déplacement icone ou fichier

[gaspar]

bonjour, http://forum.zebulon.fr/findpost-t183063-p1537217.html tonton 57 m'envoie ici car mon pc est infecté, que faut-il faire merci d'avance j'ai mmalware antimalware pourtant et en analyse détaillée il n'a rien trouvé

[lance_yien]

Bonjour gaspar,

 

---

Très Important!

 

>>> A faire immédiatement:

- En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

- Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.

 

>>> Que faire durant ce nettoyage, merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

 

>>> Que faire à la réception de nouvelles instructions,

• Lire la totalité du message.
  
• Télécharger et enregistrer les utilitaires DIRECTEMENT sur le Bureau ou les déplacer (tout de suite après par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller".
  Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau.
  
• Prendre l'habitude de désactiver tous les programmes de protection au début de chaque nouvelle étape et de les réactiver à la fin.
  
• Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
  
• NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.
  

>>> Comment répondre:

- Cliquer sur le bouton (et non sur car je n'ai pas besoin de relire mes messages précédents).

- Coller le contenu des rapports SANS y ajouter AUCUN formatage de texte (en citation, code, couleur etc...).

---

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau:

• ComboFix© (par sUBs) depuis ici ou ici
• Security Check (par screen317) depuis ici ou ici.
• TDSSKiller.zip depuis ici et le dé-zipper (clic-droit => "Extraire ici").

 

>>> TDSSKiller: Dézipper TDSSKiller.zip (clic-droit dessus => "Extraire ici". Glisser TDSSKiller.zip dans la corbeille pour le supprimer.

• Fermer tout et désactiver antivirus et tout autre programme de protection. Cliquer sur TDSSKiller.exe pour lancer le programme.
   
  
• Cliquer sur le bouton Start Scan et patienter jusqu'à la fin de l'analyse.
   
  
• Si un fichier infecté est détecté, l'action par défaut sera Cure. Cliquer sur le bouton Continue Sans rien changer.
   
  
• Si un fichier suspect est détecté, l'action par défaut sera Skip. Cliquer sur le bouton Continue Sans rien changer.

Si vous êtes invité à redémarre la machine pour finir le processus (reboot the computer to complete the process), cliquez sur le bouton Reboot Now. Le rapport sera sauvegardé à la racine de la partition système, là où Windows est installé (généralement C:\); son format est du type "TDSSKiller.[Version]_[Date]_[Heure]_log.txt" (par exemple, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Poster son contenu.

Si aucun redémarrage n'est requis, cliquer sur Report. Un fichier texte s'ouvre et sera sauvegardé de la même manière, poster son contenu.

 

 

>>> Utiliser ComboFix: Fermer toutes les applications et fenêtres ouvertes, désactiver antivirus/ pare-feu/ antispyware et cliquer ComboFix.exe. Suivre les instructions.

Accepter l'Agrément de la licence et l'installation de la Console de Récupération (proposée sous XP si pas installée).

NE PAS TOUCHER la machine avant la fin (même si les choses semblent ne pas avancer).

 

Quand c'est fini, un rapport (ComboFix.txt) s'affiche. Il est sauvegardé, automatiquement, à la racine de la partition système (généralement C:\)

Poster son contenu.

 

 

>>> Utiliser SecurityCheck: Fermer tout et double-cliquer sur "SecurityCheck.exe" pour lancer le programme.

Appuyer sur une touche comme demandé et suivre les indications.

Note: Si un des programmes de sécurité demande la permission d'accéder à Internet depuis dig.exe, acceptez.

Le Rapport checkup.txt s'ouvre à la fin. Poster son contenu.

Ce rapport ne sera pas enregistré automatiquement. Si vous voulez en garder une copie, cliquez sur "Fichier" => "Enregistrer sous", choisissez un endroit (Bureau par exemple) et cliquez sur "Enregistrer" en bas à droite.

Poster son contenu.

 

 

Rapports demandés:

• TDSSKiller_log.txt
• ComboFix.txt
• checkup.txt

Un changement quelconque?

[gaspar]

bonjour lance, et merci de t'intéresser à mes problèmes, panda scan m'a trouvé un virus, trojan CI-a sans le détruire, hijackthis a trouvé 61 fichiers mauvais, j'ai essayé 3 fois en les cochant de les détruire, rien à faire, bon je te suis : tdss killer dit infection not found, donc il a rien trouvé ? combofix a lancé son scan, j'ai pas touché le pc jusqu'à la fin, après reboot tout était bloqué, impossible de faire aucune opération sur le pc, j'ai redémarré et tout fonctionne, sauf mon icone déplacement toujours là, et firefox avait disparu remplacé par IE pas bien ça. donc je vais continuer avec security check, encore merci lance à tout à l'heure

 

ComboFix 11-02-20.03 - Henri 21/02/2011 16:23:04.1.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2046.962 [GMT 1:00]

Lancé depuis: c:\users\Henri\Downloads\ComboFix.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\progra~2\xp

c:\progra~2\xp\EBLib.dll

c:\progra~2\xp\TPwSav.sys

c:\users\Henri\so_activex.dll

c:\windows\es.exe

c:\windows\pthreadGC2.dll

c:\windows\system32\msvbvm60.$$A

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_BOONTY_GAMES

-------\Service_Boonty Games

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2011-01-21 au 2011-02-21 ))))))))))))))))))))))))))))))))))))

.

 

2011-02-21 11:34 . 2011-02-21 11:34 -------- d-----w- c:\program files\Softonic.France

2011-02-21 11:07 . 2011-02-21 15:04 -------- d-----w- c:\progra~2\Comodo

2011-02-21 11:07 . 2011-02-21 11:07 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2011-02-21 10:39 . 2011-02-21 10:39 -------- d-----w- c:\users\Henri\AppData\Roaming\Uniblue

2011-02-21 10:39 . 2011-02-21 10:39 -------- dc-h--w- c:\progra~2\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

2011-02-21 10:39 . 2011-02-21 10:39 -------- d-----w- c:\program files\Uniblue

2011-02-21 10:38 . 2011-02-21 10:38 -------- d-----w- c:\users\Henri\AppData\Local\PackageAware

2011-02-21 10:10 . 2011-01-13 09:41 5890896 ----a-w- c:\progra~2\Microsoft\Windows Defender\Definition Updates\{6C276A08-A374-4AB5-857E-D0094CF453EC}\mpengine.dll

2011-02-20 22:33 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2011-02-20 22:32 . 2011-02-20 22:32 -------- d-----w- c:\program files\Panda Security

2011-02-20 20:06 . 2011-02-20 20:06 388096 ----a-r- c:\users\Henri\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-02-20 15:48 . 2011-02-20 15:48 13585 ----a-w- c:\progra~2\xml1E0C.tmp

2011-02-20 15:48 . 2011-02-20 15:48 0 ----a-w- c:\progra~2\xml1F65.tmp

2011-02-20 15:48 . 2011-02-20 15:48 0 ----a-w- c:\progra~2\xml1E99.tmp

2011-02-20 15:48 . 2011-02-20 15:48 7415 ----a-w- c:\progra~2\xml168C.tmp

2011-02-18 22:26 . 2011-02-20 22:00 -------- d-----w- c:\progra~2\PCPitstop

2011-02-18 22:25 . 2011-02-18 22:26 -------- d-----w- c:\program files\CrystalDiskInfo

2011-02-18 20:41 . 2011-02-18 21:10 -------- d-----w- c:\progra~2\SystemExplorer

2011-02-18 20:41 . 2011-02-18 20:41 -------- d-----w- c:\program files\System Explorer

2011-02-18 16:35 . 2011-02-18 16:35 -------- d-----w- c:\program files\Ad-Remover

2011-02-18 15:04 . 2011-02-18 15:04 -------- d-----w- c:\program files\ZHPFix

2011-02-18 14:38 . 2011-02-21 09:49 -------- d-----w- c:\program files\ZHPDiag

2011-02-15 15:07 . 2011-02-15 15:07 -------- d-----w- c:\program files\Common Files\Windows Live

2011-02-15 15:04 . 2010-01-25 12:58 473088 ----a-w- c:\windows\system32\secproc_isv.dll

2011-02-15 15:04 . 2010-01-25 12:58 472576 ----a-w- c:\windows\system32\secproc.dll

2011-02-15 15:04 . 2010-01-25 08:36 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2011-02-15 15:04 . 2010-01-25 08:35 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe

2011-02-15 15:04 . 2010-01-25 08:36 515584 ----a-w- c:\windows\system32\RMActivate.exe

2011-02-15 15:04 . 2010-01-25 12:58 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2011-02-15 15:04 . 2010-01-25 12:58 154112 ----a-w- c:\windows\system32\secproc_ssp.dll

2011-02-15 15:04 . 2010-01-25 12:56 312320 ----a-w- c:\windows\system32\msdrm.dll

2011-02-15 15:04 . 2010-01-25 08:36 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-02 16:11 . 2009-12-08 17:25 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-12-21 08:48 . 2010-12-21 08:48 2968064 ----a-w- c:\windows\es.scr

2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-19 68856]

"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-10-07 2620336]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-10-07 904880]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-10-07 140568]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2225186546-478183646-4290705749-1000]

"EnableNotificationsRef"=dword:00000003

 

R2 gupdate1c9c2981aea6420;Google Update Service (gupdate1c9c2981aea6420);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 133104]

R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]

R4 CplIR;Embedded IR Driver;c:\windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14848]

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPO\TempoSVC.exe [2007-10-29 95624]

 

.

Contenu du dossier 'Tâches planifiées'

 

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 15:44]

 

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-21 15:44]

 

2011-02-21 c:\windows\Tasks\RegistryBooster.job

- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]

 

2011-02-21 c:\windows\Tasks\User_Feed_Synchronization-{292548E3-D7FD-4F81-9069-F7F0B755792F}.job

- c:\windows\system32\msfeedssync.exe [2010-04-03 04:54]

.

.

------- Examen supplémentaire -------

.

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\cz563vbu.default\

FF - prefs.js: browser.search.selectedEngine - MyStart Search

FF - prefs.js: browser.startup.homepage - hxxp://fr.news.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=IM3DJUN09FFAB&search=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: Walnut for Firefox: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} - %profile%\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}

FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: Softonic.France Community Toolbar: {c41be492-d9e6-4262-a0bd-e8cf6dc4208d} - %profile%\extensions\{c41be492-d9e6-4262-a0bd-e8cf6dc4208d}

.

- - - - ORPHELINS SUPPRIMES - - - -

 

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-PC Pitstop PC Matic Reminder - c:\program files\PCPitstop\PC Matic\Reminder-PCMatic.exe

AddRemove-Microsoft_World_of_Flight - f:\data\00Setup\App\Uninstal.exe

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-02-21 16:41

Windows 6.0.6000 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

 

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,d3,d1,92,9b,0f,51,4e,b8,8d,7f,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,98,d3,d1,92,9b,0f,51,4e,b8,8d,7f,\

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Chicony Electronics Co.,Ltd.\Camera Assistant Software for Toshiba]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avi\OpenWithProgIds]

@DACL=(02 0000)

"avifile"=hex(0):

"WMP11.AssocFile.AVI"=hex(0):

"QuickTime.avi"=hex(0):

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avi\ShellEx]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\IncrediMail\AddOns\LetterWizard\System]

@DACL=(02 0000)

"VipSupport"="97EA3982-945A-4E07-AA84-9C3A79202230"

@=""

 

[HKEY_LOCAL_MACHINE\SOFTWARE\InstalledOptions\Synaptics]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\IE.HKCUZoneInfo\RegBackup]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\IE40.UserAgent\RegBackup]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Extensions]

@DACL=(02 0000)

"IncludedExtensions"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Mappings]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Protocols]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages]

@DACL=(02 0000)

"NewStartPageIdentifier"=dword:00000004

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StreamLog]

@DACL=(02 0000)

"CurrentStreamLog"=dword:00000006

"MaxLogs"=dword:00000005

"StreamLogCount"=dword:00000005

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Waves Audio\MaxxAudio]

@DACL=(02 0000)

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{0643592e-b1bf-417b-9488-49ecef912647}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0c001b38

"Dhcpv6State"=dword:00000000

"NameServer"=""

"Domain"=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{18a9e679-5533-4c3c-872c-a81e4acba966}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:07020054

"Dhcpv6State"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{28c73641-4d11-4a8e-b83c-4ef178270df8}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0d000000

"Dhcpv6State"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{634c0cd1-aae5-4787-aac0-3b626ec0c369}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0c0016d4

"Dhcpv6State"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:07001422

"Dhcpv6State"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b77f9962-4d41-4001-99c5-c7f736bc6adf}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:090016e3

"Dhcpv6State"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{cd9080e7-2f96-43c2-9083-c351402cce28}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0c001b38

"Dhcpv6State"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ed906096-f6e9-4f4a-938f-3af9fab3537a}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0e001cbf

"Dhcpv6State"=dword:00000000

"NameServer"=""

"Domain"=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:06001422

"Dhcpv6State"=dword:00000000

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\Acronis\Schedule2\schedul2.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\windows\System32\tcpsvcs.exe

c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\Alwil Software\Avast5\AvastUI.exe

.

**************************************************************************

.

Heure de fin: 2011-02-21 16:49:02 - La machine a redémarré

ComboFix-quarantined-files.txt 2011-02-21 15:48

 

Avant-CF: 66 338 947 072 octets libres

Après-CF: 65 891 782 656 octets libres

 

Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11

- - End Of File - - BCBF5881BF3CEB39B16C436211046FE6

[gaspar]

bon j'ai vérifié avec hijackthis, les 61 fichiers dangereux sont toujours là, j'ai lancé security check et j'ai trouvé le rapport, apparemment ila scanné sans que je m'en aperçoive, voici le rapport

 

@echo off

cd %~dp0

title Security Check

color F

set cleanver=0.99.8

echo.

echo.

echo.`````````````````````````Security Check by screen317`````````````````````````

echo.

echo.

echo.

echo.

echo.

echo.This will check your system and display the security programs on your computer.

echo.

echo.`````````If you don't want this done for any reason, please quit now.````````

echo.

echo.

echo.

pause

 

cls

echo.

echo.

echo.

:prep

If "%OS%"=="Windows_NT" (

goto NT

) else (

echo. UNSUPPORTED OPERATING SYSTEM! Aborting now! && echo. UNSUPPORTED OPERATING SYSTEM! ABORTED!>>checkup.txt

)

goto preend

 

:NT

if exist checkup.txt del /q /f *.txt

 

echo. Results of screen317's Security Check version %cleanver% >prelimcheckup.txt

echo.

echo.

echo.

echo.

echo.

echo.

echo.

echo.

echo. ``Collecting information``

 

"%cd%\Other\cmdinfo.exe">check.txt

find /i "OS type" check.txt>OS1check.txt

@FOR /F "eol=- tokens=3-6* delims= " %%d in (OS1check.txt) do @echo. %%d %%e %%f %%g %%h>OS1check2.txt

@find /i "vista" OS1check2.txt>nul && set OS1=Windows Vista

@find /i "XP" OS1check2.txt>nul && set OS1=Windows XP

@find /i "2000" OS1check2.txt>nul && set OS1=Windows 2000

@find /i "7" OS1check2.txt>nul && set OS1=Windows 7

@find /i "Service Pack" check.txt>OS2check.txt

@find /i "1" OS2check.txt>nul && set OS2=Service Pack 1

@find /i "2" OS2check.txt>nul && set OS2=Service Pack 2

@find /i "3" OS2check.txt>nul && set OS2=Service Pack 3

@find /i "4" OS2check.txt>nul && set OS2=Service Pack 4

"%cd%\Other\swreg.exe" query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System">UAC.txt

@find /i "EnableLUA" "UAC.txt">"UAC2.txt"

@find /I "1 " "UAC2.txt">nul && set UAC=(UAC is enabled)

@find /I "0 " "UAC2.txt">nul && set UAC=(UAC is disabled!)

:uacskip

echo. %OS1% %OS2% %UAC%>>prelimcheckup.txt

@find /i "windows" "prelimcheckup.txt">nul || echo. Error getting OS version

@find /i "2000" prelimcheckup.txt>nul && @find /i "2000 Service Pack 4" prelimcheckup.txt>nul || echo. Out of date service pack!!>>prelimcheckup.txt

@find /i "Vista" prelimcheckup.txt>nul && @find /i "Vista Service Pack 2" prelimcheckup.txt>nul || echo. Out of date service pack!!>>prelimcheckup.txt

@find /i "XP" prelimcheckup.txt>nul && @find /i "XP Service Pack 3" prelimcheckup.txt>nul || echo. Out of date service pack!!>>prelimcheckup.txt

 

:IE version

"%cd%\other\SWreg.exe" query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Version Vector">IEversion.txt

Find /I "IE" "IEVersion.txt">IEVersion2.txt

@FOR /F "eol=- tokens=1-3* delims= " %%a in (IEVersion2.txt) do echo.%%c>IEVersion3.txt

 

@FOR /F "eol=- tokens=1 delims=." %%# in (IEVersion3.txt) do (

if "%%#" LSS "8" (

echo. Internet Explorer %%# Out of date!>>prelimcheckup.txt

) else (

echo. Internet Explorer 8 >>prelimcheckup.txt

)

)

 

cls

echo.

echo.

echo.

echo.

echo.

echo.

echo.

echo. Collecting Information Done

 

"%cd%\Other\nircmdc.exe" wait 3000

 

:preparing

 

cls

echo.

echo.

echo.

echo.

echo.

echo.

echo.

echo. ``Preparing``

 

objlist.exe "programlist"

if exist install.txt goto processlist1

objlist.exe "programlist"

if exist install.txt goto processlist1

objlist.exe "programlist"

if exist install.txt goto processlist1

if ERRORLEVEL 1 echo. Error creating install.txt after 3 tries! Trying alternate method...>>prelimcheckup.txt

uninstalllist.exe

 

:processlist1

objlist.exe "processlist"

if exist process.txt goto preantivirus

objlist.exe "processlist"

if exist process.txt goto preantivirus

objlist.exe "processlist"

if exist process.txt goto preantivirus

if ERRORLEVEL 1 echo. Error creating process.txt after after 3 tries! Trying Alternate method...>>prelimproccheck.txt

runprocesses.exe

 

if exist process.txt (

goto preantivirus

) else (

echo. Error creating Process List-- tell your Helper>>prelimcheckup.txt

)

 

:preantivirus

 

cls

echo.

echo.

echo.

echo.

echo.

echo.

echo.

echo. ``Preparing Done!``

"%cd%\Other\nircmdc.exe" wait 3000

 

goto antivirus

 

:antivirus

echo.

echo.``````````````````````````````>>prelimcheckup.txt

echo.Antivirus/Firewall Check:>>prelimcheckup.txt

 

if not exist "C:\windows\system32\sc.exe" goto skipwscsvccheck && echo. sc.exe missing!>>prelimcheckup.txt

sc query "wscsvc">wscsvc1.txt

@find /I "RUNNING" wscsvc1.txt>nul || echo. Windows Security Center service is not running! This report may not be accurate!>>prelimcheckup.txt

 

:skipwscsvccheck

 

if not exist "C:\windows\system32\netsh.exe" goto skipfirewallcheck && echo. netsh.exe missing!>>prelimcheckup.txt

netsh firewall show state>fw1.txt

"%cd%\Other\nircmdc.exe" wait 2000

@find /I "Operational" fw1.txt>fw2.txt

@find /I "Enable" fw2.txt >nul && echo. Windows Firewall Enabled! >>prelimcheckup.txt

@find /I "Disable" fw2.txt >nul && echo. Windows Firewall Disabled! >>prelimcheckup.txt

 

:skipfirewallcheck

 

FIND /I "V3 VirusBlock" install.txt>>prelimviruscheck.txt

FIND /V /I "V3 VirusBlock" install.txt>install2.txt

FIND /I "avast! 4 Small Business Server Edition" install2.txt>>prelimviruscheck.txt

FIND /V /I "avast! 4 Small Business Server Edition" install2.txt>install3.txt

FIND /I "avast! Antivirus" install3.txt>>prelimviruscheck.txt

FIND /V /I "avast! Antivirus" install3.txt>install4.txt

FIND /I "avast! 4 SBS Edition" install4.txt>>prelimviruscheck.txt

FIND /V /I "avast! 4 SBS Edition" install4.txt>install5.txt

FIND /I "AVG Internet Security" install5.txt>>prelimviruscheck.txt

FIND /V /I "AVG Internet Security" install5.txt>install6.txt

FIND /I "AVG Anti-Virus" install6.txt>>prelimviruscheck.txt

FIND /V /I "AVG Anti-Virus" install6.txt>install7.txt

FIND /I "avast!" install7.txt>>prelimviruscheck.txt

FIND /V /I "avast!" install7.txt>install8.txt

FIND /I "AVG" install8.txt>>prelimviruscheck.txt

FIND /V /I "AVG" install8.txt>install9.txt

FIND /I "Avira AntiVir Personal - Free Antivirus" install9.txt>>prelimviruscheck.txt

FIND /V /I "Avira AntiVir Personal - Free Antivirus" install9.txt>install10.txt

FIND /I "Avira AntiVir Premium" install10.txt>>prelimviruscheck.txt

FIND /V /I "Avira AntiVir Premium" install10.txt>install11.txt

FIND /I "Avira AntiVir Professional" install11.txt>>prelimviruscheck.txt

FIND /V /I "Avira AntiVir Professional" install11.txt>install12.txt

FIND /I "Avira" install12.txt>>prelimviruscheck.txt

FIND /V /I "Avira" install12.txt>install13.txt

FIND /I "Rising Antivirus" install13.txt>>prelimviruscheck.txt

FIND /V /I "Rising Antivirus" install13.txt>install14.txt

FIND /I "BullGuard" install14.txt>>prelimviruscheck.txt

FIND /V /I "BullGuard" install14.txt>install15.txt

FIND /I "eTrust Antivirus" install15.txt>>prelimviruscheck.txt

FIND /V /I "eTrust Antivirus" install15.txt>install16.txt

FIND /I "Quick Heal" install16.txt>>prelimviruscheck.txt

FIND /V /I "Quick Heal" install16.txt>install17.txt

FIND /I "ClamWin" install17.txt>>prelimviruscheck.txt

FIND /V /I "ClamWin" install17.txt>install18.txt

FIND /I "EarthLink Protection" install18.txt>>prelimviruscheck.txt

FIND /V /I "EarthLink Protection" install18.txt>install19.txt

FIND /I "Aluria Security" install19.txt>>prelimviruscheck.txt

FIND /V /I "Aluria Security" install19.txt>install20.txt

FIND /I "Digital Security Blink Professional" install20.txt>>prelimviruscheck.txt

FIND /V /I "Digital Security Blink Professional" install20.txt>install21.txt

FIND /I "NOD32 Antivirus" install21.txt>>prelimviruscheck.txt

FIND /V /I "NOD32 Antivirus" install21.txt>install22.txt

FIND /I "ESET" install22.txt>>prelimviruscheck.txt

FIND /V /I "ESET" install22.txt>install23.txt

FIND /I "F-Prot Antivirus" install23.txt>>prelimviruscheck.txt

FIND /V /I "F-Prot Antivirus" install23.txt>install24.txt

FIND /I "F-Secure Anti-Virus" install24.txt>>prelimviruscheck.txt

FIND /V /I "F-Secure Anti-Virus" install24.txt>install25.txt

FIND /I "F-Secure Internet Security" install25.txt>>prelimviruscheck.txt

FIND /V /I "F-Secure Internet Security" install25.txt>install26.txt

FIND /I "ViRobot Expert" install26.txt>>prelimviruscheck.txt

FIND /V /I "ViRobot Expert" install26.txt>install27.txt

FIND /I "Kaspersky Anti-Virus" install27.txt>>prelimviruscheck.txt

FIND /V /I "Kaspersky Anti-Virus" install27.txt>install28.txt

FIND /I "Kaspersky Internet Security" "install28.txt" >>prelimviruscheck.txt

FIND /V /I "Kaspersky Internet Security" "install28.txt" >install29.txt

FIND /I "McAfee VirusScan" "install29.txt" >>prelimviruscheck.txt

FIND /V /I "McAfee VirusScan" "install29.txt" >install30.txt

FIND /I "McAfee Total Protection" "install30.txt" >>prelimviruscheck.txt

FIND /V /I "McAfee Total Protection" "install30.txt" >install31.txt

FIND /I "McAfee Internet Security" "install31.txt" >>prelimviruscheck.txt

FIND /V /I "McAfee Internet Security" "install31.txt" >install32.txt

FIND /I "OneCare" "install32.txt" >>prelimviruscheck.txt

FIND /V /I "OneCare" "install32.txt" >install33.txt

FIND /I "Norman" "install33.txt" >>prelimviruscheck.txt

FIND /V /I "Norman" "install33.txt" >install34.txt

FIND /I "Panda for Desktops" "install34.txt" >>prelimviruscheck.txt

FIND /V /I "Panda for Desktops" "install34.txt" >install35.txt

FIND /I "OneCare" "install35.txt" >>prelimviruscheck.txt

FIND /V /I "OneCare" "install35.txt" >install36.txt

FIND /I "Panda Antivirus" "install36.txt" >>prelimviruscheck.txt

FIND /V /I "Panda Antivirus" "install36.txt" >install37.txt

FIND /I "Panda Internet Security" "install37.txt" >>prelimviruscheck.txt

FIND /V /I "Panda Internet Security" "install37.txt" >install38.txt

FIND /I "Panda Global Protection" "install38.txt" >>prelimviruscheck.txt

FIND /V /I "Panda Global Protection" "install38.txt" >install39.txt

FIND /I "Panda Platinum" "install39.txt" >>prelimviruscheck.txt

FIND /V /I "Panda Platinum" "install39.txt" >install40.txt

FIND /I "Panda Titanium" "install40.txt" >>prelimviruscheck.txt

FIND /V /I "Panda Titanium" "install40.txt" >install41.txt

FIND /I "BitDefender" "install41.txt" >>prelimviruscheck.txt

FIND /V /I "BitDefender" "install41.txt" >install42.txt

FIND /I "Sophos Anti-Virus" "install42.txt" >>prelimviruscheck.txt

FIND /V /I "Sophos Anti-Virus" "install42.txt" >install43.txt

FIND /I "Norton AntiVirus" "install43.txt" >>prelimviruscheck.txt

FIND /V /I "Norton AntiVirus" "install43.txt" >install44.txt

FIND /I "Symantec EndPoint Protection" "install44.txt" >>prelimviruscheck.txt

FIND /V /I "Symantec EndPoint Protection" "install44.txt" >install45.txt

FIND /I "Symantec Antivirus" "install45.txt" >>prelimviruscheck.txt

FIND /V /I "Symantec Antivirus" "install45.txt" >install46.txt

FIND /I "Norton Internet Security" "install46.txt" >>prelimviruscheck.txt

FIND /V /I "Norton Internet Security" "install46.txt" >install47.txt

FIND /I "Norton System Works" "install47.txt" >>prelimviruscheck.txt

FIND /V /I "Norton System Works" "install47.txt" >install48.txt

FIND /I "PC-Cillin Internet Security" "install48.txt" >>prelimviruscheck.txt

FIND /V /I "PC-Cillin Internet Security" "install48.txt" >install49.txt

FIND /I "Trend Micro Internet Security" "install49.txt" >>prelimviruscheck.txt

FIND /V /I "Trend Micro Internet Security" "install49.txt" >install50.txt

FIND /I "Online Armor 3.5" "install50.txt" >>prelimviruscheck.txt

FIND /V /I "Online Armor 3.5" "install50.txt" >install51.txt

FIND /I "Kerio Personal Firewall 2.1.5" "install51.txt" >>prelimviruscheck.txt

FIND /V /I "Kerio Personal Firewall 2.1.5" "install51.txt" >install52.txt

FIND /I "NETGEAR ProSafe Firewall Router" "install52.txt" >>prelimviruscheck.txt

FIND /V /I "NETGEAR ProSafe Firewall Router" "install52.txt" >install53.txt

FIND /I "Trend Micro Officescan Client" "install53.txt" >>prelimviruscheck.txt

FIND /V /I "Trend Micro Officescan Client" "install53.txt" >install54.txt

FIND /I "Authentium AntiVirus" "install54.txt" >>prelimviruscheck.txt

FIND /V /I "Authentium AntiVirus" "install54.txt" >install55.txt

FIND /I "Sunbelt Personal Firewall" "install55.txt" >>prelimviruscheck.txt

FIND /V /I "Sunbelt Personal Firewall" "install55.txt" >install56.txt

FIND /I "COMODO Firewall Pro" "install56.txt" >>prelimviruscheck.txt

FIND /V /I "COMODO Firewall Pro" "install56.txt" >install57.txt

FIND /I "Privatefirewall 6.1" "install57.txt" >>prelimviruscheck.txt

FIND /V /I "Privatefirewall 6.1" "install57.txt" >install58.txt

FIND /I "Comodo Firewall" "install58.txt" >>prelimviruscheck.txt

FIND /V /I "Comodo Firewall" "install58.txt" >install59.txt

FIND /I "Norton Personal Firewall" "install59.txt" >>prelimviruscheck.txt

FIND /V /I "Norton Personal Firewall" "install59.txt" >install60.txt

FIND /I "Aluria Firewall" "install60.txt" >>prelimviruscheck.txt

FIND /V /I "Aluria Firewall" "install60.txt" >install61.txt

FIND /V /I "EzTrends" "install61.txt" >install62.txt

FIND /I "Norton 360" "install62.txt">nul && echo. Norton 360>>prelimviruscheck.txt

FIND /V /I "Norton 360" "install62.txt" >install63.txt

FIND /I "TrustPort Antivirus" "install63.txt" >>prelimviruscheck.txt

FIND /V /I "TrustPort Antivirus" "install63.txt" >install64.txt

FIND /V /I "malw" "install64.txt" >install65.txt

FIND /V /I "virustotal" "install65.txt" >install66.txt

FIND /V /I "Comodo Memory Firewall" "install66.txt" >install67.txt

FIND /I "DriveSentry" "install67.txt" >>prelimviruscheck.txt

FIND /V /I "TrendProtect" "install67.txt" >install68.txt

FIND /V /I "SiteAdvisor" "install68.txt" >install69.txt

FIND /V /I "RegScanner" "install69.txt" >install70.txt

FIND /I "Outpost Firewall 2009" "install70.txt" >>prelimviruscheck.txt

FIND /V /I "Outpost Firewall 2009" "install70.txt" >install71.txt

 

"%cd%\other\SWreg.exe" query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run">hklmrun.txt

FIND /I "iolo AntiVirus" "hklmrun.txt">nul && echo. iolo Antivirus>>prelimviruscheck.txt

FIND /I "iolo Personal Firewall" "hklmrun.txt">nul && echo. iolo Personal Firewall>>prelimviruscheck.txt

@FOR /F "eol=- tokens=1-5* delims= " %%a in (prelimviruscheck.txt) do @echo. %%a %%b %%c %%d %%e %%f>>prelimcheckup.txt

FIND /I "virus" "install71.txt" >>prelimviruscheck2.txt

FIND /V /I "virus" "install71.txt" >install72.txt

FIND /I "firewall" "install72.txt" >>prelimviruscheck2.txt

FIND /V /I "firewall" "install72.txt" >install73.txt

FIND /I "squared" "install73.txt" >>prelimviruscheck2.txt

FIND /I "DefenseWall" "install73.txt" >>prelimviruscheck2.txt

FIND /I "etrust" "install73.txt" >>prelimviruscheck2.txt

FIND /I "armor" "install73.txt" >>prelimviruscheck2.txt

FIND /I "McAfee" "install73.txt" >>prelimviruscheck2.txt

FIND /I "ZoneAlarm" "install73.txt" >>prelimviruscheck2.txt

FIND /I "bullguard" "install73.txt" >>prelimviruscheck2.txt

FIND /I "trend" "install73.txt" >>prelimviruscheck2.txt

FIND /I "prevx" "install73.txt" >>prelimviruscheck2.txt

FIND /I "outpost" "install73.txt" >>prelimviruscheck2.txt

FIND /I "AT^&T Internet Security" "install73.txt" >>prelimviruscheck2.txt

FIND /I "iolo" "install73.txt" >>prelimviruscheck2.txt

FIND /I "Microsoft Security Essentials" "install73.txt" >>prelimviruscheck2.txt

 

@FOR /F "eol=- tokens=1-5* delims= " %%4 in (prelimviruscheck2.txt) do @echo. %%4 %%5 %%6 %%7 %%8 %%9>>prelimcheckup.txt

If exist "%systemroot%\System32\wbem\wmic.exe" (

goto SecurityCenter

) else (

goto autoupdate

)

 

:SecurityCenter

find /i "Vista" "prelimcheckup.txt">nul && goto VistaWMI

find /i "Windows 7" "prelimcheckup.txt">nul && goto VistaWMI

find /i "XP" "prelimcheckup.txt">nul && goto XPWMI

 

:VistaWMI

@wmic /namespace:\\root\SecurityCenter2 PATH AntivirusProduct GET productUptoDate >AVupdatestatus.txt 2>nul

"%cd%\Other\nircmdc.exe" wait 2000

@wmic /namespace:\\root\securitycenter2 PATH antivirusproduct GET onaccessscanningenabled>AVscanstatus.txt 2>nul

"%cd%\Other\nircmdc.exe" wait 2000

goto next

 

:XPWMI

@wmic /namespace:\\root\SecurityCenter PATH AntivirusProduct GET productUptoDate >AVupdatestatus.txt 2>nul

"%cd%\Other\nircmdc.exe" wait 2000

@wmic /namespace:\\root\securitycenter PATH antivirusproduct GET onaccessscanningenabled>AVscanstatus.txt 2>nul

"%cd%\Other\nircmdc.exe" wait 2000

goto next

 

:next

if not exist AVupdatestatus.txt echo. WMIC error!>>prelimcheckup.txt && goto preantispy

if not exist AVscanstatus.txt echo. WMIC error!>>prelimcheckup.txt && goto preantispy

@Find /I "true" AVupdatestatus.txt>nul && set updatestatus=Antivirus up to date!

@Find /I "false" AVupdatestatus.txt>nul && set updatestatus=Antivirus out of date!

@find /i "false" AVscanstatus.txt>nul && set scanstatus=(On Access scanning disabled!)

if "%updatestatus% %scanstatus%"==" " (

echo. WMI entry may not exist for antivirus; attempting automatic update.>>prelimcheckup.txt

) && (

goto autoupdate

)

 

echo. %updatestatus% %scanstatus%>>prelimcheckup.txt

@find /i "date" prelimcheckup.txt>nul || @echo. Error obtaining update status for antivirus! >>prelimcheckup.txt

goto preantispy

 

:autoupdate

 

cls

echo.

echo.

echo.

echo.

echo.

echo.

echo.

echo. Attempting to update antivirus.

 

"%cd%\Other\nircmdc.exe" wait 3000

 

cls

if exist "%programfiles%\Avira\AntiVir Desktop\avcenter.exe" (

"%programfiles%\Avira\AntiVir Desktop\avcenter.exe" /STARTUPDATE

) && (

echo. Avira successfully updated!>>prelimcheckup.txt

)

if exist "%programfiles%\alwil software\avast4\ashupd.exe" (

"%programfiles%\alwil software\avast4\ashupd.exe" program /silent

) && (

echo. avast! successfully updated!>>prelimcheckup.txt

)

if exist "%programfiles%\Microsoft Security Essentials\MpCmdRun.exe" (

"%programfiles%\Microsoft Security Essentials\MpCmdRun.exe" /SignatureUpdate

) && (

echo. Microsoft Security Essentials successfully updated!>>prelimcheckup.txt

)

if exist "%programfiles%\AVG\AVG9\avgupd.exe" (

"%programfiles%\AVG\AVG9\avgupd.exe" /update

) && (

echo. AVG9 successfully updated!>>prelimcheckup.txt

)

echo.

:preantispy

"%cd%\Other\nircmdc.exe" wait 3000

 

cls

echo.

echo.

echo.

echo.

echo.

echo.

echo.

echo. ``Antivirus/Firewall Check Done!``

 

"%cd%\Other\nircmdc.exe" wait 3000

 

goto antispy

:antispy

echo.>>prelimcheckup.txt

echo.```````````````````````````````>>prelimcheckup.txt

echo.Anti-malware/Other Utilities Check:>>prelimcheckup.txt

FIND /I "spy" "install.txt" >prelimspycheck.txt

FIND /I "Destroy 1.3" "prelimspycheck.txt">nul && echo. Out of date Spybot installed!>>prelimcheckup.txt

FIND /I "Destroy 1.4" "prelimspycheck.txt">nul && echo. Out of date Spybot installed!>>prelimcheckup.txt

FIND /I "Destroy 1.5" "prelimspycheck.txt">nul && echo. Out of date Spybot installed!>>prelimcheckup.txt

FIND /I "Windows Defender" "install.txt" >>prelimspycheck.txt

FIND /I "ad-aware" "install.txt" >nul && echo. Ad-Aware>>prelimcheckup.txt

FIND /I "WinPatrol 2009" "install.txt" >nul && echo. WinPatrol 2009>>prelimcheckup.txt

FIND /I "WinPatrol 2008" "install.txt">nul && echo. WinPatrol 2008 (Outdated! Latest version is WinPatrol 2009)>>prelimcheckup.txt

FIND /I "WinPatrol 2007" "install.txt" >nul && echo. WinPatrol 2007 (Outdated! Latest version is WinPatrol 2009)>>prelimcheckup.txt

FIND /I "trendprotect" "install.txt" >>prelimspycheck.txt

FIND /I "ThreatFire" "install.txt" >>prelimspycheck.txt

FIND /I "Mamutu" "install.txt" >>prelimspycheck.txt

FIND /I "web of trust" "install.txt" >>prelimspycheck.txt

FIND /I "SpywareBlaster 4.1" "install.txt">nul && echo SpywareBlaster 4.1 Out of Date!>>prelimspycheck.txt

FIND /I "SpywareBlaster 4.2" "install.txt">nul && echo SpywareBlaster 4.2 Out of Date!>>prelimspycheck.txt

FIND /I "SpywareBlaster 4.3" "install.txt" >>prelimspycheck.txt

FIND /I "Finjan" "install.txt" >>prelimspycheck.txt

FIND /I "siteadvisor" "install.txt" >>prelimspycheck.txt

FIND /I "RegProt" "hklmrun.txt">nul && echo. DiamondCS RegProt>>prelimspycheck.txt

FIND /I "Norton Ghost" "install.txt" >>prelimspycheck.txt

if exist "%systemdrive%\IE-SPYAD" @echo. IE SpyAd >>prelimspycheck.txt

FIND /I "Secunia" "install.txt" >>prelimspycheck.txt

@COPY /Y "%SystemRoot%\system32\drivers\etc\HOSTS" "hostcopy.txt" >nul

FIND /I "MVPS" "hostcopy.txt" >>nul && echo. MVPS Hosts File >>prelimcheckup.txt

FIND /I "BOClean" "install.txt" >>prelimspycheck.txt

FIND /I "hosts" "install.txt" >>prelimspycheck.txt

FIND /I "virustotal" "install.txt" >>prelimspycheck.txt

FIND /I "Key Scrambler" "install.txt" >>prelimspycheck.txt

FIND /I "WindowsCare" "install.txt" >>prelimspycheck.txt

if exist "%windir%\gmer.exe" @echo. Gmer >>prelimspycheck.txt

FIND /I "RegSupreme" "install.txt" >>prelimspycheck.txt

FIND /I "Trojan Remover" "install.txt" >>prelimspycheck.txt

FIND /I "Free Internet Window Washer" "install.txt" >>prelimspycheck.txt

if exist "%userprofile%\Desktop\cwshredder.exe" @echo. CWShredder >>prelimspycheck.txt

FIND /I "rootkit" "install.txt" >>prelimspycheck.txt

FIND /I "Zemana" "install.txt" >>prelimspycheck.txt

FIND /I "Malwarebytes' Anti-Malware" "install.txt" > nul && echo. Malwarebytes' Anti-Malware >prelimspycheck.txt

FIND /I "HijackThis 1.99.1" "install.txt" >>prelimspycheck.txt && echo. Out of date HijackThis installed!>>prelimcheckup.txt

FIND /I "HijackThis 2.0.2" "install.txt" >>prelimspycheck.txt

FIND /I "HijackThis 2.0.3" "install.txt" >>prelimspycheck.txt

FIND /I "runscanner" "install.txt" >>prelimspycheck.txt

FIND /I "tuneup" "install.txt" >>prelimspycheck.txt

FIND /I "Comodo Memory Firewall" "install.txt" >>prelimspycheck.txt

FIND /I "cleaner" "install.txt" >>prelimspycheck.txt

FIND /I "RegScanner" "install.txt" >>prelimspycheck.txt

FIND /I "DriveSentry" "install.txt" >>prelimspycheck.txt

FIND /I "Java" "install.txt" >>prelimspycheck.txt

FIND /V "Java 6 Update 23" "prelimspycheck.txt">java.txt

FIND /I "Java 6 Update 1" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 2" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 3" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 4" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 5" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 6" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 7" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 8" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 9" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 10" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 11" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 12" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 13" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 14" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 15" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 16" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 17" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 18" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 19" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 20" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 21" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

FIND /I "Java 6 Update 22" "java.txt">nul && echo. Out of date Java installed!>>prelimspycheck.txt

Find /I "Out of date Java installed" "prelimspycheck.txt">nul && goto javanext

:javanext

@FOR /F "eol=- tokens=1-4* delims= " %%j in (prelimspycheck.txt) do @echo. %%j %%k %%l %%m %%n>>prelimcheckup.txt

FIND /I "Adobe Flash" install.txt>flashcheck.txt

FIND /I "Adobe Flash Player 9" "install.txt" >nul && echo. Adobe Flash Player 9 (Out of date Flash Player installed!)>>prelimcheckup.txt

FIND /I "Adobe Flash Player 8" "install.txt" >nul && echo. Adobe Flash Player 8 (Out of date Flash Player installed!)>>prelimcheckup.txt

FIND /I "Adobe Flash Player 7" "install.txt" >nul && echo. Adobe Flash Player 7 (Out of date Flash Player installed!)>>prelimcheckup.txt

FIND /I "Adobe Flash Player 6" "install.txt" >nul && echo. Adobe Flash Player 6 (Out of date Flash Player installed!)>>prelimcheckup.txt

 

"%cd%\other\swreg.exe" query "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin">flash.txt

find /i "DisplayVersion" "flash.txt">flash2.txt

for /f "tokens=1-5* eol=- delims= " %%a in (flash2.txt) do echo.%%b>flash3.txt

for /f "tokens=1-3 delims= " %%a in (flash3.txt) do echo.%%a>flash4.txt && set flash=%%a

for /f "tokens=3 delims=." %%a in (flash4.txt) do echo.%%a>flash5.txt

if %%a lss "45" do echo.Flash Player Out of Date!>flash6.txt

 

 

FIND /I "Adobe Flash Player 10" "flashcheck.txt">nul && echo. Adobe Flash Player %flash%>>prelimcheckup.txt

 

FIND /I "Adobe Reader" install.txt>nul || goto adobenext

FIND /I "Adobe Reader" install.txt>readercheck.txt

FIND /I /V "Spelling" "readercheck.txt">readercheck2.txt

FIND /I "Adobe Reader" "readercheck2.txt" >>prelimcheckup.txt

FIND /I "Adobe Reader X" "readercheck2.txt">nul || @echo.Out of date Adobe Reader installed!>>prelimcheckup.txt

 

 

 

 

:adobenext

 

 

find /i "Firefox" "install.txt">ff2.txt

for /f "tokens=1-2 delims=( eol=-" %%a in (ff2.txt) do echo.%%b>ff3.txt

for /f "tokens=1 delims=) eol=-" %%a in (ff3.txt) do echo.%%a>ff4.txt

for /f "tokens=1-3 delims=. eol=-" %%a in (ff4.txt) do (

if "%%a" lss "3" echo. Mozilla Firefox (%%a.%%b.%%c^) Firefox Out of Date!>>prelimcheckup.txt && goto ffnext

if "%%b" lss "6" echo. Mozilla Firefox (%%a.%%b.%%c^) Firefox Out of Date!>>prelimcheckup.txt && goto ffnext

if "%%c" lss "13" echo. Mozilla Firefox (%%a.%%b.%%c^) Firefox Out of Date!>>prelimcheckup.txt && goto ffnext

echo. Mozilla Firefox (%%a.%%b.%%c^)>>prelimcheckup.txt

)

:ffnext

find /i "Thunderbird" "install.txt">tb2.txt

for /f "tokens=1-2 delims=( eol=-" %%a in (tb2.txt) do echo.%%b>tb3.txt

for /f "tokens=1 delims=) eol=-" %%a in (tb3.txt) do echo.%%a>tb4.txt

for /f "tokens=1-3 delims=. eol=-" %%a in (tb4.txt) do (

if "%%a" lss "3" echo. Mozilla Thunderbird (%%a.%%b.%%c^) Thunderbird Out of Date!>>prelimcheckup.txt && goto tbnext

if "%%b" lss "1" echo. Mozilla Thunderbird (%%a.%%b.%%c^) Thunderbird Out of Date!>>prelimcheckup.txt && goto tbnext

if "%%c" lss "7" echo. Mozilla Thunderbird (%%a.%%b.%%c^) Thunderbird Out of Date!>>prelimcheckup.txt && goto tbnext

echo. Mozilla Thunderbird (%%a.%%b.%%c^)>>prelimcheckup.txt

)

:tbnext

FIND /V /I "MalwareRemovalBot" "install.txt">"rogue1.txt"

FIND /I "MalwareRemovalBot" "install.txt">nul && echo. MalwareRemovalBot <-- ROGUE![/color>>prelimcheckup.txt

FIND /I "malw" "rogue1.txt" >>prelimspycheck.txt

 

 

cls

echo.

echo.

echo.

echo.

echo.

echo.

echo.

echo. ``Anti-malware/Other utilities Check Done!``

 

"%cd%\Other\nircmdc.exe" wait 3000

 

goto processcheck

:processcheck

echo.

echo.>>prelimcheckup.txt

echo.````````````````````````````````>>prelimcheckup.txt

echo.Process Check: >>prelimcheckup.txt

echo.objlist.exe by Laurent>>prelimcheckup.txt

Find /I "ccSvcHst.exe" "process.txt" >nul && echo. Norton ccSvcHst.exe>>prelimcheckup.txt

Find /V /I "ccSvcHst.exe" "process.txt">process2.txt

Find /I "MsMpEng.exe" "process2.txt" >nul && echo. Windows Defender MSMpEng.exe>>prelimcheckup.txt

Find /I "MSASCui.exe" "process2.txt">nul && echo. Windows Defender MSASCui.exe>>prelimcheckup.txt

Find /I "AAWService.exe" "process2.txt">nul && echo. Ad-Aware AAWService.exe>>prelimcheckup.txt

Find /I "AAWTray.exe" "process2.txt">nul && echo. Ad-Aware AAWTray.exe>>prelimcheckup.txt

Find /I "Ad-Aware" "install.txt">nul || goto adawareskip

Find /I "AAWService.exe" "prelimcheckup.txt">nul || echo. Ad-Aware AAWService.exe is disabled!>>prelimcheckup.txt

Find /I "AAWTray.exe" "prelimcheckup.txt">nul || echo. Ad-Aware AAWTray.exe is disabled!>>prelimcheckup.txt

:adawareskip

Find /I "winpatrol.exe" "process2.txt">nul && echo. WinPatrol winpatrol.exe>>prelimcheckup.txt

Find /I "WinPatrol" "install.txt">nul || goto winpatrolskip

Find /I "winpatrol.exe" "prelimcheckup.txt">nul || echo. WinPatrol winpatrol.exe is disabled!>>prelimcheckup.txt

:winpatrolskip

FIND /I "egui.exe" "process2.txt">nul && echo. ESET NOD32 Antivirus egui.exe

FIND /V /I "egui.exe" "process2.txt">process4.txt

FIND /I "ekrn.exe" "process4.txt">nul && echo. ESET NOD32 Antivirus ekrn.exe

FIND /V /I "ekrn.exe" "process4.txt">process5.txt

FIND /I "MBAMservice" "process5.txt" >nul && echo. Malwarebytes' Anti-Malware mbamservice.exe >>prelimcheckup.txt

FIND /V /I "MBAMservice" "process5.txt">process6.txt

FIND /I "MBAMgui" "process6.txt" >nul && echo. Malwarebytes' Anti-Malware mbamgui.exe >>prelimcheckup.txt

FIND /V /I "MBAMgui" "process6.txt">process7.txt

FIND /I "mbam.exe" "process7.txt" >nul && echo. Malwarebytes' Anti-Malware mbam.exe >>prelimcheckup.txt

FIND /V /I "mbam.exe" "process7.txt">process8.txt

FIND /I "Spybot" "process8.txt" >>prelimproccheck.txt && @FIND /I "teatimer" "prelimproccheck.txt">nul || echo. Spybot Teatimer.exe is disabled!>>prelimcheckup.txt

Find /I "Spybot" "install.txt">nul || goto spybotskip

"%cd%\other\SWreg.exe" query "HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects">BHO.txt

find /I "53707962-6F74-2D53-2644-206D7942484F" BHO.txt>nul && echo Spybot SDHelper Enabled>>prelimproccheck.txt

find /I "53707962-6F74-2D53-2644-206D7942484F" BHO.txt>nul || echo Spybot SDHelper is disabled!>>prelimproccheck.txt

:spybotskip

FIND /I "avgwdsvc.exe" "process8.txt">nul && echo. AVG avgwdsvc.exe>>prelimcheckup.txt

FIND /V /I "avgwdsvc.exe" "process8.txt">process9.txt

FIND /I "avgtray.exe" "process9.txt">nul && echo. AVG avgtray.exe>>prelimcheckup.txt

FIND /V /I "avgtray.exe" "process9.txt">process10.txt

FIND /I "avgrsx.exe" "process10.txt">nul && echo. AVG avgrsx.exe>>prelimcheckup.txt

FIND /V /I "avgrsx.exe" "process10.txt">process11.txt

FIND /I "avgnsx.exe" "process11.txt">nul && echo. AVG avgnsx.exe>>prelimcheckup.txt

FIND /V /I "avgnsx.exe" "process11.txt">process12.txt

FIND /I "avgemc.exe" "process12.txt">nul && echo. AVG avgemc.exe>>prelimcheckup.txt

FIND /V /I "avgemc.exe" "process12.txt">process13.txt

FIND /I "avgcsrvx.exe" "process13.txt">nul && echo. AVG avgemc.exe>>prelimcheckup.txt

FIND /V /I "avgcsrvx.exe" "process13.txt">process14.txt

FIND /I "avgnt.exe" "process14.txt">nul && echo. Avira Antivir avgnt.exe>>prelimcheckup.txt

FIND /V /I "avgnt.exe" "process14.txt">process15.txt

FIND /I "avguard.exe" "process15.txt">nul && echo. Avira Antivir avguard.exe>>prelimcheckup.txt

FIND /V /I "avguard.exe" "process15.txt">process16.txt

FIND /I "persfw.exe" "process16.txt">nul && echo. Kerio Personal Firewall persfw.exe>>prelimcheckup.txt

FIND /V /I "persfw.exe" "process16.txt">process17.txt

FIND /I "OAcat.exe" "process17.txt">nul && echo. Tall Emu Online Armor OAcat.exe>>prelimcheckup.txt

FIND /V /I "OAcat.exe" "process17.txt">process18.txt

FIND /I "oasrv.exe" "process18.txt">nul && echo. Tall Emu Online Armor oasrv.exe>>prelimcheckup.txt

FIND /V /I "oasrv.exe" "process18.txt">process19.txt

FIND /I "oaui.exe" "process19.txt">nul && echo. Tall Emu Online Armor oaui.exe>>prelimcheckup.txt

FIND /V /I "oaui.exe" "process19.txt">process20.txt

FIND /I "OAhlp.exe" "process20.txt">nul && echo. Tall Emu Online Armor OAhlp.exe>>prelimcheckup.txt

FIND /V /I "OAhlp.exe" "process20.txt">process21.txt

FIND /I "pccntmon.exe" "process21.txt">nul && echo. Trend Micro OfficeScan Client pccntmon.exe>>prelimcheckup.txt

FIND /V /I "pccntmon.exe" "process21.txt">process22.txt

FIND /I "aswUpdSv.exe" "process22.txt">nul && echo. Alwil Software Avast4 aswUpdSv.exe>>prelimcheckup.txt

FIND /V /I "aswUpdSv.exe" "process22.txt">process23.txt

FIND /I "ashServ.exe" "process23.txt">nul && echo. Alwil Software Avast4 ashServ.exe>>prelimcheckup.txt

FIND /V /I "ashServ.exe" "process23.txt">process24.txt

FIND /I "ashDisp.exe" "process24.txt">nul && echo. Alwil Software Avast4 ashDisp.exe>>prelimcheckup.txt

FIND /V /I "ashDisp.exe" "process24.txt">process25.txt

FIND /I "ashMaiSv.exe" "process25.txt">nul && echo. Alwil Software Avast4 ashMaiSv.exe>>prelimcheckup.txt

FIND /V /I "ashMaiSv.exe" "process25.txt">process26.txt

FIND /I "ashWebSv.exe" "process26.txt">nul && echo. Alwil Software Avast4 ashWebSv.exe>>prelimcheckup.txt

FIND /V /I "ashWebSv.exe" "process26.txt">process27.txt

FIND /I "TFTray.exe" "process27.txt">nul && echo. ThreatFire TFTray.exe>>prelimcheckup.txt

FIND /V /I "TFTray.exe" "process27.txt">process28.txt

FIND /I "TFService.exe" "process28.txt">nul && echo. ThreatFire TFService.exe>>prelimcheckup.txt

FIND /V /I "TFService.exe" "process28.txt">process29.txt

FIND /I "SbPFLnch.exe" "process29.txt">nul && echo. Sunbelt Software Personal Firewall SbPFLnch.exe>>prelimcheckup.txt

FIND /V /I "SbPFLnch.exe" "process29.txt">process30.txt

FIND /I "SbPFSvc.exe" "process30.txt">nul && echo. Sunbelt Software Personal Firewall SbPFSvc.exe>>prelimcheckup.txt

FIND /V /I "SbPFSvc.exe" "process30.txt">process31.txt

FIND /I "SbPFCl.exe" "process31.txt">nul && echo. Sunbelt Software Personal Firewall SbPFCl.exe>>prelimcheckup.txt

FIND /V /I "SbPFCl.exe" "process31.txt">process32.txt

FIND /I "cmdagent.exe" "process32.txt">nul && echo. Comodo Firewall cmdagent.exe>>prelimcheckup.txt

FIND /V /I "cmdagent.exe" "process32.txt">process33.txt

FIND /I "cfp.exe" "process33.txt">nul && echo. Comodo Firewall cfp.exe>>prelimcheckup.txt

FIND /V /I "cfp.exe" "process33.txt">process34.txt

FIND /I "PF6.exe" "process34.txt">nul && echo. Privatefirewall 6.1 PF6.exe>>prelimcheckup.txt

FIND /V /I "PF6.exe" "process34.txt">process35.txt

FIND /I "pfsvc.exe" "process35.txt">nul && echo. Privatefirewall 6.1 pfsvc.exe >>prelimcheckup.txt

FIND /V /I "pfsvc.exe" "process35.txt">process36.txt

 

FIND /I "virus" "process36.txt" >prelimproccheck.txt

FIND /V /I "virus" "process36.txt" >process37.txt

FIND /I "ESET" "process37.txt" >>prelimproccheck.txt

FIND /V /I "ESET" "process37.txt" >process38.txt

FIND /I "mal" "process38.txt" >>prelimproccheck.txt

FIND /V /I "mal" "process38.txt" >process39.txt

FIND /I "firewall" "process39.txt" >>prelimproccheck.txt

FIND /V /I "firewall" "process39.txt" >process40.txt

FIND /I "defend" "process40.txt" >>prelimproccheck.txt

FIND /I "online" "process40.txt" >>prelimproccheck.txt

FIND /I "avast" "process40.txt" >>prelimproccheck.txt

FIND /I "Kaspersky" "process40.txt" >>prelimproccheck.txt

FIND /I "patrol" "process40.txt" >>prelimproccheck.txt

FIND /I "threat" "process40.txt" >>prelimproccheck.txt

FIND /I "ZoneAlarm" "process40.txt" >>prelimproccheck.txt

FIND /I "etrust" "process40.txt" >>prelimproccheck.txt

FIND /I "trend" "process40.txt" >>prelimproccheck.txt

FIND /I "iolo" "process40.txt" >>prelimproccheck.txt

FIND /I "msseces.exe" "process40.txt" >nul && echo. Microsoft Security Essentials msseces.exe>>prelimcheckup.txt

@FOR /F "eol=- tokens=3-5* delims=\" %%w in (prelimproccheck.txt) do @echo. %%w %%x %%y %%z>>prelimcheckup.txt

 

FIND /V /I "horse" "prelimcheckup.txt" >"notcheckup.txt"

FIND /V /I "oblivion" "notcheckup.txt" >"notcheckup2.txt"

FIND /V /I "Uniblue" "notcheckup2.txt" >"notcheckup3.txt"

FIND /V /I "Fujitsu" "notcheckup3.txt" >"notcheckup4.txt"

FIND /V /I "CreativeSetup" "notcheckup4.txt" >"notcheckup5.txt"

FIND /V /I "Booster" "notcheckup5.txt" >"notcheckup6.txt"

FIND /V /I "scannercopy" "notcheckup6.txt" >"notcheckup7.txt"

FIND /V /I "Ghostscript" "notcheckup7.txt" >"notcheckup8.txt"

FIND /V /I "Microsoft Office" "notcheckup8.txt" >"notcheckup9.txt"

FIND /V /I "clock" "notcheckup9.txt" >"notcheckup10.txt"

FIND /V /I "gigalarm" "notcheckup10.txt" >"notcheckup11.txt"

FIND /V /I "Recorder" "notcheckup11.txt" >"notcheckup12.txt"

FIND /V /I "dell" "notcheckup12.txt" >"notcheckup13.txt"

FIND /V /I "GameSpy" "notcheckup13.txt" >"notcheckup14.txt"

FIND /V /I "Photo" "notcheckup14.txt" >"notcheckup15.txt"

FIND /V /I "UltraISO" "notcheckup15.txt" >"notcheckup16.txt"

FIND /V /I "Acer" "notcheckup16.txt" >"notcheckup17.txt"

FIND /V /I "TRENDnet" "notcheckup17.txt" >"notcheckup18.txt"

FIND /V /I "Nero" "notcheckup18.txt" >"notcheckup19.txt"

FIND /V /I "LinkScanner" "notcheckup19.txt" >"notcheckup20.txt"

FIND /V /I "iesetup" "notcheckup20.txt" >"notcheckup21.txt"

FIND /V /I "Course" "notcheckup21.txt" >"notcheckup22.txt"

FIND /V /I "Picture" "notcheckup22.txt" >"notcheckup23.txt"

FIND /V /I "CS4" "notcheckup23.txt" >"notcheckup24.txt"

FIND /V /I "OneCare Safety Scanner" "notcheckup24.txt" >"notcheckup25.txt"

FIND /V /I "Java Auto Updater" "notcheckup25.txt" >"notcheckup26.txt"

 

@FOR /F "eol=- tokens=* delims=" %%t in (notcheckup26.txt) do @echo %%t >>prelimcheckup2.txt

 

 

 

cls

echo.

echo.

echo.

echo.

echo.

echo.

echo.

echo. ``Process Check Done!``

 

"%cd%\Other\nircmdc.exe" wait 3000

 

cls

echo.

echo.

echo.

echo.

echo.

echo.

echo.

echo. Results have been copied to checkup.txt, which should open... now!

 

echo.``````````End of Log```````````` >>prelimcheckup2.txt

 

"%cd%\Other\sed.exe" "$!N;/^\(.*\)\n\1$/!P;D" prelimcheckup2.txt>checkup.txt

 

:preend

 

if exist "%programfiles%\Notepad++\notepad++.exe" (

"%programfiles%\Notepad++\notepad++.exe" checkup.txt

) else (

NOTEPAD checkup.txt

)

 

:finalcleanup

@if exist "install.txt" del "*.txt"

:end

[lance_yien]

Bonjour,

 

- Ta machine est infectée et tu as des restes de programmes (Avast entre autres) qui peuvent interférer avec les utilitaires et/ ou créer des problèmes de compatibilité.

En plus visiblement tu n'as pas lu et appliqué les notes dans mon introduction "Très important!" où il est demandé (en rouge) d'enregistrer et lancer les utilitaires sur et depuis le Bureau.

Telle est une explication du problème avec ComboFix.

Aussi je te demande de relire tranquillement cette introduction et appliquer tout ce qui y est demandé. Ton système est fragilisé et le moindre problème peut causer des dégâts.

N'utilise aucun programme autre que je t'indiquerai, tu aura le temps de faire tous les contrôles que tu veux une fois qu'on a fini ensemble.

 

- "tdss killer dit infection not found, donc il a rien trouvé ?": Poste quand même son rapport stp, il y a d'autres informations importantes pour nous pour déceler les éventuels problèmes.

 

- "... et firefox avait disparu remplacé par IE pas bien ça": il ne peut pas être désinstallé, c'est quoi le problème exact?

 

- "donc je vais continuer avec security check...": Là aussi il y a eu un gros problème, relance-le après l'avoir déplacé sur le Bureau (si nécessaire) et colle son rapport stp.

--

 

Après avoir posté les rapports de TDSSKiller et Security Check, imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau OTL (par OldTimer) depuis ici ou ici.

Fermer toutes les applications et fenêtres ouvertes et double-cliquer sur OTL.exe (Vista/ Windows7, cliquer-droit dessus => Exécuter en tant qu'Admin).

Copiez/ Collez ces lignes (commençant par netsvcs) dans l'espace sous "Personnalisation":

netsvcs

drivers32

%SYSTEMDRIVE%\*.*

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

CREATERESTOREPOINT

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Sans rien changer, cliquer sur le bouton bleu Analyse et laisser faire.

A la fin du scan, 2 rapports seront créés: OTL.txt (qui s'ouvre dans le bloc-note) et Extras.txt (qui sera minimisé dans la Barre des tâches).

 

Copier/ Coller le contenu de chaque rapport, un seul par message parce qu'ils sont souvent très longs et dépassent la limite autorisée par le forum.

 

 

Rapports demandés:

• OTL.txt
• Extras.txt

[gaspar]

bonjour lance, désolé pour sur et sous le bureau, j'avais pas bien compris, pour combofix et firefox c'est pas grave, merci à toi

 

2011/02/22 10:15:55.0280 4260 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08

2011/02/22 10:15:55.0757 4260 ================================================================================

2011/02/22 10:15:55.0757 4260 SystemInfo:

2011/02/22 10:15:55.0757 4260

2011/02/22 10:15:55.0757 4260 OS Version: 6.0.6000 ServicePack: 0.0

2011/02/22 10:15:55.0757 4260 Product type: Workstation

2011/02/22 10:15:55.0757 4260 ComputerName: PC-DE-HENRI

2011/02/22 10:15:55.0757 4260 UserName: Henri

2011/02/22 10:15:55.0757 4260 Windows directory: C:\Windows

2011/02/22 10:15:55.0757 4260 System windows directory: C:\Windows

2011/02/22 10:15:55.0757 4260 Processor architecture: Intel x86

2011/02/22 10:15:55.0757 4260 Number of processors: 2

2011/02/22 10:15:55.0757 4260 Page size: 0x1000

2011/02/22 10:15:55.0757 4260 Boot type: Normal boot

2011/02/22 10:15:55.0757 4260 ================================================================================

2011/02/22 10:15:56.0398 4260 Initialize success

2011/02/22 10:16:00.0708 4464 ================================================================================

2011/02/22 10:16:00.0708 4464 Scan started

2011/02/22 10:16:00.0708 4464 Mode: Manual;

2011/02/22 10:16:00.0708 4464 ================================================================================

2011/02/22 10:16:03.0365 4464 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys

2011/02/22 10:16:03.0590 4464 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/02/22 10:16:03.0841 4464 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/02/22 10:16:04.0110 4464 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/02/22 10:16:04.0214 4464 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/02/22 10:16:04.0514 4464 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys

2011/02/22 10:16:04.0863 4464 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

2011/02/22 10:16:05.0254 4464 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2011/02/22 10:16:05.0390 4464 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/02/22 10:16:05.0458 4464 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2011/02/22 10:16:05.0684 4464 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2011/02/22 10:16:05.0922 4464 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2011/02/22 10:16:06.0059 4464 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/02/22 10:16:06.0177 4464 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/02/22 10:16:06.0529 4464 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/02/22 10:16:06.0759 4464 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/02/22 10:16:07.0020 4464 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys

2011/02/22 10:16:07.0367 4464 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys

2011/02/22 10:16:07.0677 4464 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys

2011/02/22 10:16:07.0891 4464 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys

2011/02/22 10:16:08.0194 4464 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys

2011/02/22 10:16:08.0453 4464 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/02/22 10:16:08.0708 4464 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys

2011/02/22 10:16:09.0063 4464 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys

2011/02/22 10:16:09.0794 4464 atikmdag (8ce91545423a431353869ed5ade90ece) C:\Windows\system32\DRIVERS\atikmdag.sys

2011/02/22 10:16:10.0304 4464 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys

2011/02/22 10:16:11.0076 4464 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys

2011/02/22 10:16:11.0373 4464 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/02/22 10:16:11.0635 4464 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/02/22 10:16:11.0935 4464 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/02/22 10:16:12.0209 4464 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/02/22 10:16:12.0482 4464 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/02/22 10:16:12.0756 4464 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/02/22 10:16:13.0082 4464 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/02/22 10:16:13.0410 4464 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys

2011/02/22 10:16:13.0598 4464 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys

2011/02/22 10:16:13.0846 4464 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\DRIVERS\circlass.sys

2011/02/22 10:16:14.0096 4464 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys

2011/02/22 10:16:14.0407 4464 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/02/22 10:16:14.0709 4464 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2011/02/22 10:16:14.0964 4464 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/02/22 10:16:15.0212 4464 CplIR (c3156b712e3873aad354f1696b2b2925) C:\Windows\system32\DRIVERS\CplIR.SYS

2011/02/22 10:16:15.0431 4464 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/02/22 10:16:15.0685 4464 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/02/22 10:16:16.0036 4464 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys

2011/02/22 10:16:16.0491 4464 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys

2011/02/22 10:16:16.0812 4464 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys

2011/02/22 10:16:17.0118 4464 DXGKrnl (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys

2011/02/22 10:16:17.0411 4464 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/02/22 10:16:17.0803 4464 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys

2011/02/22 10:16:18.0125 4464 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/02/22 10:16:18.0542 4464 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys

2011/02/22 10:16:18.0776 4464 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/02/22 10:16:19.0104 4464 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys

2011/02/22 10:16:19.0410 4464 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys

2011/02/22 10:16:19.0652 4464 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/02/22 10:16:19.0990 4464 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys

2011/02/22 10:16:20.0393 4464 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys

2011/02/22 10:16:20.0674 4464 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/02/22 10:16:21.0011 4464 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2011/02/22 10:16:21.0359 4464 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/02/22 10:16:21.0400 4464 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/02/22 10:16:21.0694 4464 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/02/22 10:16:21.0979 4464 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\DRIVERS\hidir.sys

2011/02/22 10:16:22.0260 4464 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys

2011/02/22 10:16:22.0343 4464 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/02/22 10:16:22.0731 4464 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys

2011/02/22 10:16:23.0066 4464 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/02/22 10:16:23.0477 4464 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/02/22 10:16:23.0785 4464 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys

2011/02/22 10:16:24.0096 4464 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/02/22 10:16:24.0465 4464 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/02/22 10:16:25.0018 4464 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys

2011/02/22 10:16:25.0311 4464 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys

2011/02/22 10:16:25.0498 4464 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys

2011/02/22 10:16:25.0752 4464 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/02/22 10:16:26.0115 4464 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/02/22 10:16:26.0218 4464 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys

2011/02/22 10:16:26.0473 4464 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys

2011/02/22 10:16:26.0662 4464 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2011/02/22 10:16:26.0731 4464 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/02/22 10:16:26.0987 4464 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/02/22 10:16:27.0135 4464 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/02/22 10:16:27.0240 4464 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/02/22 10:16:27.0534 4464 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/02/22 10:16:27.0903 4464 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys

2011/02/22 10:16:28.0218 4464 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys

2011/02/22 10:16:28.0528 4464 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys

2011/02/22 10:16:28.0838 4464 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys

2011/02/22 10:16:29.0191 4464 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys

2011/02/22 10:16:29.0499 4464 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/02/22 10:16:29.0721 4464 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/02/22 10:16:30.0063 4464 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/02/22 10:16:30.0370 4464 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys

2011/02/22 10:16:30.0659 4464 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/02/22 10:16:30.0932 4464 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys

2011/02/22 10:16:31.0090 4464 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys

2011/02/22 10:16:31.0221 4464 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys

2011/02/22 10:16:31.0446 4464 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys

2011/02/22 10:16:31.0686 4464 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys

2011/02/22 10:16:32.0012 4464 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/02/22 10:16:32.0297 4464 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys

2011/02/22 10:16:32.0467 4464 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/02/22 10:16:32.0602 4464 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys

2011/02/22 10:16:32.0845 4464 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/02/22 10:16:32.0918 4464 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/02/22 10:16:33.0223 4464 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/02/22 10:16:33.0439 4464 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2011/02/22 10:16:33.0745 4464 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/02/22 10:16:33.0939 4464 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys

2011/02/22 10:16:34.0030 4464 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys

2011/02/22 10:16:34.0326 4464 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys

2011/02/22 10:16:34.0520 4464 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/02/22 10:16:34.0575 4464 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys

2011/02/22 10:16:34.0877 4464 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys

2011/02/22 10:16:35.0103 4464 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/02/22 10:16:35.0151 4464 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys

2011/02/22 10:16:35.0379 4464 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys

2011/02/22 10:16:35.0656 4464 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys

2011/02/22 10:16:35.0958 4464 NDIS (fffe00134c554e113ee186eeddb0ff30) C:\Windows\system32\drivers\ndis.sys

2011/02/22 10:16:36.0239 4464 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/02/22 10:16:36.0443 4464 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/02/22 10:16:36.0532 4464 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/02/22 10:16:36.0848 4464 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys

2011/02/22 10:16:37.0014 4464 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys

2011/02/22 10:16:37.0355 4464 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys

2011/02/22 10:16:38.0069 4464 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys

2011/02/22 10:16:38.0704 4464 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys

2011/02/22 10:16:39.0062 4464 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/02/22 10:16:39.0213 4464 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys

2011/02/22 10:16:39.0271 4464 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys

2011/02/22 10:16:39.0487 4464 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys

2011/02/22 10:16:39.0801 4464 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/02/22 10:16:40.0059 4464 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys

2011/02/22 10:16:40.0350 4464 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/02/22 10:16:40.0649 4464 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/02/22 10:16:40.0901 4464 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2011/02/22 10:16:41.0387 4464 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/02/22 10:16:41.0717 4464 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/02/22 10:16:42.0050 4464 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys

2011/02/22 10:16:42.0245 4464 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/02/22 10:16:42.0529 4464 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\Windows\system32\drivers\pavboot.sys

2011/02/22 10:16:42.0737 4464 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys

2011/02/22 10:16:42.0858 4464 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

2011/02/22 10:16:43.0046 4464 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys

2011/02/22 10:16:43.0247 4464 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/02/22 10:16:43.0422 4464 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys

2011/02/22 10:16:43.0512 4464 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/02/22 10:16:43.0814 4464 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys

2011/02/22 10:16:43.0932 4464 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

2011/02/22 10:16:44.0025 4464 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/02/22 10:16:44.0148 4464 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/02/22 10:16:44.0200 4464 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys

2011/02/22 10:16:44.0242 4464 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys

2011/02/22 10:16:44.0591 4464 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/02/22 10:16:44.0780 4464 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/02/22 10:16:44.0871 4464 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys

2011/02/22 10:16:45.0026 4464 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/02/22 10:16:45.0081 4464 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2011/02/22 10:16:45.0377 4464 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys

2011/02/22 10:16:45.0491 4464 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys

2011/02/22 10:16:45.0741 4464 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys

2011/02/22 10:16:46.0020 4464 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys

2011/02/22 10:16:46.0374 4464 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/02/22 10:16:46.0442 4464 sdbus (bcca63a3d143938273a3158757389dc7) C:\Windows\system32\DRIVERS\sdbus.sys

2011/02/22 10:16:46.0702 4464 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/02/22 10:16:46.0943 4464 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys

2011/02/22 10:16:47.0202 4464 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/02/22 10:16:47.0458 4464 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\DRIVERS\sermouse.sys

2011/02/22 10:16:47.0555 4464 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

2011/02/22 10:16:47.0836 4464 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

2011/02/22 10:16:48.0064 4464 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

2011/02/22 10:16:48.0268 4464 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/02/22 10:16:48.0621 4464 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2011/02/22 10:16:48.0691 4464 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/02/22 10:16:48.0991 4464 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/02/22 10:16:49.0266 4464 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys

2011/02/22 10:16:49.0488 4464 snapman (bcc773872041aa59bc9a6cf770fb32e2) C:\Windows\system32\DRIVERS\snapman.sys

2011/02/22 10:16:49.0751 4464 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys

2011/02/22 10:16:49.0989 4464 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys

2011/02/22 10:16:50.0252 4464 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys

2011/02/22 10:16:50.0434 4464 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys

2011/02/22 10:16:50.0550 4464 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys

2011/02/22 10:16:50.0787 4464 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/02/22 10:16:51.0036 4464 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/02/22 10:16:51.0295 4464 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/02/22 10:16:51.0546 4464 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys

2011/02/22 10:16:51.0780 4464 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys

2011/02/22 10:16:52.0009 4464 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys

2011/02/22 10:16:52.0267 4464 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

2011/02/22 10:16:52.0446 4464 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys

2011/02/22 10:16:52.0616 4464 tdrpman (603d59923828c6c213b84b14cbf32083) C:\Windows\system32\DRIVERS\tdrpman.sys

2011/02/22 10:16:52.0815 4464 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys

2011/02/22 10:16:52.0869 4464 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys

2011/02/22 10:16:53.0069 4464 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys

2011/02/22 10:16:53.0314 4464 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys

2011/02/22 10:16:53.0507 4464 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys

2011/02/22 10:16:53.0659 4464 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys

2011/02/22 10:16:53.0958 4464 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys

2011/02/22 10:16:54.0187 4464 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys

2011/02/22 10:16:54.0424 4464 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/02/22 10:16:54.0664 4464 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys

2011/02/22 10:16:54.0718 4464 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys

2011/02/22 10:16:54.0940 4464 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

2011/02/22 10:16:55.0166 4464 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/02/22 10:16:55.0252 4464 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys

2011/02/22 10:16:55.0494 4464 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2011/02/22 10:16:55.0550 4464 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/02/22 10:16:55.0709 4464 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/02/22 10:16:55.0831 4464 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/02/22 10:16:55.0905 4464 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys

2011/02/22 10:16:56.0140 4464 usbccgp (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/02/22 10:16:56.0249 4464 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/02/22 10:16:56.0471 4464 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys

2011/02/22 10:16:56.0741 4464 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys

2011/02/22 10:16:56.0942 4464 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/02/22 10:16:56.0984 4464 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys

2011/02/22 10:16:57.0166 4464 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys

2011/02/22 10:16:57.0460 4464 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/02/22 10:16:57.0695 4464 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/02/22 10:16:58.0008 4464 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

2011/02/22 10:16:58.0209 4464 UVCFTR (3b929a72aaea96dc0150d3a6da268c89) C:\Windows\system32\Drivers\UVCFTR_S.SYS

2011/02/22 10:16:58.0440 4464 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/02/22 10:16:58.0595 4464 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys

2011/02/22 10:16:58.0731 4464 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2011/02/22 10:16:58.0938 4464 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/02/22 10:16:59.0156 4464 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2011/02/22 10:16:59.0428 4464 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys

2011/02/22 10:16:59.0591 4464 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys

2011/02/22 10:16:59.0752 4464 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys

2011/02/22 10:17:00.0032 4464 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/02/22 10:17:00.0330 4464 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/02/22 10:17:00.0538 4464 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/02/22 10:17:00.0553 4464 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys

2011/02/22 10:17:00.0691 4464 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/02/22 10:17:01.0282 4464 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys

2011/02/22 10:17:01.0505 4464 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

2011/02/22 10:17:01.0645 4464 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/02/22 10:17:01.0853 4464 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys

2011/02/22 10:17:02.0048 4464 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/02/22 10:17:02.0159 4464 ================================================================================

2011/02/22 10:17:02.0159 4464 Scan finished

2011/02/22 10:17:02.0159 4464 ================================================================================

[gaspar]

otl j'ai pas pu exécuteer comme admin, coller sur le bureau, et sous personnalisation y a rien, voici rapport sous bloc note, merci lance

 

OTL logfile created on: 22/02/2011 10:26:22 - Run 1

OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Henri\Downloads

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 28,00% Memory free

10,00 Gb Paging File | 8,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): c:\pagefile.sys 0 0e:\pagefile.sys 6000 8000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,21 Gb Total Space | 58,41 Gb Free Space | 50,26% Space Free | Partition Type: NTFS

Drive E: | 115,21 Gb Total Space | 76,12 Gb Free Space | 66,07% Space Free | Partition Type: NTFS

 

Computer Name: PC-DE-HENRI | User Name: Henri | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/02/22 10:21:47 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Henri\Downloads\OTL.exe

PRC - [2011/02/21 11:09:14 | 001,372,248 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Henri\Desktop\tdsskiller\TDSSKiller.exe

PRC - [2011/01/21 15:19:38 | 000,053,104 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe

PRC - [2011/01/21 15:19:38 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

PRC - [2011/01/04 19:36:04 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe

PRC - [2011/01/04 19:36:03 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe

PRC - [2010/12/03 20:50:47 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/12/03 20:50:47 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe

PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/04/19 22:21:56 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/10/29 15:21:54 | 000,095,624 | ---- | M] (Toshiba Europe GmbH) -- C:\Program Files\Toshiba TEMPO\TempoSVC.exe

PRC - [2007/10/08 10:19:10 | 000,493,200 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2007/10/07 16:36:58 | 000,904,880 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2007/10/07 16:08:54 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2007/10/07 16:08:40 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2007/10/07 16:01:08 | 002,620,336 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

PRC - [2007/09/19 10:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

PRC - [2007/05/17 16:03:24 | 004,813,312 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

PRC - [2007/04/10 16:40:28 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

PRC - [2007/03/29 09:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

PRC - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [2006/11/14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

PRC - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/02/22 10:21:47 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Users\Henri\Downloads\OTL.exe

MOD - [2007/07/10 15:06:45 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- -- (TOSHIBA Bluetooth Service)

SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)

SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)

SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010/04/16 07:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/02/21 00:52:02 | 000,322,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/02/21 00:52:02 | 000,322,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2007/10/29 15:21:54 | 000,095,624 | ---- | M] (Toshiba Europe GmbH) [Auto | Running] -- C:\Program Files\Toshiba TEMPO\TempoSVC.exe -- (TempoMonitoringService)

SRV - [2007/10/08 10:19:10 | 000,493,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007/10/07 16:08:40 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007/09/19 10:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)

SRV - [2007/07/10 15:08:07 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2007/03/29 09:39:00 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2007/02/12 13:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel®

SRV - [2006/11/14 19:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)

SRV - [2006/10/05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2006/08/23 15:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

SRV - [2006/05/25 18:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2010/09/07 15:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pavboot.sys -- (pavboot)

DRV - [2008/05/16 12:21:35 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2008/05/16 12:21:35 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2008/05/16 12:21:32 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2008/05/16 12:21:15 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)

DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)

DRV - [2007/09/26 12:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Pilote de carte Intel®

DRV - [2007/09/20 17:56:22 | 003,077,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2007/09/05 10:36:26 | 001,953,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/07/26 15:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)

DRV - [2007/04/30 06:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2007/04/16 09:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)

DRV - [2007/03/06 14:01:04 | 000,014,848 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\CplIR.SYS -- (CplIR)

DRV - [2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2007/01/24 13:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)

DRV - [2007/01/18 15:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)

DRV - [2007/01/18 15:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)

DRV - [2006/11/28 08:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Pilote de carte Intel®

DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/11/02 08:30:52 | 000,467,456 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2006/10/23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)

DRV - [2006/10/18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2006/07/28 15:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.selectedEngine: "MyStart Search"

FF - prefs.js..browser.startup.homepage: "http://fr.news.yahoo.com/"

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.67

FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.70

FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=IM3DJUN09FFAB&search="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/02/21 17:14:38 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/21 17:14:34 | 000,000,000 | ---D | M]

 

[2010/09/01 21:25:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henri\AppData\Roaming\mozilla\Extensions

[2010/09/01 21:25:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henri\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011/02/22 10:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henri\AppData\Roaming\mozilla\Firefox\Profiles\cz563vbu.default\extensions

[2011/01/17 16:14:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Henri\AppData\Roaming\mozilla\Firefox\Profiles\cz563vbu.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011/02/12 16:14:24 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Users\Henri\AppData\Roaming\mozilla\Firefox\Profiles\cz563vbu.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}

[2011/02/12 16:14:26 | 000,000,000 | ---D | M] ("BitDefender QuickScan") -- C:\Users\Henri\AppData\Roaming\mozilla\Firefox\Profiles\cz563vbu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2010/10/24 22:28:02 | 000,002,137 | ---- | M] () -- C:\Users\Henri\AppData\Roaming\Mozilla\Firefox\Profiles\cz563vbu.default\searchplugins\MyStart Search.xml

[2011/02/21 17:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2010/12/03 19:04:57 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2010/12/03 19:04:57 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2010/12/03 19:04:57 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2010/12/03 19:04:57 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2010/12/03 19:04:57 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

 

O1 HOSTS File: ([2011/02/21 16:39:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [avast5] File not found

O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O9 - Extra Button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found

O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (Reg Error: Key error.)

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://ma-config.com/activex/hardwaredetection_3_1_1_0.cab (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\Web Components\11\OWC11.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Henri\Pictures\Picasa\Arrière-plans\picasabackground-37.bmp

O24 - Desktop BackupWallPaper: C:\Users\Henri\Pictures\Picasa\Arrière-plans\picasabackground-37.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/02/21 16:49:09 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Local\temp

[2011/02/21 16:47:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/02/21 16:47:08 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN

[2011/02/21 16:20:08 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO

[2011/02/21 16:20:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/02/21 16:20:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/02/21 16:20:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/02/21 16:20:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/02/21 16:19:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/02/21 16:03:14 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/02/21 16:03:14 | 000,000,000 | ---D | C] -- \Config.Msi

[2011/02/21 15:59:38 | 000,000,000 | ---D | C] -- C:\Users\Henri\Desktop\tdsskiller

[2011/02/21 15:57:54 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/02/21 15:57:54 | 000,000,000 | ---D | C] -- \Qoobox

[2011/02/21 12:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic.France

[2011/02/21 12:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo

[2011/02/21 12:07:31 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll

[2011/02/21 11:39:31 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Roaming\Uniblue

[2011/02/21 11:39:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}

[2011/02/21 11:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue

[2011/02/21 11:38:42 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Local\PackageAware

[2011/02/20 23:33:29 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys

[2011/02/20 23:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security

[2011/02/20 21:05:58 | 000,000,000 | ---D | C] -- C:\Users\Henri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2011/02/18 23:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPitstop

[2011/02/18 23:25:26 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo

[2011/02/18 21:59:57 | 000,000,000 | ---D | C] -- C:\Users\Henri\Desktop\procexp

[2011/02/18 21:57:55 | 000,000,000 | ---D | C] -- C:\Users\Henri\Desktop\ProcessExplorer-1

[2011/02/18 21:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer

[2011/02/18 21:41:45 | 000,000,000 | ---D | C] -- C:\Program Files\System Explorer

[2011/02/18 21:34:03 | 000,000,000 | ---D | C] -- C:\Users\Henri\Desktop\ProcessExplorer

[2011/02/18 17:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover

[2011/02/18 16:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPFix

[2011/02/18 15:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag

[2011/02/15 16:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[2011/02/15 16:04:09 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2011/02/15 16:04:09 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2011/02/15 16:04:09 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2011/02/15 16:04:07 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2011/02/15 16:04:03 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2011/02/15 16:04:00 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2011/02/15 16:04:00 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2011/02/15 16:04:00 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2011/02/15 16:04:00 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/02/22 10:18:01 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/02/22 10:12:43 | 000,734,970 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2011/02/22 10:12:43 | 000,648,362 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/02/22 10:12:43 | 000,131,864 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2011/02/22 10:12:42 | 000,115,272 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/02/22 10:07:33 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/02/22 10:07:32 | 000,003,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/02/22 10:05:53 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/02/22 10:05:49 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job

[2011/02/22 10:05:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/02/21 18:01:59 | 000,127,488 | ---- | M] () -- C:\Users\Henri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/02/21 17:53:34 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{292548E3-D7FD-4F81-9069-F7F0B755792F}.job

[2011/02/21 16:39:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/02/21 15:41:27 | 000,000,499 | ---- | M] () -- C:\Windows\WININIT.INI

[2011/02/21 12:07:31 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll

[2011/02/21 11:39:27 | 000,001,876 | ---- | M] () -- C:\Users\Henri\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk

[2011/02/20 23:13:51 | 000,000,036 | ---- | M] () -- C:\Users\Henri\AppData\Local\housecall.guid.cache

[2011/02/20 20:54:50 | 000,152,154 | ---- | M] () -- C:\Users\Henri\Documents\rappport tonton57.rtf

[2011/02/19 22:42:25 | 000,000,628 | ---- | M] () -- C:\Users\Henri\Desktop\procexp.exe - Raccourci.lnk

[2011/02/18 23:25:27 | 000,001,776 | ---- | M] () -- C:\Users\Henri\Desktop\CrystalDiskInfo.lnk

[2011/02/18 22:07:25 | 000,001,033 | ---- | M] () -- C:\Users\Henri\Desktop\procexp.chm - Raccourci.lnk

[2011/02/18 17:35:24 | 000,001,683 | ---- | M] () -- C:\Users\Henri\Desktop\AD-R.lnk

[2011/02/16 17:44:30 | 000,001,445 | ---- | M] () -- C:\Windows\QUICKEN.INI

[2011/02/15 16:20:09 | 000,364,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011/02/12 22:55:22 | 000,000,010 | RHS- | M] () -- C:\config.sys

[2011/02/04 17:14:53 | 000,935,912 | ---- | M] () -- C:\Users\Henri\Documents\pass sol.jpg

[2011/02/04 16:14:51 | 000,297,596 | ---- | M] () -- C:\Users\Henri\Documents\sol2.jpg

[2011/02/04 16:12:59 | 000,284,156 | ---- | M] () -- C:\Users\Henri\Documents\identité sol1.jpg

[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2011/02/01 12:22:49 | 001,303,713 | ---- | M] () -- C:\Users\Henri\Documents\pass henri 1.jpg

[2011/02/01 12:11:57 | 000,477,162 | ---- | M] () -- C:\Users\Henri\Documents\identité henri2.jpg

[2011/02/01 12:07:27 | 000,426,182 | ---- | M] () -- C:\Users\Henri\Documents\identité henri1.jpg

[2011/01/30 11:50:11 | 000,000,011 | ---- | M] () -- C:\Windows\System32\(null)id

[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/02/22 10:15:55 | 000,061,456 | ---- | C] () -- \TDSSKiller.2.4.18.0_22.02.2011_10.15.55_log.txt

[2011/02/21 16:49:05 | 000,015,072 | ---- | C] () -- \ComboFix.txt

[2011/02/21 16:20:02 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/02/21 16:20:01 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/02/21 16:20:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/02/21 16:20:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/02/21 16:20:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/02/21 16:01:10 | 000,120,976 | ---- | C] () -- \TDSSKiller.2.4.18.0_21.02.2011_16.01.10_log.txt

[2011/02/21 15:59:59 | 000,002,040 | ---- | C] () -- \TDSSKiller.2.4.18.0_21.02.2011_15.59.59_log.txt

[2011/02/21 11:39:33 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job

[2011/02/21 11:39:14 | 000,001,876 | ---- | C] () -- C:\Users\Henri\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk

[2011/02/21 10:49:26 | 000,003,506 | ---- | C] () -- \Ad-Report-CLEAN[3].txt

[2011/02/21 00:08:50 | 000,002,474 | ---- | C] () -- \ActiveScan.txt

[2011/02/20 23:13:51 | 000,000,036 | ---- | C] () -- C:\Users\Henri\AppData\Local\housecall.guid.cache

[2011/02/20 20:54:50 | 000,152,154 | ---- | C] () -- C:\Users\Henri\Documents\rappport tonton57.rtf

[2011/02/19 22:42:25 | 000,000,628 | ---- | C] () -- C:\Users\Henri\Desktop\procexp.exe - Raccourci.lnk

[2011/02/19 21:59:29 | 000,003,506 | ---- | C] () -- \Ad-Report-CLEAN[2].txt

[2011/02/18 23:25:27 | 000,001,776 | ---- | C] () -- C:\Users\Henri\Desktop\CrystalDiskInfo.lnk

[2011/02/18 22:07:25 | 000,001,033 | ---- | C] () -- C:\Users\Henri\Desktop\procexp.chm - Raccourci.lnk

[2011/02/18 17:37:31 | 000,004,183 | ---- | C] () -- \Ad-Report-CLEAN[1].txt

[2011/02/18 17:35:51 | 000,003,860 | ---- | C] () -- \Ad-Report-SCAN[1].txt

[2011/02/18 17:35:24 | 000,001,683 | ---- | C] () -- C:\Users\Henri\Desktop\AD-R.lnk

[2011/02/16 17:48:26 | 000,233,984 | ---- | C] () -- C:\Users\Henri\Documents\PC_Hissing_Computer.pps

[2011/02/04 17:14:52 | 000,935,912 | ---- | C] () -- C:\Users\Henri\Documents\pass sol.jpg

[2011/02/04 16:14:50 | 000,297,596 | ---- | C] () -- C:\Users\Henri\Documents\sol2.jpg

[2011/02/04 16:12:57 | 000,284,156 | ---- | C] () -- C:\Users\Henri\Documents\identité sol1.jpg

[2011/02/01 12:22:47 | 001,303,713 | ---- | C] () -- C:\Users\Henri\Documents\pass henri 1.jpg

[2011/02/01 12:11:55 | 000,477,162 | ---- | C] () -- C:\Users\Henri\Documents\identité henri2.jpg

[2011/02/01 12:07:24 | 000,426,182 | ---- | C] () -- C:\Users\Henri\Documents\identité henri1.jpg

[2010/11/06 19:16:31 | 000,196,152 | ---- | C] () -- \OUTLOOK.EXE

[2010/08/26 14:23:13 | 000,000,106 | ---- | C] () -- C:\Windows\Ra2Wav1_P2.INI

[2010/04/20 19:48:38 | 000,000,702 | ---- | C] () -- \log_fs.log

[2009/12/27 18:43:17 | 000,000,162 | ---- | C] () -- C:\Users\Henri\AppData\Roaming\default.rss

[2009/12/27 18:36:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009/07/15 15:37:59 | 001,418,738 | ---- | C] () -- \2.PAK

[2009/07/15 15:37:59 | 000,698,215 | ---- | C] () -- \1.PAK

[2009/07/15 15:37:59 | 000,224,152 | ---- | C] () -- \MEGA.MVF

[2009/07/15 15:37:59 | 000,056,034 | ---- | C] () -- \BB6.VOC

[2009/07/15 15:37:59 | 000,056,034 | ---- | C] () -- \BB5.VOC

[2009/07/15 15:37:59 | 000,055,512 | ---- | C] () -- \BB.CC1

[2009/07/15 15:37:59 | 000,022,841 | ---- | C] () -- \INFO.CC1

[2009/07/15 15:37:59 | 000,012,800 | ---- | C] () -- \CACHE.BIN

[2009/07/15 15:37:59 | 000,004,813 | ---- | C] () -- \BAL.ADD

[2009/07/15 15:37:59 | 000,003,616 | ---- | C] () -- \BELLE.COM

[2009/07/15 15:37:59 | 000,000,741 | ---- | C] () -- \BALBUZ.ADD

[2009/07/15 15:37:59 | 000,000,328 | ---- | C] () -- \INFO.TAT

[2009/07/15 15:37:59 | 000,000,014 | ---- | C] () -- \SCENARIO

[2009/06/02 17:26:45 | 000,010,748 | ---- | C] () -- \aaw7boot.log

[2008/12/25 20:39:44 | 000,000,499 | ---- | C] () -- C:\Windows\WININIT.INI

[2008/12/25 13:19:53 | 000,066,772 | ---- | C] () -- \Sauve1.QSD

[2008/12/25 13:19:53 | 000,015,360 | ---- | C] () -- \Sauve1.QEL

[2008/11/27 11:34:12 | 000,000,093 | ---- | C] () -- C:\Users\Henri\AppData\Local\fusioncache.dat

[2008/09/06 22:28:48 | 000,000,680 | ---- | C] () -- C:\Users\Henri\AppData\Local\d3d9caps.dat

[2008/07/15 20:56:54 | 000,004,592 | ---- | C] () -- C:\Windows\System32\MXWIN32.DLL

[2008/06/19 18:01:25 | 000,000,156 | ---- | C] () -- C:\Windows\isp.ini

[2008/06/19 18:01:16 | 000,000,023 | ---- | C] () -- C:\Windows\QTW.INI

[2008/06/14 21:51:28 | 000,716,761 | ---- | C] () -- \bin laden (4).exe

[2008/05/24 18:21:41 | 000,000,022 | ---- | C] () -- C:\Windows\stowaway.ini

[2008/05/24 18:18:01 | 000,000,022 | ---- | C] () -- C:\Windows\Napoleon.ini

[2008/05/24 18:16:59 | 000,000,117 | ---- | C] () -- C:\Windows\asym.ini

[2008/05/24 17:58:06 | 000,000,131 | ---- | C] () -- C:\Windows\chess.ini

[2008/05/24 17:46:36 | 000,000,000 | ---- | C] () -- C:\Windows\TLCAPPS.INI

[2008/05/16 13:15:51 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI

[2008/05/01 16:08:55 | 000,026,340 | ---- | C] () -- C:\Users\Henri\AppData\Roaming\UserTile.png

[2008/04/27 18:10:54 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\caeaafe_z.dll

[2008/04/24 21:58:49 | 000,000,059 | ---- | C] () -- C:\Windows\INTUIT.INI

[2008/04/21 20:05:15 | 000,073,728 | ---- | C] () -- C:\Windows\System32\Q_ENCLIB.DLL

[2008/04/21 20:05:15 | 000,040,960 | ---- | C] () -- C:\Windows\System32\Q_ENCUTL.DLL

[2008/04/21 12:07:45 | 000,127,488 | ---- | C] () -- C:\Users\Henri\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/04/20 17:34:33 | 000,001,445 | ---- | C] () -- C:\Windows\QUICKEN.INI

[2008/04/20 17:13:42 | 000,114,688 | -H-- | C] () -- \ffastun.ffo

[2008/04/20 17:13:42 | 000,005,435 | -HS- | C] () -- \ffastun.ffa

[2008/04/20 17:13:41 | 005,218,304 | -HS- | C] () -- \ffastun0.ffx

[2008/04/20 17:11:26 | 000,237,568 | -HS- | C] () -- \ffastun.ffl

[2008/04/20 16:44:14 | 000,000,957 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2008/04/20 16:44:14 | 000,000,854 | ---- | C] () -- C:\Windows\ODBC.INI

[2008/04/20 16:40:40 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS

[2008/04/20 16:40:40 | 000,000,000 | RHS- | C] () -- \IO.SYS

[2008/04/19 19:42:22 | 2459,762,688 | -HS- | C] () --

[2007/10/15 18:53:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007/10/15 18:48:10 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini

[2007/10/15 18:48:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll

[2007/10/15 18:48:10 | 000,010,162 | ---- | C] () -- C:\Windows\System32\tosmreg.ini

[2007/10/15 18:48:10 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini

[2007/07/10 15:49:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll

[2007/07/10 15:49:47 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll

[2007/07/10 15:49:47 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll

[2007/07/10 15:49:47 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll

[2007/07/10 15:49:47 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll

[2007/07/10 15:49:47 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll

[2007/07/10 15:35:43 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll

[2007/04/18 07:38:57 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI

[2007/04/18 06:03:07 | 000,438,840 | RHS- | C] () -- \bootmgr

[2006/12/05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 11:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat

[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 07:25:08 | 000,000,010 | RHS- | C] () -- \config.sys

[2005/11/23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll

[2005/07/22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

[2004/02/20 21:36:34 | 000,416,256 | ---- | C] () -- C:\Windows\exchndl.dll

[2002/03/21 11:51:52 | 000,503,808 | R--- | C] () -- C:\Windows\System32\lt_xtrans.dll

[2002/03/21 11:51:52 | 000,286,720 | R--- | C] () -- C:\Windows\System32\MrSIDD.dll

[2002/03/21 11:51:52 | 000,163,840 | R--- | C] () -- C:\Windows\System32\lt_common.dll

[2002/03/21 11:51:52 | 000,126,976 | R--- | C] () -- C:\Windows\System32\lt_trans.dll

[2002/03/21 11:51:52 | 000,069,632 | R--- | C] () -- C:\Windows\System32\lt_meta.dll

[2002/03/21 11:51:52 | 000,053,248 | R--- | C] () -- C:\Windows\System32\lt_encrypt.dll

[2002/03/21 11:51:52 | 000,020,480 | R--- | C] () -- C:\Windows\System32\lt_messagetext.dll

[2002/03/20 20:01:06 | 000,006,688 | R--- | C] () -- C:\Windows\System32\Digita.sys

[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportUSB.dll

[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportSerial.dll

[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrDA.dll

[2002/03/20 20:00:20 | 000,049,152 | R--- | C] () -- C:\Windows\System32\TransportIrCOMM.dll

[1998/09/14 20:43:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TWAIN32d.dll

[1996/12/16 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\ODBCSTF.DLL

[1996/12/16 23:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL

[1996/12/16 23:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D1B5B4F1

 

< End of report >

[gaspar]

suite otl par barre des tâches

 

OTL Extras logfile created on: 22/02/2011 10:26:22 - Run 1

OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Henri\Downloads

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 28,00% Memory free

10,00 Gb Paging File | 8,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): c:\pagefile.sys 0 0e:\pagefile.sys 6000 8000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,21 Gb Total Space | 58,41 Gb Free Space | 50,26% Space Free | Partition Type: NTFS

Drive E: | 115,21 Gb Total Space | 76,12 Gb Free Space | 66,07% Space Free | Partition Type: NTFS

 

Computer Name: PC-DE-HENRI | User Name: Henri | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2225186546-478183646-4290705749-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 3

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05C2BB99-181B-4C15-A053-1099DBF1150F}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{0A8CCC7A-ACD4-4E41-A25D-42C64FF3EF7A}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{13715F38-A75C-42E3-97C8-E25A2BB37FAB}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{198FEB27-9B34-46B0-809E-DF833D7E5EAC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{2667C59D-8256-4E82-97F8-79F65020B3B8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{39564546-EB96-4850-8C3B-23F5733B3D2E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{423C1C45-1E64-4E73-A37C-47CAFB5A79C0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{4604D1A0-A565-4C94-BB35-A0EED3C01AEF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{46FBAB56-721B-416F-B720-DD47F5E58B83}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{4F3E5365-4BB0-4192-888D-A88DED9E693C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{54DCDF02-0AC0-4789-B533-A7566FF67762}" = lport=3 | protocol=6 | dir=in | name=navirad |

"{565513C9-31C0-4353-977A-2BD7F5CF83DF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{5856D6FE-F400-4D1C-8275-E46199A8D2EB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6D6004F5-2787-4F23-9077-4C024359BEC2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{75088F22-783E-4AAF-8728-8F3CC778D61E}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{7E972A78-B06C-4F32-BF0F-E491AD060905}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{7F9BBD3C-2FCA-4449-9A70-3CB9DBD6B97C}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |

"{86EC2D82-3403-420F-97B0-00AEEADD8A62}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{87300302-BDE7-4F2C-8F1E-75A324708A4B}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |

"{87EB6DE8-186B-4FC1-82C3-0B3F5BF2BA1B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{8E0EF65A-A330-4189-B73B-52F5521F3C8A}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{90FF4D56-F8C4-43F8-9512-A60E49019464}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{96FA6E5A-58AC-40EE-87D5-93B91B462FE7}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010\wnt500x86\rpcsandrasrv.exe |

"{97FCF298-FD23-4A9E-9532-78B800560481}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{AF273F81-205F-4001-AE88-DA652B149290}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{B387D9D8-D3CB-4686-A1D2-2C78873FC555}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{B5EEDE5F-87EF-4A9E-8D6F-2EE4BCBBD2CE}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{B813FB8F-1849-4BFF-BC14-6BEE20EF096A}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{BFABB3D6-D40D-4C08-AEC3-CC5B6F0669B5}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{C607FADE-F252-4252-AB68-5F868FE9D4D2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{DC84F6AB-E847-4877-A611-AADB0C05C429}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{DD3CEF26-95DD-4EEF-AFA9-F8A4F54AF1AC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{E15A6DA0-2375-449D-8156-50805B28AA98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EB2E9658-BDB5-4EF6-91F8-0A4442B84B88}" = lport=5 | protocol=6 | dir=in | name=navirad |

"{EBBDDB63-87FA-4A97-984A-130E0093A550}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010\wnt500x86\rpcsandrasrv.exe |

"{ED119FE9-2DAC-4AF3-BC1C-D90D0E2F82CD}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{FAA3BC6D-2BB2-4709-858F-E881B5CA1C12}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02D65AF1-41A9-4BF9-BC8D-7DE6419B4A7C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{032B5ABE-8E64-40B5-8A20-5F61F3A96804}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |

"{059D7749-AD9E-445C-9AB8-AD7EB5E67E6C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{059FF725-25FA-4F0F-9D38-0A93087E2438}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"{0A8A41AC-59DE-4543-A055-3E578D1D7715}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{0AF1D262-1BBC-47D5-B4FA-268420279BDD}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010\wnt500x86\rpcsandrasrv.exe |

"{0CACFB23-13FB-46E5-A958-6C635F8DA1E4}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |

"{0CD532EC-2A22-4524-BD13-39679AA420F4}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{112479BA-E61E-4091-B921-54C4A7523DB1}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |

"{176866FB-B0AA-4DFD-A848-DD36D9AC0742}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{17953C97-3712-4E55-B394-8584B32A7D21}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{1875A37F-D4DA-44CC-B31E-FA179BD43DF6}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{1A179100-3E34-4B99-9762-D29816F39424}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"{1BB81F35-06FC-48CA-A855-B5EE9D6CE5F1}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{2407DDE5-9156-49E3-B9E8-8A8BABF4CDDC}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{2A43B9E2-D119-4AD1-910B-63DDE7CFA6D5}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{2DB791BB-47DC-4405-8E58-48B752549A9D}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{307A1609-7894-470E-966B-D2EF8602B07E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"{32586D5F-0D90-4DE9-AC93-B91635A1E7EA}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{33F04C34-DD16-4896-8F0A-A742CE9FA152}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{38C1010B-8BB8-4014-9FC8-72D98845CC4F}" = protocol=17 | dir=in | app=c:\program files\winbrick2000\brick2k.exe |

"{3984FC02-7D22-4DB0-B413-4DBE0A1B868C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{3B59F7A5-CD75-44BC-A2BA-DDDE33BB37D0}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |

"{406B2E2C-26C2-476E-A293-1D4BA8AFDB03}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{57F4EF7E-6B2D-4C1B-A2F3-DF31919A2268}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{5922E421-EA62-4A7D-AEA5-CDD8484B86A0}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{5C55A501-4FB3-426B-8A4E-AC3ABD80EAAB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{5D104FD6-F034-402B-9AEF-AFEAB8F3CA85}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{5F854C8E-C2F5-4256-9DA6-533D44CD6D6C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{6109A0B4-01BA-4418-84EA-DA200796466A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{622B1FC0-610A-4958-8538-D2741FA7FDBF}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"{62BD33AD-7904-4B4B-858C-19ED3C5AA322}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{645CF95B-8F7A-49D4-847C-2CF026029DDA}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |

"{66EAED64-F2FF-496B-974A-2D7F2EFB04ED}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |

"{7012272C-ED2A-476C-BB7B-2728C47CF109}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{70A8DC07-6562-44CD-AC2C-57E3E93874B3}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{757E0DA2-C933-4694-9ACD-70091BEC8C1B}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{785C2F40-504B-4921-B334-8C44E5C0F8C8}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |

"{79BC4DEA-972A-4E80-A70E-773CF889C86D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{7CF18256-AEB1-4CD2-A009-2CF6041CEC4F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7DB26202-0788-42F2-A054-63F1107D4C89}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |

"{7EEB15A6-848A-4DFE-8294-2CCC9DAFB2E9}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{84C5DB97-3A3D-420E-A334-F114DDC1E7D2}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |

"{894D5C44-D5C2-4B08-84B7-7C817F90B1E0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{97C0D5F7-C28C-4CC8-92FD-5CD96BDD004F}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{9979E2E4-F456-4A97-9BD8-F48509B88B38}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{99B597C7-7212-4EFC-AFC0-23F787D72C4A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{9F94E36A-5E9F-4B82-9294-344D3FD18C91}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |

"{9FADCF84-5A56-46CA-BC2C-BC08861DC958}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |

"{A120499A-18D7-4B6C-B893-8686AE65145C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"{A503F03E-41FD-4B6A-932F-6FD9A5D90E8E}" = protocol=6 | dir=in | app=c:\users\henri\appdata\local\temp\iminstaller\3d_magic_installer.exe |

"{A7CF110E-38B8-4330-B9D8-D71F0AEF7998}" = protocol=17 | dir=in | app=c:\users\henri\appdata\local\temp\iminstaller\3d_magic_installer.exe |

"{AC40A69B-72C6-455C-AA24-91BA4C7CD2C9}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |

"{B4ECDA6B-C5CF-4A14-8D48-727A888DD954}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{B878BE75-48AF-487E-B1E8-57C6155F82CF}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |

"{B9157A76-C000-4362-BDD5-BB08C731A0AE}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |

"{BB387E48-3176-4443-B8C0-044E7024835A}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{BEA13510-76F6-40EF-A9A7-6169C3664445}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |

"{C50EC2BA-3CCF-4282-9034-8ECA8F5EFE55}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010\wnt500x86\rpcsandrasrv.exe |

"{C51A6641-006B-42E0-9218-1E6E7A74ACE9}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{CAB5906B-F2A3-41E7-A18E-2D39A90DFC20}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{CD99B7D1-BC98-4187-9CCD-51A12C36E8B3}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |

"{CEB3539A-439D-4FF2-90C4-970FD418EF94}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{D183C112-D739-4577-B7DF-304583D64B73}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{E4A0FA56-5FBA-45AC-995D-B20E18032EAB}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{F0F898DE-22AD-48AB-A0B4-1B4C4CDF2899}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{F2B2BA10-B418-4A13-9359-3E9D13B45908}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{F4C8ABC7-939A-4AB3-9E49-F62594C25D53}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |

"{F58F9B2D-26AC-4BF0-9495-2A6377FCA5F2}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{F80501F1-BEE0-4135-98A4-4ABDBC2B9A61}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"{FCE58D24-F445-4C91-97CD-F8F303DACE7B}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{FCEEB011-A33C-4539-95EB-19BEDC47469D}" = protocol=6 | dir=in | app=c:\program files\winbrick2000\brick2k.exe |

"TCP Query User{09B3F444-0F08-4085-87A8-9291300C64D7}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"TCP Query User{503DCB47-4154-4684-9DB6-F59E17A1E4D8}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe |

"TCP Query User{513BB227-233B-4C26-BD57-C21924D5BFE8}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |

"TCP Query User{5FBA5720-3821-4072-86C8-811B42F407BC}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"TCP Query User{71EDC7A8-FEF2-4875-B5F2-EC355EDAB8C7}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |

"TCP Query User{8735147C-2DAC-46D7-990B-9E28A2E21A33}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{F75E00C3-67C0-45DC-84A8-D91046A26F1D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{09C9F11C-6895-4FFE-B694-A573B5DAA4AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{2F2EAB98-D4E0-4610-B8DB-F4F4EF56126C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"UDP Query User{37D1A014-6CCE-4D6E-910B-39AA5B804808}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe |

"UDP Query User{569B46DB-914A-457E-956D-9FF07183729E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{84776E06-B8D7-467E-9571-9CE308BA6E94}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |

"UDP Query User{BBA58B60-5C44-45F9-A877-047B4C0620F5}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"UDP Query User{D0AC1166-46B3-43F2-A318-757B28C65C37}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{040D3C87-C028-4213-50C5-7A41C02A84CF}" = CCC Help Dutch

"{0827A30F-B349-4247-C003-1EDEEA3F75A0}" = Catalyst Control Center Localization Finnish

"{0A00AE5F-E08E-787E-48C0-BABE8B1B4C84}" = CCC Help Polish

"{0CA13800-EF17-741F-08BA-53F26908C8A8}" = ccc-utility

"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{14B78489-B0E7-4B36-FFFD-9E6BB1C9B14E}" = Catalyst Control Center Graphics Full New

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter

"{1945916C-660A-F916-3EDE-5E31C17D97EB}" = CCC Help Turkish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2202F1B7-3749-BFCD-6794-18C50307D3CA}" = Catalyst Control Center Graphics Previews Vista

"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding

"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{25E37249-2688-07EA-A892-C4F53EB86B22}" = CCC Help German

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{298BE1F8-4A40-8BE7-BBD9-4C7171389C16}" = Catalyst Control Center Localization Norwegian

"{2D0C679F-6D2E-3DB6-7FAF-8092F94B4FDF}" = CCC Help Chinese Standard

"{2F9C86AE-85C2-B9D4-BF10-59BE20C42914}" = CCC Help Swedish

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{3932745C-7335-6F80-25DB-2ADCED63B287}" = Catalyst Control Center Localization Russian

"{3A6396DC-F35E-1083-5DCB-512BBB723D3B}" = Catalyst Control Center Localization Portuguese

"{3CE3EA90-E186-11B1-17A7-D1C133FBA951}" = CCC Help Russian

"{3D8E04DE-4944-CC6E-77A9-C83666F93EB8}" = Catalyst Control Center Localization French

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{4223EFD6-5466-DE65-D829-1E29626FA757}" = CCC Help Korean

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4478F10E-BB85-C351-A8DD-2D8E26086ECC}" = Catalyst Control Center Localization Swedish

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4ACF5CB8-CADE-42C9-B3D3-B8751A2CDFD6}" = Toshiba TEMPO

"{4E5901EE-4746-88ED-3771-915CCCFB17D2}" = Catalyst Control Center Core Implementation

"{504D6243-D4AE-44E3-991A-380CF2316E16}" = ACDSee 5.0 Standard

"{51A0008E-46AF-2800-9F82-1726ABDEBD31}" = CCC Help Finnish

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}" = IncrediMail

"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{61FB1C6D-6200-5659-0C3C-7ABDAC982442}" = ATI Catalyst Install Manager

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B7F28D4-160E-40C6-B7C8-5EC6B9734DA7}" = Photo Notifier and Animation Creator

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{75ADEFA2-D4FF-4B37-9E93-4306E6AC176B}_is1" = ImgBurn 2.3.2.0 Fr

"{761A0675-6067-9405-E24F-839F3506D0A6}" = Catalyst Control Center Localization Italian

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree

"{7C4C5272-983F-BDC5-1223-03814D4D393E}" = CCC Help French

"{80BBE326-A06D-EB99-C804-DAC994C2CDCE}" = CCC Help English

"{80D23E2E-09A5-C202-DB22-2363D5DF7880}" = Catalyst Control Center Localization Chinese Standard

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{848F3E88-B442-06C0-B0C5-1DB8F1AEFD0C}" = Catalyst Control Center Graphics Full Existing

"{84FC6FDC-D076-BCB0-BC67-891A548AB4CA}" = ccc-core-static

"{85948378-92EB-3B9E-1698-6650A3D2DB91}" = Catalyst Control Center Localization Korean

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{8950A48A-D79E-EA03-2A84-6DADE70931FB}" = CCC Help Thai

"{89AB9D60-9C0D-21CE-0170-B20C220E5855}" = Catalyst Control Center Localization Thai

"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour

"{8CC28EDD-B675-1273-63D2-1603B4F80544}" = CCC Help Portuguese

"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager

"{9085040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003

"{9164E441-F732-5756-A4FB-99BC67A72ECC}" = CCC Help Spanish

"{9725E06F-F21B-7751-F53D-B799EC9CC4D8}" = Catalyst Control Center Localization Hungarian

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B980CB3-A949-350B-C0C3-04BAE888ED16}" = Catalyst Control Center Localization Chinese Traditional

"{9D986E6C-E3FA-17C5-11D4-C1B6B65B1284}" = Catalyst Control Center Graphics Light

"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1036-7B44-A71000000002}" = Adobe Reader 7.1.0 - Français

"{B308C894-4CC2-59C9-A5EE-EE22C8862AAB}" = CCC Help Italian

"{B5DBDD11-97A1-BBF4-D2D7-B381A4010F6C}" = Catalyst Control Center Localization Turkish

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B6605725-5BDB-9684-EE19-D9ABE687B360}" = CCC Help Chinese Traditional

"{BE6817F6-6CC1-9934-3DE4-BADA9471BCBD}" = Catalyst Control Center Graphics Previews Common

"{C29DDB10-D329-163C-F381-5208FA737D9C}" = Catalyst Control Center Localization Polish

"{C66ABB8B-82F6-D42D-A930-DEC5C3AAF2AF}" = CCC Help Czech

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CED167D4-6300-EE0D-8A18-7EADAFBE3AF3}" = CCC Help Greek

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D7883A10-E32D-01AC-BA5C-32AB8D949AAC}" = Catalyst Control Center Localization Czech

"{DB1440A2-8DE5-8ACF-4FD7-4DE42128CF5A}" = Catalyst Control Center Localization German

"{DE90CBC0-049D-E8E2-DD63-B4E048772F90}" = Catalyst Control Center Localization Dutch

"{E1346C42-2B96-B06C-5F3B-99BA1DE914A3}" = Catalyst Control Center Localization Japanese

"{E14C2F99-A741-DD7D-86BA-125232B43B0F}" = CCC Help Japanese

"{E4B430AF-1029-ED12-608E-D8EF7981BADC}" = Catalyst Control Center Localization Spanish

"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home

"{E5D1C4D5-1ECD-E689-FFCF-96D1FE7697FC}" = Skins

"{E80B263C-7DAA-4F6B-CC38-F841BCDE9B03}" = CCC Help Danish

"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities

"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1

"{EE168625-C2DA-89DE-1BC3-961A0449B322}" = Catalyst Control Center Localization Greek

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1CFD809-20E4-33B6-9B17-C0907C6D3DE3}" = CCC Help Hungarian

"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA

"{F3474283-A0BB-72A0-97C0-E4EB5C8C6730}" = CCC Help Norwegian

"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner

"{FB397904-F751-EC9D-02F9-03EE099B4D64}" = Catalyst Control Center Localization Danish

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Ad-Remover" = Ad-Remover By C_XX

"avast5" = avast! Free Antivirus

"BCM70010" = Broadcom High Definition Video Decoder 2.6.40.1

"CCleaner" = CCleaner

"CrystalDiskInfo_is1" = CrystalDiskInfo 3.8.0

"Defraggler" = Defraggler

"DVD Shrink_is1" = DVD Shrink 3.2

"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)

"Electric Sheep" = Electric Sheep 2.7b29

"Emperor's Mahjong pour Windows" = Emperor's Mahjong pour Windows

"Flight Simulator 8.0" = Microsoft Flight Simulator 2002

"FreeUndelete" = FreeUndelete

"Graphe AT_is1" = Graphe Analyse Technique 3.0

"HijackThis" = HijackThis 2.0.2

"IncrediMail" = IncrediMail 2.0

"Install WinBrick2000 v3.17.0 Shareware" = WinBrick2000

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Mot de passe responsable

"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"MRU-Blaster_is1" = MRU-Blaster v1.5 (Database 3/28/2004)

"Neuf_TV_PC" = TV sur PC

"photofiltre" = PhotoFiltre

"Picasa 3" = Picasa 3

"Quicken 2000" = Quicken 2000

"Register WinBrick2000 to v3.06 full version" = WinBrick2000

"Softonic.France Toolbar" = Softonic.France Toolbar

"System Explorer_is1" = System Explorer 2.7.2

"The KMPlayer FR_is1" = The KMPlayer v2.9.4.1435 FR

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"Tradexpert 2.89A5R_is1" = Tradexpert 2.89A5R

"VLC media player" = VideoLAN VLC media player 0.8.6b

"WinZip" = WinZip

"Yahoo! Companion" = Yahoo! Toolbar

"ZHPDiag_is1" = ZHPDiag 1.27

"ZHPFix_is1" = ZHPFix 1.12

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Mérops" = Mérops

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 21/02/2011 12:00:07 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 21/02/2011 12:00:18 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 21/02/2011 12:20:16 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 21/02/2011 12:33:33 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 21/02/2011 14:13:11 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 21/02/2011 14:34:03 | Computer Name = PC-de-Henri | Source = MsiInstaller | ID = 11706

Description =

 

Error - 21/02/2011 14:34:53 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 22/02/2011 05:06:02 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 22/02/2011 05:08:00 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 22/02/2011 05:08:30 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

[ Media Center Events ]

Error - 06/06/2008 11:52:22 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 07/06/2008 07:00:01 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 12/06/2008 10:40:07 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 12/06/2008 10:41:04 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 12/06/2008 10:43:39 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 12/06/2008 10:44:03 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 14/06/2008 14:51:10 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 15/10/2008 07:50:51 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 15/10/2008 07:51:05 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 26/06/2009 12:20:39 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

[ System Events ]

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

 

< End of report >

[lance_yien]

Que veux-tu garder comme antivirus, Avast ou Panda?

Tu peux relancer Security Check et poster son rapport stp?

Je te donnerai la suite selon ton choix et le rapport.

 

a++

[gaspar]

pas de préférences, dis moi quel est le meilleur, je suis tes conseils

 

OTL Extras logfile created on: 22/02/2011 10:26:22 - Run 1

OTL by OldTimer - Version 3.2.21.0 Folder = C:\Users\Henri\Downloads

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 28,00% Memory free

10,00 Gb Paging File | 8,00 Gb Available in Paging File | 84,00% Paging File free

Paging file location(s): c:\pagefile.sys 0 0e:\pagefile.sys 6000 8000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 116,21 Gb Total Space | 58,41 Gb Free Space | 50,26% Space Free | Partition Type: NTFS

Drive E: | 115,21 Gb Total Space | 76,12 Gb Free Space | 66,07% Space Free | Partition Type: NTFS

 

Computer Name: PC-DE-HENRI | User Name: Henri | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2225186546-478183646-4290705749-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 3

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05C2BB99-181B-4C15-A053-1099DBF1150F}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{0A8CCC7A-ACD4-4E41-A25D-42C64FF3EF7A}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{13715F38-A75C-42E3-97C8-E25A2BB37FAB}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{198FEB27-9B34-46B0-809E-DF833D7E5EAC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{2667C59D-8256-4E82-97F8-79F65020B3B8}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{39564546-EB96-4850-8C3B-23F5733B3D2E}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{423C1C45-1E64-4E73-A37C-47CAFB5A79C0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{4604D1A0-A565-4C94-BB35-A0EED3C01AEF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{46FBAB56-721B-416F-B720-DD47F5E58B83}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{4F3E5365-4BB0-4192-888D-A88DED9E693C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{54DCDF02-0AC0-4789-B533-A7566FF67762}" = lport=3 | protocol=6 | dir=in | name=navirad |

"{565513C9-31C0-4353-977A-2BD7F5CF83DF}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{5856D6FE-F400-4D1C-8275-E46199A8D2EB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6D6004F5-2787-4F23-9077-4C024359BEC2}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{75088F22-783E-4AAF-8728-8F3CC778D61E}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{7E972A78-B06C-4F32-BF0F-E491AD060905}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{7F9BBD3C-2FCA-4449-9A70-3CB9DBD6B97C}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |

"{86EC2D82-3403-420F-97B0-00AEEADD8A62}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{87300302-BDE7-4F2C-8F1E-75A324708A4B}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |

"{87EB6DE8-186B-4FC1-82C3-0B3F5BF2BA1B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{8E0EF65A-A330-4189-B73B-52F5521F3C8A}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{90FF4D56-F8C4-43F8-9512-A60E49019464}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{96FA6E5A-58AC-40EE-87D5-93B91B462FE7}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010\wnt500x86\rpcsandrasrv.exe |

"{97FCF298-FD23-4A9E-9532-78B800560481}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{AF273F81-205F-4001-AE88-DA652B149290}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{B387D9D8-D3CB-4686-A1D2-2C78873FC555}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{B5EEDE5F-87EF-4A9E-8D6F-2EE4BCBBD2CE}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{B813FB8F-1849-4BFF-BC14-6BEE20EF096A}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{BFABB3D6-D40D-4C08-AEC3-CC5B6F0669B5}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{C607FADE-F252-4252-AB68-5F868FE9D4D2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{DC84F6AB-E847-4877-A611-AADB0C05C429}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{DD3CEF26-95DD-4EEF-AFA9-F8A4F54AF1AC}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{E15A6DA0-2375-449D-8156-50805B28AA98}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EB2E9658-BDB5-4EF6-91F8-0A4442B84B88}" = lport=5 | protocol=6 | dir=in | name=navirad |

"{EBBDDB63-87FA-4A97-984A-130E0093A550}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010\wnt500x86\rpcsandrasrv.exe |

"{ED119FE9-2DAC-4AF3-BC1C-D90D0E2F82CD}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

"{FAA3BC6D-2BB2-4709-858F-E881B5CA1C12}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500x86\rpcsandrasrv.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02D65AF1-41A9-4BF9-BC8D-7DE6419B4A7C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{032B5ABE-8E64-40B5-8A20-5F61F3A96804}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |

"{059D7749-AD9E-445C-9AB8-AD7EB5E67E6C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{059FF725-25FA-4F0F-9D38-0A93087E2438}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"{0A8A41AC-59DE-4543-A055-3E578D1D7715}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{0AF1D262-1BBC-47D5-B4FA-268420279BDD}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010\wnt500x86\rpcsandrasrv.exe |

"{0CACFB23-13FB-46E5-A958-6C635F8DA1E4}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |

"{0CD532EC-2A22-4524-BD13-39679AA420F4}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{112479BA-E61E-4091-B921-54C4A7523DB1}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |

"{176866FB-B0AA-4DFD-A848-DD36D9AC0742}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{17953C97-3712-4E55-B394-8584B32A7D21}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{1875A37F-D4DA-44CC-B31E-FA179BD43DF6}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{1A179100-3E34-4B99-9762-D29816F39424}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |

"{1BB81F35-06FC-48CA-A855-B5EE9D6CE5F1}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{2407DDE5-9156-49E3-B9E8-8A8BABF4CDDC}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{2A43B9E2-D119-4AD1-910B-63DDE7CFA6D5}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{2DB791BB-47DC-4405-8E58-48B752549A9D}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{307A1609-7894-470E-966B-D2EF8602B07E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |

"{32586D5F-0D90-4DE9-AC93-B91635A1E7EA}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{33F04C34-DD16-4896-8F0A-A742CE9FA152}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{38C1010B-8BB8-4014-9FC8-72D98845CC4F}" = protocol=17 | dir=in | app=c:\program files\winbrick2000\brick2k.exe |

"{3984FC02-7D22-4DB0-B413-4DBE0A1B868C}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{3B59F7A5-CD75-44BC-A2BA-DDDE33BB37D0}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |

"{406B2E2C-26C2-476E-A293-1D4BA8AFDB03}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{57F4EF7E-6B2D-4C1B-A2F3-DF31919A2268}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{5922E421-EA62-4A7D-AEA5-CDD8484B86A0}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{5C55A501-4FB3-426B-8A4E-AC3ABD80EAAB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{5D104FD6-F034-402B-9AEF-AFEAB8F3CA85}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{5F854C8E-C2F5-4256-9DA6-533D44CD6D6C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{6109A0B4-01BA-4418-84EA-DA200796466A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{622B1FC0-610A-4958-8538-D2741FA7FDBF}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |

"{62BD33AD-7904-4B4B-858C-19ED3C5AA322}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{645CF95B-8F7A-49D4-847C-2CF026029DDA}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |

"{66EAED64-F2FF-496B-974A-2D7F2EFB04ED}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |

"{7012272C-ED2A-476C-BB7B-2728C47CF109}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{70A8DC07-6562-44CD-AC2C-57E3E93874B3}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{757E0DA2-C933-4694-9ACD-70091BEC8C1B}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{785C2F40-504B-4921-B334-8C44E5C0F8C8}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |

"{79BC4DEA-972A-4E80-A70E-773CF889C86D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{7CF18256-AEB1-4CD2-A009-2CF6041CEC4F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{7DB26202-0788-42F2-A054-63F1107D4C89}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |

"{7EEB15A6-848A-4DFE-8294-2CCC9DAFB2E9}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{84C5DB97-3A3D-420E-A334-F114DDC1E7D2}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |

"{894D5C44-D5C2-4B08-84B7-7C817F90B1E0}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |

"{97C0D5F7-C28C-4CC8-92FD-5CD96BDD004F}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{9979E2E4-F456-4A97-9BD8-F48509B88B38}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{99B597C7-7212-4EFC-AFC0-23F787D72C4A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{9F94E36A-5E9F-4B82-9294-344D3FD18C91}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |

"{9FADCF84-5A56-46CA-BC2C-BC08861DC958}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |

"{A120499A-18D7-4B6C-B893-8686AE65145C}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"{A503F03E-41FD-4B6A-932F-6FD9A5D90E8E}" = protocol=6 | dir=in | app=c:\users\henri\appdata\local\temp\iminstaller\3d_magic_installer.exe |

"{A7CF110E-38B8-4330-B9D8-D71F0AEF7998}" = protocol=17 | dir=in | app=c:\users\henri\appdata\local\temp\iminstaller\3d_magic_installer.exe |

"{AC40A69B-72C6-455C-AA24-91BA4C7CD2C9}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |

"{B4ECDA6B-C5CF-4A14-8D48-727A888DD954}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{B878BE75-48AF-487E-B1E8-57C6155F82CF}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |

"{B9157A76-C000-4362-BDD5-BB08C731A0AE}" = protocol=17 | dir=in | app=c:\program files\incredimail\bin\incmail.exe |

"{BB387E48-3176-4443-B8C0-044E7024835A}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |

"{BEA13510-76F6-40EF-A9A7-6169C3664445}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |

"{C50EC2BA-3CCF-4282-9034-8ECA8F5EFE55}" = protocol=1 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite 2010\wnt500x86\rpcsandrasrv.exe |

"{C51A6641-006B-42E0-9218-1E6E7A74ACE9}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{CAB5906B-F2A3-41E7-A18E-2D39A90DFC20}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{CD99B7D1-BC98-4187-9CCD-51A12C36E8B3}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\impcnt.exe |

"{CEB3539A-439D-4FF2-90C4-970FD418EF94}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{D183C112-D739-4577-B7DF-304583D64B73}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{E4A0FA56-5FBA-45AC-995D-B20E18032EAB}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{F0F898DE-22AD-48AB-A0B4-1B4C4CDF2899}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{F2B2BA10-B418-4A13-9359-3E9D13B45908}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{F4C8ABC7-939A-4AB3-9E49-F62594C25D53}" = protocol=6 | dir=in | app=c:\program files\incredimail\bin\imapp.exe |

"{F58F9B2D-26AC-4BF0-9495-2A6377FCA5F2}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{F80501F1-BEE0-4135-98A4-4ABDBC2B9A61}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |

"{FCE58D24-F445-4C91-97CD-F8F303DACE7B}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{FCEEB011-A33C-4539-95EB-19BEDC47469D}" = protocol=6 | dir=in | app=c:\program files\winbrick2000\brick2k.exe |

"TCP Query User{09B3F444-0F08-4085-87A8-9291300C64D7}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"TCP Query User{503DCB47-4154-4684-9DB6-F59E17A1E4D8}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe |

"TCP Query User{513BB227-233B-4C26-BD57-C21924D5BFE8}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |

"TCP Query User{5FBA5720-3821-4072-86C8-811B42F407BC}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"TCP Query User{71EDC7A8-FEF2-4875-B5F2-EC355EDAB8C7}C:\windows\system32\electricsheep.scr" = protocol=6 | dir=in | app=c:\windows\system32\electricsheep.scr |

"TCP Query User{8735147C-2DAC-46D7-990B-9E28A2E21A33}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{F75E00C3-67C0-45DC-84A8-D91046A26F1D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{09C9F11C-6895-4FFE-B694-A573B5DAA4AA}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{2F2EAB98-D4E0-4610-B8DB-F4F4EF56126C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"UDP Query User{37D1A014-6CCE-4D6E-910B-39AA5B804808}C:\program files\microsoft games\fs2002\fs2002.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\fs2002\fs2002.exe |

"UDP Query User{569B46DB-914A-457E-956D-9FF07183729E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{84776E06-B8D7-467E-9571-9CE308BA6E94}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |

"UDP Query User{BBA58B60-5C44-45F9-A877-047B4C0620F5}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"UDP Query User{D0AC1166-46B3-43F2-A318-757B28C65C37}C:\windows\system32\electricsheep.scr" = protocol=17 | dir=in | app=c:\windows\system32\electricsheep.scr |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{040D3C87-C028-4213-50C5-7A41C02A84CF}" = CCC Help Dutch

"{0827A30F-B349-4247-C003-1EDEEA3F75A0}" = Catalyst Control Center Localization Finnish

"{0A00AE5F-E08E-787E-48C0-BABE8B1B4C84}" = CCC Help Polish

"{0CA13800-EF17-741F-08BA-53F26908C8A8}" = ccc-utility

"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{14B78489-B0E7-4B36-FFFD-9E6BB1C9B14E}" = Catalyst Control Center Graphics Full New

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter

"{1945916C-660A-F916-3EDE-5E31C17D97EB}" = CCC Help Turkish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2202F1B7-3749-BFCD-6794-18C50307D3CA}" = Catalyst Control Center Graphics Previews Vista

"{22543949-70E8-45D0-A938-F38143EB8BF8}" = Catalyst Control Center - Branding

"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{25E37249-2688-07EA-A892-C4F53EB86B22}" = CCC Help German

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{298BE1F8-4A40-8BE7-BBD9-4C7171389C16}" = Catalyst Control Center Localization Norwegian

"{2D0C679F-6D2E-3DB6-7FAF-8092F94B4FDF}" = CCC Help Chinese Standard

"{2F9C86AE-85C2-B9D4-BF10-59BE20C42914}" = CCC Help Swedish

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba

"{3932745C-7335-6F80-25DB-2ADCED63B287}" = Catalyst Control Center Localization Russian

"{3A6396DC-F35E-1083-5DCB-512BBB723D3B}" = Catalyst Control Center Localization Portuguese

"{3CE3EA90-E186-11B1-17A7-D1C133FBA951}" = CCC Help Russian

"{3D8E04DE-4944-CC6E-77A9-C83666F93EB8}" = Catalyst Control Center Localization French

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{4223EFD6-5466-DE65-D829-1E29626FA757}" = CCC Help Korean

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4478F10E-BB85-C351-A8DD-2D8E26086ECC}" = Catalyst Control Center Localization Swedish

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4ACF5CB8-CADE-42C9-B3D3-B8751A2CDFD6}" = Toshiba TEMPO

"{4E5901EE-4746-88ED-3771-915CCCFB17D2}" = Catalyst Control Center Core Implementation

"{504D6243-D4AE-44E3-991A-380CF2316E16}" = ACDSee 5.0 Standard

"{51A0008E-46AF-2800-9F82-1726ABDEBD31}" = CCC Help Finnish

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}" = IncrediMail

"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes

"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center

"{61FB1C6D-6200-5659-0C3C-7ABDAC982442}" = ATI Catalyst Install Manager

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B7F28D4-160E-40C6-B7C8-5EC6B9734DA7}" = Photo Notifier and Animation Creator

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{75ADEFA2-D4FF-4B37-9E93-4306E6AC176B}_is1" = ImgBurn 2.3.2.0 Fr

"{761A0675-6067-9405-E24F-839F3506D0A6}" = Catalyst Control Center Localization Italian

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree

"{7C4C5272-983F-BDC5-1223-03814D4D393E}" = CCC Help French

"{80BBE326-A06D-EB99-C804-DAC994C2CDCE}" = CCC Help English

"{80D23E2E-09A5-C202-DB22-2363D5DF7880}" = Catalyst Control Center Localization Chinese Standard

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{848F3E88-B442-06C0-B0C5-1DB8F1AEFD0C}" = Catalyst Control Center Graphics Full Existing

"{84FC6FDC-D076-BCB0-BC67-891A548AB4CA}" = ccc-core-static

"{85948378-92EB-3B9E-1698-6650A3D2DB91}" = Catalyst Control Center Localization Korean

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{8950A48A-D79E-EA03-2A84-6DADE70931FB}" = CCC Help Thai

"{89AB9D60-9C0D-21CE-0170-B20C220E5855}" = Catalyst Control Center Localization Thai

"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour

"{8CC28EDD-B675-1273-63D2-1603B4F80544}" = CCC Help Portuguese

"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager

"{9085040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003

"{9164E441-F732-5756-A4FB-99BC67A72ECC}" = CCC Help Spanish

"{9725E06F-F21B-7751-F53D-B799EC9CC4D8}" = Catalyst Control Center Localization Hungarian

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B980CB3-A949-350B-C0C3-04BAE888ED16}" = Catalyst Control Center Localization Chinese Traditional

"{9D986E6C-E3FA-17C5-11D4-C1B6B65B1284}" = Catalyst Control Center Graphics Light

"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support

"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = Réducteur de bruit lect. CD/DVD

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1036-7B44-A71000000002}" = Adobe Reader 7.1.0 - Français

"{B308C894-4CC2-59C9-A5EE-EE22C8862AAB}" = CCC Help Italian

"{B5DBDD11-97A1-BBF4-D2D7-B381A4010F6C}" = Catalyst Control Center Localization Turkish

"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser

"{B6605725-5BDB-9684-EE19-D9ABE687B360}" = CCC Help Chinese Traditional

"{BE6817F6-6CC1-9934-3DE4-BADA9471BCBD}" = Catalyst Control Center Graphics Previews Common

"{C29DDB10-D329-163C-F381-5208FA737D9C}" = Catalyst Control Center Localization Polish

"{C66ABB8B-82F6-D42D-A930-DEC5C3AAF2AF}" = CCC Help Czech

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CED167D4-6300-EE0D-8A18-7EADAFBE3AF3}" = CCC Help Greek

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D7883A10-E32D-01AC-BA5C-32AB8D949AAC}" = Catalyst Control Center Localization Czech

"{DB1440A2-8DE5-8ACF-4FD7-4DE42128CF5A}" = Catalyst Control Center Localization German

"{DE90CBC0-049D-E8E2-DD63-B4E048772F90}" = Catalyst Control Center Localization Dutch

"{E1346C42-2B96-B06C-5F3B-99BA1DE914A3}" = Catalyst Control Center Localization Japanese

"{E14C2F99-A741-DD7D-86BA-125232B43B0F}" = CCC Help Japanese

"{E4B430AF-1029-ED12-608E-D8EF7981BADC}" = Catalyst Control Center Localization Spanish

"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home

"{E5D1C4D5-1ECD-E689-FFCF-96D1FE7697FC}" = Skins

"{E80B263C-7DAA-4F6B-CC38-F841BCDE9B03}" = CCC Help Danish

"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities

"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1

"{EE168625-C2DA-89DE-1BC3-961A0449B322}" = Catalyst Control Center Localization Greek

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1CFD809-20E4-33B6-9B17-C0907C6D3DE3}" = CCC Help Hungarian

"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA

"{F3474283-A0BB-72A0-97C0-E4EB5C8C6730}" = CCC Help Norwegian

"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner

"{FB397904-F751-EC9D-02F9-03EE099B4D64}" = Catalyst Control Center Localization Danish

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Ad-Remover" = Ad-Remover By C_XX

"avast5" = avast! Free Antivirus

"BCM70010" = Broadcom High Definition Video Decoder 2.6.40.1

"CCleaner" = CCleaner

"CrystalDiskInfo_is1" = CrystalDiskInfo 3.8.0

"Defraggler" = Defraggler

"DVD Shrink_is1" = DVD Shrink 3.2

"DVDFab 6_is1" = DVDFab 6.0.4.0 (28/07/2009)

"Electric Sheep" = Electric Sheep 2.7b29

"Emperor's Mahjong pour Windows" = Emperor's Mahjong pour Windows

"Flight Simulator 8.0" = Microsoft Flight Simulator 2002

"FreeUndelete" = FreeUndelete

"Graphe AT_is1" = Graphe Analyse Technique 3.0

"HijackThis" = HijackThis 2.0.2

"IncrediMail" = IncrediMail 2.0

"Install WinBrick2000 v3.17.0 Shareware" = WinBrick2000

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Mot de passe responsable

"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"MRU-Blaster_is1" = MRU-Blaster v1.5 (Database 3/28/2004)

"Neuf_TV_PC" = TV sur PC

"photofiltre" = PhotoFiltre

"Picasa 3" = Picasa 3

"Quicken 2000" = Quicken 2000

"Register WinBrick2000 to v3.06 full version" = WinBrick2000

"Softonic.France Toolbar" = Softonic.France Toolbar

"System Explorer_is1" = System Explorer 2.7.2

"The KMPlayer FR_is1" = The KMPlayer v2.9.4.1435 FR

"TOSHIBA Software Modem" = TOSHIBA Software Modem

"Tradexpert 2.89A5R_is1" = Tradexpert 2.89A5R

"VLC media player" = VideoLAN VLC media player 0.8.6b

"WinZip" = WinZip

"Yahoo! Companion" = Yahoo! Toolbar

"ZHPDiag_is1" = ZHPDiag 1.27

"ZHPFix_is1" = ZHPFix 1.12

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Mérops" = Mérops

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 21/02/2011 12:00:07 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 21/02/2011 12:00:18 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 21/02/2011 12:20:16 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 21/02/2011 12:33:33 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 21/02/2011 14:13:11 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 21/02/2011 14:34:03 | Computer Name = PC-de-Henri | Source = MsiInstaller | ID = 11706

Description =

 

Error - 21/02/2011 14:34:53 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 22/02/2011 05:06:02 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 22/02/2011 05:08:00 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

Error - 22/02/2011 05:08:30 | Computer Name = PC-de-Henri | Source = Windows Search Service | ID = 1011

Description =

 

[ Media Center Events ]

Error - 06/06/2008 11:52:22 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 07/06/2008 07:00:01 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 12/06/2008 10:40:07 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 12/06/2008 10:41:04 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 12/06/2008 10:43:39 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 12/06/2008 10:44:03 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 14/06/2008 14:51:10 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 15/10/2008 07:50:51 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 15/10/2008 07:51:05 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

Error - 26/06/2009 12:20:39 | Computer Name = PC-de-Henri | Source = Media Center Guide | ID = 0

Description = ?

 

[ System Events ]

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

Error - 22/02/2011 05:23:19 | Computer Name = PC-de-Henri | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

 

 

< End of report >