E9804D239}\setup.exe

[2010/05/31 08:55:03 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\iota\Application Data\Real\Update\setup3.10\setup.exe

[2011/01/21 08:30:36 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\iota\Application Data\Real\Update\setup3.13\setup.exe

[2010/04/22 22:39:14 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\iota\Application Data\Thinstall\Microsoft VC80 Support DLLs\SKEL\a92439602642a5632d8d1e661813443deac878.Console.EXE

[2006/12/14 10:00:02 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\iota\Application Data\U3\temp\cleanup.exe

[2007/02/12 17:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\iota\Application Data\U3\temp\Launchpad Removal.exe

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2007/10/29 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >

[2007/10/29 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2007/10/29 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >

[2007/10/29 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys

[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys

[2008/04/13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

[2007/10/29 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CHANGER.SYS >

[2007/10/29 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys

[2008/04/13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: DISK.SYS >

[2007/10/29 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys

[2007/10/29 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys

[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys

[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >

[2007/10/29 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >

[2007/10/29 13:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe

[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NDIS.SYS >

[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys

[2008/04/13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

[2007/10/29 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >

[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

[2007/10/29 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: RASACD.SYS >

[2007/10/29 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys

[2007/10/29 13:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys

< MD5 for: RDPWD.SYS >

[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\ServicePackFiles\i386\rdpwd.sys

[2008/04/14 03:34:54 | 000,139,656 | ---- | M] (Microsoft Corporation) MD5=6728E45B66F93C08F11DE2E316FC70DD -- C:\WINDOWS\system32\drivers\rdpwd.sys

[2007/10/29 13:00:00 | 000,139,400 | ---- | M] (Microsoft Corporation) MD5=D4F5643D7714EF499AE9527FDCD50894 -- C:\WINDOWS\$NtServicePackUninstall$\rdpwd.sys

< MD5 for: SCECLI.DLL >

[2007/10/29 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFLOPPY.SYS >

[2007/10/29 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Sfloppy.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Sfloppy.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Sfloppy.sys

[2007/10/29 13:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=0D13B6DF6E9E101013A7AFB0CE629FE0 -- C:\WINDOWS\$NtServicePackUninstall$\sfloppy.sys

[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\ServicePackFiles\i386\sfloppy.sys

[2008/04/13 19:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) MD5=8E6B8C671615D126FDC553D1E2DE5562 -- C:\WINDOWS\system32\drivers\sfloppy.sys

< MD5 for: SPLITTER.SYS >

[2007/10/29 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:splitter.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:splitter.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:splitter.sys

[2004/08/03 22:07:48 | 000,006,400 | ---- | M] (Microsoft Corporation) MD5=8E186B8F23295D1E42C573B82B80D548 -- C:\WINDOWS\$NtServicePackUninstall$\splitter.sys

[2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\ServicePackFiles\i386\splitter.sys

[2008/04/13 19:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) MD5=AB8B92451ECB048A4D1DE7C3FFCB4A9F -- C:\WINDOWS\system32\drivers\splitter.sys

< MD5 for: SWMIDI.SYS >

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:swmidi.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:swmidi.sys

[2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\ServicePackFiles\i386\swmidi.sys

[2008/04/13 19:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) MD5=8CE882BCC6CF8A62F2B2323D95CB3D01 -- C:\WINDOWS\system32\drivers\swmidi.sys

[2001/08/17 21:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) MD5=94ABC808FC4B6D7D2BBF42B85E25BB4D -- C:\WINDOWS\$NtServicePackUninstall$\swmidi.sys

< MD5 for: TCPIP.SYS >

[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys

[2008/04/13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys

[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys

[2008/06/20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

[2007/10/29 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

[2008/06/20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: TDPIPE.SYS >

[2007/10/29 13:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=38D437CF2D98965F239B0ABCD66DCB0F -- C:\WINDOWS\$NtServicePackUninstall$\tdpipe.sys

[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\ServicePackFiles\i386\tdpipe.sys

[2008/04/14 03:34:52 | 000,012,040 | ---- | M] (Microsoft Corporation) MD5=6471A66807F5E104E4885F5B67349397 -- C:\WINDOWS\system32\drivers\tdpipe.sys

< MD5 for: TDTCP.SYS >

[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\ServicePackFiles\i386\tdtcp.sys

[2008/04/14 03:34:53 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=C56B6D0402371CF3700EB322EF3AAF61 -- C:\WINDOWS\system32\drivers\tdtcp.sys

[2007/10/29 13:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) MD5=ED0580AF02502D00AD8C4C066B156BE9 -- C:\WINDOWS\$NtServicePackUninstall$\tdtcp.sys

< MD5 for: USBPRINT.SYS >

[2007/10/29 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbprint.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbprint.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbprint.sys

[2008/04/13 19:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\ServicePackFiles\i386\usbprint.sys

[2008/04/13 19:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\dllcache\usbprint.sys

[2008/04/13 19:47:38 | 000,025,856 | ---- | M] (Microsoft Corporation) MD5=A717C8721046828520C9EDF31288FC00 -- C:\WINDOWS\system32\drivers\usbprint.sys

< MD5 for: USBSCAN.SYS >

[2007/10/29 13:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbscan.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbscan.sys

[2009/09/07 17:13:48 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbscan.sys

[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\ServicePackFiles\i386\usbscan.sys

[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\dllcache\usbscan.sys

[2008/04/13 19:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) MD5=A0B8CF9DEB1184FBDD20784A58FA75D4 -- C:\WINDOWS\system32\drivers\usbscan.sys

< MD5 for: USERINIT.EXE >

[2007/10/29 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=84717891F0734C611721F56C60B5FBC3 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >

[2007/10/29 13:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=92CA989E459DA32A7F173489E8D9A667 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80AC77BA

< End of report >

OTL Extras logfile created on: 31/01/2011 21:05:40 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\iota\Bureau

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free

4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,05 Gb Total Space | 21,97 Gb Free Space | 14,74% Space Free | Partition Type: NTFS

Computer Name: IOTACORP | User Name: iota | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-329068152-1715567821-725345543-1003\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp

"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe" = C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe:*:Disabled:ArchiCAD 12.0.0 Component -- (Graphisoft R&D)

"C:\Program Files\Google\Google SketchUp 7\SketchUp.exe" = C:\Program Files\Google\Google SketchUp 7\SketchUp.exe:*:Disabled:SketchUp Application

"C:\Program Files\Google\Google SketchUp 7\LayOut\LayOut.exe" = C:\Program Files\Google\Google SketchUp 7\LayOut\LayOut.exe:*:Disabled:LayOut

"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server

"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server

"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()

"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)

"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

"C:\Program Files\Artlantis Studio 3\ArtlantisStudio.exe" = C:\Program Files\Artlantis Studio 3\ArtlantisStudio.exe:*:Disabled:Artlantis Application -- (Abvent)

"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)

"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)

"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)

"C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit -- (Autodesk, Inc.)

"C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit -- ()

"C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe" = C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit -- (mental images GmbH)

"C:\Program Files\Artlantis Studio 3\ArtlantisBatchRender.exe" = C:\Program Files\Artlantis Studio 3\ArtlantisBatchRender.exe:*:Disabled:Artlantis Batch Tool -- (Abvent)

"C:\Program Files\Next Limit\Maxwell 2\maxwell.exe" = C:\Program Files\Next Limit\Maxwell 2\maxwell.exe:*:Disabled:maxwell -- ()

"C:\Documents and Settings\iota\Mes documents\ev8std_port\Stubs\9c66607fcdcab4323691833b0d3ac78bf289268\Vue 8 xStream.eon" = C:\Documents and Settings\iota\Mes documents\ev8std_port\Stubs\9c66607fcdcab4323691833b0d3ac78bf289268\Vue 8 xStream.eon:*:Disabled:Vue 8 xStream

"C:\Program Files\Next Limit\Maxwell 2\mxnetwork.exe" = C:\Program Files\Next Limit\Maxwell 2\mxnetwork.exe:*:Disabled:mxnetwork -- ()

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Documents and Settings\iota\Local Settings\Application Data\Thinstall\Cache\Stubs\adc646c37a8a99d78896315536349a571ff79b\SketchUp.exe" = C:\Documents and Settings\iota\Local Settings\Application Data\Thinstall\Cache\Stubs\adc646c37a8a99d78896315536349a571ff79b\SketchUp.exe:*:Disabled:SketchUp

"C:\Program Files\RandomControl\arion\tools\arion.exe" = C:\Program Files\RandomControl\arion\tools\arion.exe:*:Disabled:arion -- ()

"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher

"C:\Program Files\Steam\steamapps\common\commandos behind enemy lines\Comandos.exe" = C:\Program Files\Steam\steamapps\common\commandos behind enemy lines\Comandos.exe:*:Enabled:Commandos: Behind Enemy Lines -- ()

"C:\Program Files\Steam\steamapps\common\commandos behind enemy lines\readme.doc" = C:\Program Files\Steam\steamapps\common\commandos behind enemy lines\readme.doc:*:Enabled:Commandos: Behind Enemy Lines -- ()

"C:\Program Files\RandomControl\fryrender\tools\fryrender.exe" = C:\Program Files\RandomControl\fryrender\tools\fryrender.exe:*:Disabled:fryrender -- ()

"C:\Program Files\Steam\steamapps\common\osmos\osmos.exe" = C:\Program Files\Steam\steamapps\common\osmos\osmos.exe:*:Enabled:Osmos -- (Hemisphere Games, Inc.)

"C:\Program Files\Steam\steamapps\common\defcon\defcon.exe" = C:\Program Files\Steam\steamapps\common\defcon\defcon.exe:*:Enabled:Defcon -- (Introversion Software)

"C:\Program Files\Steam\steamapps\common\uplink\Uplink.exe" = C:\Program Files\Steam\steamapps\common\uplink\Uplink.exe:*:Enabled:Uplink -- ()

"C:\Program Files\JDownloader\downloads\ev8std_port.part1\ev8std_port\Stubs\9c66607fcdcab4323691833b0d3ac78bf289268\Vue 8 xStream.eon" = C:\Program Files\JDownloader\downloads\ev8std_port.part1\ev8std_port\Stubs\9c66607fcdcab4323691833b0d3ac78bf289268\Vue 8 xStream.eon:*:Disabled:Vue 8 xStream -- ()

"C:\Program Files\ASGvis\Render slave\DRSpawner.exe" = C:\Program Files\ASGvis\Render slave\DRSpawner.exe:*:Disabled:DRSpawner

"C:\Documents and Settings\All Users\Application Data\ASGVIS\Licensing\vrlserver2.exe" = C:\Documents and Settings\All Users\Application Data\ASGVIS\Licensing\vrlserver2.exe:*:Disabled:VRLServer2 -- ()

"C:\Program Files\Google\Google SketchUp 8\SketchUp.exe" = C:\Program Files\Google\Google SketchUp 8\SketchUp.exe:*:Enabled:SketchUp Application -- (Google, Inc.)

"C:\Program Files\Steam\steamapps\common\eufloria\Eufloria.exe" = C:\Program Files\Steam\steamapps\common\eufloria\Eufloria.exe:*:Enabled:Eufloria -- (Alex May and Rudolf Kremers)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\Steam\steamapps\common\dawn of war gold\W40kWA.exe" = C:\Program Files\Steam\steamapps\common\dawn of war gold\W40kWA.exe:*:Enabled:Warhammer 40,000: Dawn of War â€“ Winter Assault

"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)

"C:\Program Files\Graphisoft\ArchiCAD 14\ArchiCAD.exe" = C:\Program Files\Graphisoft\ArchiCAD 14\ArchiCAD.exe:*:Disabled:ArchiCAD 14.0 -- (Graphisoft R&D)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{00060000-0000-1004-8002-0000C06B5161}" = WibuKey Setup (WibuKey Remove)

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}" = OpenOffice.org 3.1

"{133742BA-6F46-4D3E-85AF-78631D9AD8B8}" = Installation Windows Live

"{1628F6BD-5ED1-4FD1-B90F-C106AF4E00F0}" = Adobe Setup

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2F01EBAF-CA43-417B-A494-76E753F8200D}" = TouchChip USB Driver 2.18

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit

"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{364D838A-C237-4D4D-96C1-EC61196C3DAC}" = Ma-Config.com

"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8

"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1

"{3F9B2FD2-1C83-4401-9967-C3636638E958}" = Adobe SING CS3

"{445B183D-F4F1-45C8-B9DB-F11355CA657B}" = Windows Live Messenger

"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup

"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)

"{5545EEE3-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.5)

"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup

"{5783F2D7-8001-0409-0002-0060B0CE6BBA}" = AutoCAD 2010 - English

"{5783F2D7-8001-0409-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English

"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2

"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3

"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0

"{5D2398DF-3022-4820-93BA-F1175FBEA9CA}" = Adobe Creative Suite 3 Master Collection

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{5DD76286-9BE7-4894-A990-E905E91AC818}" = Windows Live Mail

"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes

"{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist

"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6E08CE13-C2AB-4749-9335-5900B958929E}" = Adobe Illustrator CS3

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3

"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8D7BD6EE-C597-4375-B07F-A91FC78991C7}" = V-Ray for SketchUp 6

"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}" = Rhinoceros 4.0 SR8

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7

"{9A4DB12C-6D09-46F3-94DB-551FA405430B}" = Maxwell for SketchUp 8

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1.3 - Français

"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser

"{B3B487E7-6171-4376-9074-B28082CEB504}" = Windows Live Call

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX

"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup

"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C1FA4B3B-1625-4922-9C9D-780E8FCE161A}" = Adobe Photoshop CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3

"{D777E4E7-4D67-4BFF-8454-468EF6E2FEF8}_is1" = Ac2Mxs 2.0.4

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{EDD235BB-9FB4-4604-85ED-1B14A256F4E0}" = Adobe Photoshop Lightroom 3.2

"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FE8327F9-3AC1-4586-8C7E-3DEE2BC92441}" = Adobe InDesign CS3

"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings

"001FFF1FFF14FF00FF0701F01F02F000-R1" = ArchiCAD 14 INT

"001FFFFFFF12FF00FF0501F02F02F000-R1" = ArchiCAD 12 FRA

"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Package de pilotes Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)

"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)

"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3

"Artlantis Studio 3" = Artlantis Studio 3.0

"AutoCAD 2010 - English" = AutoCAD 2010 - English

"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Blender" = Blender (remove only)

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"Free Video Converter_is1" = Free Video Converter V 2.8

"Google Chrome" = Google Chrome

"Grasshopper" = Grasshopper

"HDMI" = Intel® Graphics Media Accelerator Driver

"ie8" = Windows Internet Explorer 8

"JDownloader" = JDownloader

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Maxwell 2" = Maxwell 2

"MaxwellExport_is1" = MaxwellExport (Version 2.4)

"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NVIDIA Drivers" = NVIDIA Drivers

"PixPlant2_is1" = PixPlant for Photoshop 2.0.50

"PowerISO" = PowerISO

"RealPlayer 12.0" = RealPlayer

"RocketDock_is1" = RocketDock 1.3.5

"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set

"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

"SketchyPhysics3.1_is1" = SketchyPhysics3.1

"Steam App 1510" = Uplink

"Steam App 1520" = DEFCON

"Steam App 29180" = Osmos

"Steam App 41210" = Eufloria

"Steam App 6800" = Commandos: Behind Enemy Lines

"Steam App 70300" = VVVVVV

"Tablet Driver" = Tablette

"uTorrent" = µTorrent

"Vector Magic" = Vector Magic

"VLC media player" = VLC media player 1.0.1

"V-Ray for SketchUp 1.48.91" = V-Ray for SketchUp

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"Windows XP Service" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.6.7

"WinLiveSuite_Wave3" = Installation Windows Live

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"Xfrog 3.5" = Xfrog 3.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-1715567821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 31/01/2011 06:41:41 | Computer Name = IOTACORP | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

Error - 31/01/2011 06:41:41 | Computer Name = IOTACORP | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

Error - 31/01/2011 06:42:28 | Computer Name = IOTACORP | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

Error - 31/01/2011 06:42:28 | Computer Name = IOTACORP | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

Error - 31/01/2011 06:43:25 | Computer Name = IOTACORP | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

Error - 31/01/2011 06:43:25 | Computer Name = IOTACORP | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

Error - 31/01/2011 06:43:40 | Computer Name = IOTACORP | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

Error - 31/01/2011 06:43:40 | Computer Name = IOTACORP | Source = crypt32 | ID = 131077

Description = Échec de la récupération de la mise à jour automatique du certificat

racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>

avec l'erreur : Cette connexion réseau n'existe pas.

Error - 31/01/2011 11:28:43 | Computer Name = IOTACORP | Source = Application Error | ID = 1000

Description = Application défaillante setup.exe, version 0.0.0.0, module défaillant

unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 31/01/2011 11:33:26 | Computer Name = IOTACORP | Source = Application Error | ID = 1000

Description = Application défaillante svchost.exe, version 5.1.2600.5512, module

défaillant ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x00023845.

[ OSession Events ]

Error - 07/01/2011 02:28:11 | Computer Name = IOTACORP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 242 seconds with 60 seconds of active time. This session ended with a crash.

Error - 07/01/2011 02:29:10 | Computer Name = IOTACORP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 44 seconds with 0 seconds of active time. This session ended with a crash.

Error - 07/01/2011 02:30:27 | Computer Name = IOTACORP | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 65 seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 31/01/2011 14:42:03 | Computer Name = IOTACORP | Source = Service Control Manager | ID = 7034

Description = Le service Java Quick Starter s'est terminé de façon inattendue pour

la 1ème fois.

Error - 31/01/2011 14:42:03 | Computer Name = IOTACORP | Source = Service Control Manager | ID = 7034

Description = Le service TOSHIBA Bluetooth Service s'est terminé de façon inattendue

pour la 1ème fois.

Error - 31/01/2011 14:53:57 | Computer Name = IOTACORP | Source = Print | ID = 19

Description = Échec du partage de l'imprimante + 1722, Imprimante PDFCreator nom

de partage PDFCreator.

Error - 31/01/2011 15:18:44 | Computer Name = IOTACORP | Source = Service Control Manager | ID = 7031

Description = Le service Apple Mobile Device s'est terminé de manière inattendue.

Ceci s'est produit 1 fois. L'action corrective suivante va être effectuée dans

60000 millisecondes : Redémarrer le service.

Error - 31/01/2011 15:18:44 | Computer Name = IOTACORP | Source = Service Control Manager | ID = 7034

Description = Le service Service Bonjour s'est terminé de façon inattendue pour

la 1ème fois.

Error - 31/01/2011 15:18:44 | Computer Name = IOTACORP | Source = Service Control Manager | ID = 7034

Description = Le service Service Google Update (gupdate) s'est terminé de façon

inattendue pour la 1ème fois.

Error - 31/01/2011 15:18:44 | Computer Name = IOTACORP | Source = Service Control Manager | ID = 7034

Description = Le service mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit

32-bit s'est terminé de façon inattendue pour la 1ème fois.

Error - 31/01/2011 15:18:44 | Computer Name = IOTACORP | Source = Service Control Manager | ID = 7034

Description = Le service TabletService s'est terminé de façon inattendue pour la

1ème fois.

Error - 31/01/2011 15:18:44 | Computer Name = IOTACORP | Source = Service Control Manager | ID = 7034

Description = Le service Java Quick Starter s'est terminé de façon inattendue pour

la 1ème fois.

Error - 31/01/2011 15:18:44 | Computer Name = IOTACORP | Source = Service Control Manager | ID = 7034

Description = Le service TOSHIBA Bluetooth Service s'est terminé de façon inattendue

pour la 1ème fois.

< End of report >

voila, et merci!

Modifié le 31 janvier 2011 par iota

jeanmimigab · le 31 janvier 2011

re,

il reste quelque crasses

* Fais un double-clic sur l'icône d'OTL pour le lancer

/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL
[2010/03/01 23:24:30 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF

O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.

O4 - HKLM\..\Run: [] File not found

O4 - HKU\.DEFAULT\..\Run: [CE8SIIFGSU] File not found

O4 - HKU\S-1-5-18\..\Run: [CE8SIIFGSU] File not found

O29 - HKLM SecurityProviders - (mgxvnhyj.dll) - C:\windows\System32\mgxvnhyj.dll ()

O33 - MountPoints2\{fb0c655e-e89f-11de-b308-0019c1b44477}\Shell\AutoRun\command - "" = I:\sysusb/usbdur.exe

O33 - MountPoints2\{fb0c655e-e89f-11de-b308-0019c1b44477}\Shell\explore\command - "" = I:\sysusb/usbdur.exe

O33 - MountPoints2\{fb0c655e-e89f-11de-b308-0019c1b44477}\Shell\open\command - "" = I:\sysusb/usbdur.exe

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe

MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) => Infection BT (Adware.WidgiToolbar)

[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

:Files

C:\Program Files\pdfforge Toolbar

C:\windows\System32\mgxvnhyj.dll

C:\Documents and Settings\iota\Application Data\pdfforge

C:\Documents and Settings\iota\Application Data\Search Settings

I:\sysusb/usbdur.exe

F:\setup.exe

:Commands

[clearrestorepoints]

[emptytemp]

[EMPTYFLASH]

[PURITY]

* Cliques sur l'icône "Correction" (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport va s'ouvrir "OTL.Txt"

* Copie et colle le rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL

iota · le 31 janvier 2011

All processes killed
========== OTL ==========

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\components folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\skin folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\content folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.

C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.

Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run\ not found.

Registry value HKEY_USERS\.DEFAULT\\Software\Microsoft\Windows\CurrentVersion\Run\\CE8SIIFGSU deleted successfully.

Registry value HKEY_USERS\S-1-5-18\\Software\Microsoft\Windows\CurrentVersion\Run\\CE8SIIFGSU not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mgxvnhyj.dll deleted successfully.

C:\WINDOWS\system32\mgxvnhyj.dll moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb0c655e-e89f-11de-b308-0019c1b44477}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb0c655e-e89f-11de-b308-0019c1b44477}\ not found.

File I:\sysusb/usbdur.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb0c655e-e89f-11de-b308-0019c1b44477}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb0c655e-e89f-11de-b308-0019c1b44477}\ not found.

File I:\sysusb/usbdur.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb0c655e-e89f-11de-b308-0019c1b44477}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb0c655e-e89f-11de-b308-0019c1b44477}\ not found.

File I:\sysusb/usbdur.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

File F:\setup.exe not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SearchSettings\ deleted successfully.

File delete failed. C:\windows\system32\tmp.tmp scheduled to be deleted on reboot.

========== FILES ==========

C:\Program Files\pdfforge Toolbar\SSFF\components folder moved successfully.

C:\Program Files\pdfforge Toolbar\SSFF\chrome\skin folder moved successfully.

C:\Program Files\pdfforge Toolbar\SSFF\chrome\locale\en-US folder moved successfully.

C:\Program Files\pdfforge Toolbar\SSFF\chrome\locale folder moved successfully.

C:\Program Files\pdfforge Toolbar\SSFF\chrome\content folder moved successfully.

C:\Program Files\pdfforge Toolbar\SSFF\chrome folder moved successfully.

C:\Program Files\pdfforge Toolbar\SSFF folder moved successfully.

C:\Program Files\pdfforge Toolbar\Res folder moved successfully.

C:\Program Files\pdfforge Toolbar\IE\1.1.2 folder moved successfully.

C:\Program Files\pdfforge Toolbar\IE folder moved successfully.

C:\Program Files\pdfforge Toolbar folder moved successfully.

C:\Documents and Settings\iota\Application Data\pdfforge folder moved successfully.

C:\Documents and Settings\iota\Application Data\Search Settings folder moved successfully.

File\Folder C:\windows\System32\mgxvnhyj.dll not found.

Invalid Switch: usbdur.exe

File\Folder F:\setup.exe not found.

========== COMMANDS ==========

Error: Unable to interpret <[clearrestorepoints]> in the current context!

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: iota

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 88868341 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 734 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 483 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 85,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

->Flash cache emptied: 0 bytes

User: iota

->Flash cache emptied: 0 bytes

User: NetworkService

->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 01312011_220927

Files\Folders moved on Reboot...

C:\windows\system32\tmp.tmp moved successfully.

Registry entries deleted on Reboot...

voila!

jeanmimigab · le 31 janvier 2011

c'est pas trop mal, comment se comporte ton PC, toujours des détections par Antivir ?

iota · le 31 janvier 2011

Non plus de problèmes. Je te remercies du fond du coeur, pour ta patience et ton aide !

jeanmimigab · le 31 janvier 2011

hello,

c'est cool,

Supprime TDSSKiller de ton bureau.
Pour désinstaller OTL, lance-le et clique sur purge outil...accepte le redémarrage du PC si demander.

ensuite...

Pour nettoyer les fichiers temporaires,souvent source de problèmes divers et nettoyer la base de registre Windows fais cela...

Télécharge et installe Ccleaner en te rendant sur >> cette page <<
Clique en haut à droite de la page sur "Download Lastest Version" pour lancer le téléchargement.
Installe le et lance le...
Dans la barre d'outil à gauche, clique sur "Nettoyer" (en bas à droite)
Recommence cette opération jusqu'à ce que le message "0 octets supprimés" apparaisse dans la fenêtre de résultat.
Pour info ce nettoyage peu aussi s'effectuer de manière transparente collant Ccleaner /auto dans la commande "Exécuter" du menu démarrer.

Nettoyer aussi ton registre en cliquant sur "Registre" dans la barre d'outils à gauche.
Clique ensuite sur "chercher des erreurs" en bas de la fenêtre, puis clique sur "corriger les erreurs sélectionnées".
Accepte la sauvegarde du registre proposée et suis les instructions de Ccleaner.
Pour info tu peux ouvrir Ccleaner directement à la rubrique "Registre" en collant Ccleaner /registry dans la fenêtre de commande "Exécuter" du menu démarrer.
Si tu as besoin tu as un tutoriel >> ici <<

=====================================================================================================

Pense à mettre à jours Windows:

La méthode la plus simple et l'utilisation de "Windows Update" qui se trouve dans ton menu démarrer

Pense à mettre à jours Java:

La méthode la plus simple et l'utilisation de >> JavaRa <<

Pense à mettre à jour Acrobat reader si il est installé sur ton PC de cette manière:

Ouvre Acrobat reader, clique sur "aide" et choisis "rechercher des mises à jours..."

========================================================================================================

Procède à une Défragmentation afin d'optimiser les temps d'accès du disque dur lors de la lecture des :

Pour lancer une défragmentation, double-clique sur Poste de Travail,clic-droit sur le disque à défragmenter puis sur Propriétés.
Choisis l'onglet Outils puis clique sur défragmenter maintenant .
Cette opération est à renouveler régulièrement ( Environs une fois par mois ).

=====================================================================================================

un peu de lecture sur la manière de protéger ton surf et ton ordinateur:

un Compte Utilisateur limité accroît la sécurité de l'ordinateur.
Quelques mesures préventives pour surfer couvert.
Comment éviter les imprudences d'installation.
Reconnaitre et éviter les infections Msn.
Si tu utilises "Face Book", lis >> cet article << afin de ne pas te faire piéger

Passe une bonne semaine

Connexion

Pas encore inscrit ?

Virus divers et variés

Messages recommandés

iota

jeanmimigab

iota

jeanmimigab

iota

jeanmimigab

iota

jeanmimigab

iota

jeanmimigab

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer