Rapport Hijackthis

Steven_CH · le 24 avril 2011

Bonjour,

Je me permets de solliciter votre aide concernant mon pc infecté et tournant sous Windows 7 (anglais), avec notamment des problèmes tels que AntiVir qui ne se charge plus au démarrage et surtout plus de connexion internet.

J'ai déjà essayé les logiciels usuels Malwarebyte's Anti-Malware ainsi que Spypot Search & Destroy, mais sans succès.

Pourriez-vous svp m'aider à identifier l'infection ?

Voici le rapport HiJackThis du dit pc:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 02:29:04, on 24.04.2011

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16671)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Microsoft Office\Office14\BCSSync.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

C:\Program Files\QuickTime\QTTask .exe

C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

C:\Windows\System32\wscript.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt .exe

C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip .exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe

C:\Program Files\TaskAngel\TaskAngel .exe

C:\Program Files\QuickTime\QTTask .exe

C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [uSBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [uSB-Set] wscript "C:\Program Files\USB-set\TSR.vbe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [TaskAngel] C:\Program Files\TaskAngel\TaskAngel.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (file missing)

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SwitchBoard - Unknown owner - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe

--

End of file - 7697 bytes

pear · le 24 avril 2011

Bonjour,

Spybot et Hijackthis sont hors course.

Je vous en conseille la désinstallation.

Pour désactiver TeaTimer qui ne sert à rien et peut faire échouer une désinfection:!

Sous Vista, exécuter avec privilèges Administrateur

Afficher d'abord le Mode Avancé dans SpyBot

->Options Avancées :

- >menu Mode, Mode Avancé.

Une colonne de menus apparaît dans la partie gauche :

- >cliquer sur Outils,

- >cliquer sur Résident,

Dans Résident :

- >décocher Résident "TeaTimer" pour le désactiver.

Effacer le contenu du dossier Snapshots(le contenu de snapshots, pas le fichier snapshots) , sous XP :

C:\Documents and Settings\All Users\Application Data\Spybot - Search &Destroy\Snapshots

Et sous Vista :

C:\ProgramData\Spybot - Search & Destroy\Snapshots

sur le bureau

Double cliquer sur l'icône

Vérifiez que toutes les autres fenêtres sont fermées afin qu'il s'exécute sans interruption.

Cochez]----------------->Tous les utilisateurs (scan all users)

Sous Rapport (output)

Cliquez ----------------------------->Rapport Standard (Standard Output)

Sous Régistre Standard(Standard Registry) cocher Tous(All)

Cochez------------------------------> Lop check et Purity check

Dans Pesonnalisation (Custom Scans Fixes) copier_coller le contenu ci dessous:

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%systemroot%\*. /mp /s

CREATERESTOREPOINT

Clic sur Analyse

une fois le scan terminé , les fichiers OTL.txt et Extras.txt vont s'ouvrir

Comment poster les rapports

Vous copiez/collez tout ou partie des rapports dans un ou plusieurs messages.

ou Aller sur le site :

Appuyez sur Parcourir et chercher les rapports sur le disque,

Ensuite appuyez sur Créer le lien CJoint,

>> dans la page suivante --> ,,

une adresse http//.. sera créée

Copier /coller cette adresse dans votre prochain message.

Modifié le 24 avril 2011 par pear

Steven_CH · le 24 avril 2011

Merci pour votre aide!

Voici le rapport OTL.txt :

OTL logfile created on: 24.04.2011 13:13:07 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Steph\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000100c | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 29.72 Gb Total Space | 6.61 Gb Free Space | 22.24% Space Free | Partition Type: NTFS

Drive E: | 2.93 Gb Total Space | 0.38 Gb Free Space | 13.13% Space Free | Partition Type: NTFS

Drive F: | 928.58 Gb Total Space | 11.07 Gb Free Space | 1.19% Space Free | Partition Type: NTFS

Drive G: | 955.47 Mb Total Space | 753.61 Mb Free Space | 78.87% Space Free | Partition Type: FAT32

Computer Name: ASROCK | User Name: Steph | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.04.24 13:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe

PRC - [2011.04.23 08:09:15 | 000,131,084 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.04.21 19:24:36 | 000,131,080 | ---- | M] () -- C:\Program Files\TaskAngel\TaskAngel.exe

PRC - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

PRC - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe

PRC - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

PRC - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe

PRC - [2011.04.01 10:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011.03.16 12:57:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.03.08 10:43:04 | 000,421,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011.02.10 00:24:54 | 001,373,456 | ---- | M] (MyPocketSoft) -- C:\Program Files\TaskAngel\TaskAngel .exe

PRC - [2011.01.31 10:44:43 | 000,035,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl .exe

PRC - [2010.11.02 13:32:05 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

PRC - [2010.11.02 13:32:05 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt .exe

PRC - [2010.11.02 13:32:05 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010.09.21 00:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM .exe

PRC - [2010.08.22 21:02:34 | 000,642,560 | ---- | M] (Nenad Hrg (SoftwareOK.com)) -- C:\Program Files\Q-Dir\Q-Dir.exe

PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe

PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2010.01.14 22:12:21 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2007.02.20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip .exe

PRC - [2006.03.01 03:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe

========== Modules (SafeList) ==========

MOD - [2011.04.24 13:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe

MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ioloFileInfoList)

SRV - [2011.04.21 19:01:13 | 000,131,076 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2011.04.21 19:00:54 | 000,059,400 | -HS- | M] () [Auto | Stopped] -- \\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srvB94.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srvB94.tmp] -- (srvB94)

SRV - [2011.04.01 10:31:38 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011.03.30 21:52:47 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)

SRV - [2011.03.16 12:57:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.03.08 10:43:04 | 000,421,032 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2010.11.02 13:32:05 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2010.11.02 13:32:05 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.09.27 23:08:49 | 001,343,400 | ---- | M] () [unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006.03.01 03:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)

========== Driver Services (SafeList) ==========

DRV - [2011.03.16 12:57:30 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010.12.11 02:19:53 | 000,024,448 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fnetthjm_152D.sys -- (FNETTHJM_152D)

DRV - [2010.11.22 13:15:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)

DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)

DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)

DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)

DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)

DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)

DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2008.12.09 10:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)

DRV - [2007.05.15 07:43:50 | 000,013,765 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UCharger.sys -- (UCharger)

DRV - [2006.12.04 09:36:10 | 000,203,264 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bender.sys -- (BENDER)

DRV - [2006.01.10 04:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)

DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58889

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58889

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = Hotmail, Messenger, Divertissement, Actualité, Sport, Voiture, Rencontres et plus

IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ch

IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D D4 71 2D 0E 85 CB 01 [binary data]

IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55111

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ch/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:7.2.0.8

FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2

FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2

FF - prefs.js..extensions.enabledItems: yslow@yahoo-inc.com:2.1.0

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1

FF - prefs.js..extensions.enabledItems: {d9284e50-81fc-11da-a72b-0800200c9a66}:7.6.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {618D522B-652C-4e19-9194-048700B12ED6}:1.4

FF - prefs.js..extensions.enabledItems: statusbar@toodledo.com:1.77

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.30 21:56:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 14:20:55 | 000,000,000 | ---D | M]

[2010.10.26 17:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions

[2010.10.26 17:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.08.23 22:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011.04.24 00:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions

[2011.02.06 05:20:39 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2011.04.01 00:33:44 | 000,000,000 | ---D | M] (Sothink SWF Catcher) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{618D522B-652C-4e19-9194-048700B12ED6}

[2011.04.08 12:39:06 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}

[2011.04.08 12:39:06 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

[2011.04.08 12:39:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011.02.09 15:12:04 | 000,000,000 | ---D | M] ("Yoono") -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}

[2011.02.20 00:15:21 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}

[2011.04.21 13:56:51 | 000,000,000 | ---D | M] (Adblock Plus Pop-up Addon) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\adblockpopups@jessehakanen.net

[2011.01.12 07:22:35 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\isreaditlater@ideashower.com

[2011.04.15 11:58:22 | 000,000,000 | ---D | M] (Toodledo) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\statusbar@toodledo.com

[2010.11.02 19:28:08 | 000,000,000 | ---D | M] (YSlow) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\17wnhgoh.default\extensions\yslow@yahoo-inc.com

[2011.04.22 14:03:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011.03.24 14:20:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010.09.11 16:40:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.09.11 18:19:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.10.20 16:33:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.01.07 17:04:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.03.01 00:17:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.03.24 14:20:54 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2011.03.24 14:20:54 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009.07.07 23:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll

[2009.07.07 23:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

[2010.09.14 20:46:49 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

[2009.06.25 13:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2011.03.24 14:20:54 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007.03.22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2011.03.12 13:28:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010.12.13 23:02:04 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010.10.22 12:47:31 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010.10.22 12:47:31 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2010.10.22 12:47:31 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010.10.22 12:47:31 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010.10.22 12:47:31 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010.10.22 12:47:31 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010.10.22 12:47:31 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010.11.16 02:30:21 | 000,426,463 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobe.activate.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 www.adobeereg.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 125.252.224.90

O1 - Hosts: 127.0.0.1 125.252.224.91

O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 14678 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\..\Toolbar\WebBrowser: (no name) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ()

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ()

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe ()

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe ()

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ()

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe ()

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe ()

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe ()

O4 - HKLM..\Run: [uSB-Set] File not found

O4 - HKLM..\Run: [uSBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe ()

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000..\Run: [TaskAngel] C:\Program Files\TaskAngel\TaskAngel.exe ()

F3 - HKU\.DEFAULT WinNT: Load - (C:\Windows\TEMP\csrss.exe) - File not found

F3 - HKU\S-1-5-18 WinNT: Load - (C:\Windows\TEMP\csrss.exe) - File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O8 - Extra context menu item: &Envoyer à OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011.04.24 00:35:13 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2011.04.24 00:35:12 | 000,000,000 | ---D | M] - E:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2011.04.24 00:35:14 | 000,000,000 | ---D | M] - F:\autorun.inf -- [ NTFS ]

O32 - AutoRun File - [2011.04.24 02:31:20 | 000,000,000 | ---D | M] - G:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: srvB94 - \\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srvB94.tmp ()

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.IV50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.mjpg - pvmjpg30.dll File not found

PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.04.24 13:11:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe

[2011.04.24 00:35:13 | 000,000,000 | ---D | C] -- C:\autorun.inf

[2011.04.23 17:07:50 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2011.04.23 14:46:37 | 000,000,000 | ---D | C] -- C:\UsbFix

[2011.04.23 14:37:35 | 000,000,000 | ---D | C] -- C:\ProgramData\USB-set

[2011.04.23 14:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\USB-set

[2011.04.22 13:31:00 | 000,000,000 | ---D | C] -- F:\My Documents\Fichiers Outlook

[2011.04.21 16:36:48 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe

[2011.04.21 16:36:48 | 000,069,632 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe

[2011.04.21 16:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Mail Recovery

[2011.04.21 13:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\SysTools Outlook Recovery

[2011.04.20 21:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.04.20 21:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.04.20 21:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.04.20 21:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011.04.20 21:10:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.04.18 14:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO

[2011.04.13 20:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\TaskAngel

[2011.04.13 20:58:49 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Roaming\MyPocketSoft

[2011.04.11 03:32:46 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Roaming\RealWorld

[2011.04.11 03:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealWorld

[2011.04.11 03:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\RealWorld Icon Editor

[2011.04.06 23:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\Explorer++

[2011.04.06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll

[2011.04.06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe

[2011.04.06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

[2011.04.06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll

[2011.04.01 00:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SourceTec

[2011.04.01 00:32:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec

[2011.04.01 00:07:08 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec

[2011.03.30 23:31:21 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2011.03.30 23:31:21 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Roaming\Adobe Mini Bridge CS5

[1998.06.29 10:03:36 | 000,099,840 | ---- | C] ( ) -- C:\Windows\System32\Zipdll.dll

[1998.06.29 10:03:36 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\Unzdll.dll

========== Files - Modified Within 30 Days ==========

[2011.04.24 13:14:14 | 000,014,192 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.24 13:14:14 | 000,014,192 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.24 13:14:10 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin

[2011.04.24 13:12:24 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.04.24 13:12:24 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.04.24 13:11:11 | 000,074,711 | ---- | M] () -- C:\Windows\Q-Dir.ini

[2011.04.24 13:09:30 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.04.24 13:09:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe

[2011.04.24 13:09:00 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\BJJJ.job

[2011.04.24 13:08:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.04.24 13:07:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.04.23 14:56:16 | 208,969,728 | ---- | M] () -- C:\Users\Steph\Desktop\kav_rescue_10.iso

[2011.04.23 14:37:35 | 000,001,835 | ---- | M] () -- C:\Users\Steph\Desktop\USB-set.lnk

[2011.04.22 19:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At2.job

[2011.04.22 19:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job

[2011.04.22 00:20:53 | 000,001,099 | ---- | M] () -- C:\Users\Steph\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011.04.21 22:00:09 | 000,003,828 | ---- | M] () -- C:\Users\Steph\AppData\Roaming\92DA.4C7

[2011.04.21 19:02:57 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.ind

[2011.04.21 19:01:13 | 000,131,076 | ---- | M] () -- C:\ProgramData\UEBeSifOsb.exe

[2011.04.21 16:37:07 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.nlp

[2011.04.21 16:37:07 | 000,000,004 | ---- | M] () -- C:\Windows\vx86036.dat

[2011.04.21 16:36:56 | 000,000,055 | ---- | M] () -- C:\Windows\Crypkey.ini

[2011.04.06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssdX.dll

[2011.04.06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dns-sd.exe

[2011.04.06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll

[2011.04.06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\Windows\System32\jdns_sd.dll

[2011.04.06 14:27:49 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

[2011.04.01 00:32:49 | 000,001,258 | ---- | M] () -- C:\Users\Steph\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk

========== Files Created - No Company Name ==========

[2011.04.24 13:14:10 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin

[2011.04.23 14:57:30 | 208,969,728 | ---- | C] () -- C:\Users\Steph\Desktop\kav_rescue_10.iso

[2011.04.23 14:37:35 | 000,001,835 | ---- | C] () -- C:\Users\Steph\Desktop\USB-set.lnk

[2011.04.21 19:24:28 | 000,003,828 | ---- | C] () -- C:\Users\Steph\AppData\Roaming\92DA.4C7

[2011.04.21 19:00:49 | 000,131,076 | ---- | C] () -- C:\ProgramData\UEBeSifOsb.exe

[2011.04.21 19:00:24 | 000,000,308 | -HS- | C] () -- C:\Windows\tasks\BJJJ.job

[2011.04.21 16:37:07 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.nlp

[2011.04.21 16:37:07 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.ind

[2011.04.21 16:37:07 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat

[2011.04.21 16:36:56 | 000,000,055 | ---- | C] () -- C:\Windows\Crypkey.ini

[2011.04.21 16:36:48 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys

[2011.04.21 16:36:48 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe

[2011.04.21 16:36:48 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll

[2011.04.21 16:36:48 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe

[2011.04.21 16:36:24 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At2.job

[2011.04.21 16:35:50 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At1.job

[2011.04.13 20:58:49 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaskAngel.lnk

[2011.04.06 11:45:27 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk

[2011.04.01 00:32:49 | 000,001,258 | ---- | C] () -- C:\Users\Steph\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink SWF Decompiler.lnk

[2011.03.06 18:27:23 | 000,387,064 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2010.12.28 22:52:47 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll

[2010.11.04 14:46:51 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat

[2010.10.28 14:02:20 | 000,004,096 | -H-- | C] () -- C:\Users\Steph\AppData\Local\keyfile3.drm

[2010.10.18 13:59:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010.10.08 18:30:32 | 000,007,628 | ---- | C] () -- C:\Users\Steph\AppData\Local\Resmon.ResmonCfg

[2010.09.21 21:07:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2010.09.18 00:13:29 | 000,014,336 | ---- | C] () -- C:\Users\Steph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.09.18 00:04:43 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini

[2010.09.17 20:54:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\qtmlClient.dll

[2010.09.14 23:54:57 | 000,000,016 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll

[2010.09.14 23:54:57 | 000,000,016 | ---- | C] () -- C:\Windows\msocreg32.dat

[2010.09.11 16:33:55 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010.08.23 22:04:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010.08.23 21:37:11 | 000,074,711 | ---- | C] () -- C:\Windows\Q-Dir.ini

[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 06:33:53 | 004,133,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2007.05.15 07:43:50 | 000,013,765 | ---- | C] () -- C:\Windows\System32\drivers\UCharger.sys

[2007.04.16 14:23:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PT21F.DLL

[2007.03.26 10:37:20 | 000,001,112 | ---- | C] () -- C:\Windows\System32\PT21L.INI

========== LOP Check ==========

[2011.02.09 00:52:25 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\acccore

[2010.10.24 18:36:51 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\ArcticLine

[2010.12.22 22:54:06 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\CamfrogWEB

[2010.09.28 21:50:54 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\CD-LabelPrint

[2010.11.19 16:14:17 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011.01.14 17:06:21 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Dropbox

[2010.09.21 22:01:12 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Encryptomatic, LLC

[2011.04.21 16:38:39 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\FileZilla

[2010.10.26 17:49:56 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\InfraRecorder

[2010.12.28 23:12:34 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\iolo

[2010.09.21 22:01:13 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\MessageViewer

[2011.04.13 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\MyPocketSoft

[2010.09.12 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\NetMedia Providers

[2010.11.07 02:22:11 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\NuVJ

[2010.09.21 21:06:52 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\proDAD

[2010.09.12 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Publish Providers

[2011.03.24 14:50:00 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Q-Dir

[2010.10.20 15:49:12 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Softland

[2010.09.15 00:20:28 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Sony

[2011.03.03 18:37:15 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Sony Creative Software

[2011.03.30 23:31:21 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2011.04.06 11:44:20 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\TeamViewer

[2010.10.26 17:00:04 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Thunderbird

[2011.04.22 00:16:04 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\uTorrent

[2011.01.08 12:36:59 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Youtube Downloader HD

[2011.04.22 19:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At1.job

[2011.04.22 19:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At2.job

[2011.04.24 13:09:00 | 000,000,308 | -HS- | M] () -- C:\Windows\Tasks\BJJJ.job

[2011.02.08 14:44:45 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2011.02.13 21:44:40 | 000,000,286 | ---- | M] () -- C:\FLVDirect.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %appdata% *.exe /s >

< MD5 for: AGP440.SYS >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ALG.EXE >

[2009.07.14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- C:\Windows\System32\alg.exe

[2009.07.14 03:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) MD5=18A54E132947CD98FEA9ACCC57F98F13 -- C:\Windows\winsxs\x86_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_a8bfa843bc721ead\alg.exe

< MD5 for: ATAPI.SYS >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CDROM.SYS >

[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys

[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys

[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CSRSS.EXE >

[2009.07.14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe

[2009.07.14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: FXSSVC.EXE >

[2009.07.14 03:14:20 | 000,522,752 | ---- | M] (Microsoft Corporation) MD5=F7EA23CC5E6BF2181F3F399D54F6EFC1 -- C:\Windows\System32\FXSSVC.exe

[2009.07.14 03:14:20 | 000,522,752 | ---- | M] (Microsoft Corporation) MD5=F7EA23CC5E6BF2181F3F399D54F6EFC1 -- C:\Windows\winsxs\x86_microsoft-windows-fax-service_31bf3856ad364e35_6.1.7600.16385_none_acf9efe0e19d01e2\FXSSVC.exe

< MD5 for: IASTORV.SYS >

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: IESETUP.DLL >

[2009.07.14 03:15:28 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=30AAEBF099DFB1CFAD22BB664E3F0BC5 -- C:\Windows\System32\iesetup.dll

[2009.07.14 03:15:28 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=30AAEBF099DFB1CFAD22BB664E3F0BC5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.7600.16385_none_e061527f36ced75c\iesetup.dll

< MD5 for: INSENG.DLL >

[2009.07.14 03:15:33 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=CEE8E89A211C5765DDFC20BBAACE2D48 -- C:\Windows\System32\inseng.dll

[2009.07.14 03:15:33 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=CEE8E89A211C5765DDFC20BBAACE2D48 -- C:\Windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.7600.16385_none_b3cff901201ddb2c\inseng.dll

< MD5 for: LOCATOR.EXE >

[2009.07.14 03:14:22 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=94D36C0E44677DD26981D2BFEEF2A29D -- C:\Windows\System32\Locator.exe

[2009.07.14 03:14:22 | 000,009,216 | ---- | M] (Microsoft Corporation) MD5=94D36C0E44677DD26981D2BFEEF2A29D -- C:\Windows\winsxs\x86_microsoft-windows-rpc-locator_31bf3856ad364e35_6.1.7600.16385_none_cf0ae9504deb8ab1\Locator.exe

< MD5 for: LSASS.EXE >

[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe

[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe

[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe

[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: MSDTC.EXE >

[2009.07.14 03:14:25 | 000,134,144 | ---- | M] (Microsoft Corporation) MD5=E1BCE74A3BD9902B72599C0192A07E27 -- C:\Windows\System32\msdtc.exe

[2009.07.14 03:14:25 | 000,134,144 | ---- | M] (Microsoft Corporation) MD5=E1BCE74A3BD9902B72599C0192A07E27 -- C:\Windows\winsxs\x86_microsoft-windows-com-dtc-runtime_31bf3856ad364e35_6.1.7600.16385_none_19295908c15690f3\msdtc.exe

< MD5 for: MSHTML.DLL >

[2010.06.30 08:15:45 | 005,972,992 | ---- | M] (Microsoft Corporation) MD5=25C1646ADC24C371B594544C3D530967 -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20745_none_2e889224137c3085\mshtml.dll

[2009.07.14 03:15:44 | 005,957,632 | ---- | M] (Microsoft Corporation) MD5=43592D31AFF84DD957199248898D9430 -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16385_none_2dd3aff6fa7f090a\mshtml.dll

[2010.09.08 06:31:38 | 005,977,088 | ---- | M] (Microsoft Corporation) MD5=4F3DEEE94B0F650862F7AB7ABBE40CA1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20795_none_2e52828813a4bc3a\mshtml.dll

[2010.11.04 07:52:43 | 005,979,136 | ---- | M] (Microsoft Corporation) MD5=61854D1111E33A09603452B32A84B5F0 -- C:\Windows\SoftwareDistribution\Download\86a716cbcc0c20c0f0e2c15c920b45e9\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20831_none_2e8f62ce1377ac5f\mshtml.dll

[2009.12.19 11:02:42 | 005,961,728 | ---- | M] (Microsoft Corporation) MD5=6EE36579E69E37D2AB2926A40B16DBB3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16490_none_2dc3e07efa8ba36f\mshtml.dll

[2010.11.04 07:49:17 | 005,978,112 | ---- | M] (Microsoft Corporation) MD5=9145EF1A437A3FCA06069FC649E16E32 -- C:\Windows\SoftwareDistribution\Download\86a716cbcc0c20c0f0e2c15c920b45e9\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16700_none_2e25357cfa429f6b\mshtml.dll

[2009.12.19 11:10:22 | 005,962,240 | ---- | M] (Microsoft Corporation) MD5=96990605689B601287D4A83DD2B05F0B -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20600_none_2eaece7c136044e7\mshtml.dll

[2010.09.08 06:28:44 | 005,977,600 | ---- | M] (Microsoft Corporation) MD5=BAF92C3C3D5A0958817B661439A81FD9 -- C:\Windows\System32\mshtml.dll

[2010.09.08 06:28:44 | 005,977,600 | ---- | M] (Microsoft Corporation) MD5=BAF92C3C3D5A0958817B661439A81FD9 -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16671_none_2dda846cfa7a7f32\mshtml.dll

[2010.06.30 08:22:34 | 005,971,456 | ---- | M] (Microsoft Corporation) MD5=BDFD710842C8A25DD27254D91DE60AC6 -- C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16625_none_2e149530fa4e58d9\mshtml.dll

< MD5 for: NDIS.SYS >

[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys

[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: PNGFILT.DLL >

[2009.07.14 03:16:12 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=EED5AE4EF38893DD1743A95760C98704 -- C:\Windows\System32\pngfilt.dll

[2009.07.14 03:16:12 | 000,046,592 | ---- | M] (Microsoft Corporation) MD5=EED5AE4EF38893DD1743A95760C98704 -- C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.7600.16385_none_08570c83ebbf01dd\pngfilt.dll

< MD5 for: SCECLI.DLL >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SNMPTRAP.EXE >

[2009.07.14 03:14:39 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=6A984831644ECA1A33FFEAE4126F4F37 -- C:\Windows\System32\snmptrap.exe

[2009.07.14 03:14:39 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=6A984831644ECA1A33FFEAE4126F4F37 -- C:\Windows\winsxs\x86_microsoft-windows-snmp-trap-service_31bf3856ad364e35_6.1.7600.16385_none_cf615500a0bb6ff9\snmptrap.exe

< MD5 for: SPOOLSV.EXE >

[2010.08.20 06:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe

[2009.07.14 03:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe

[2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\System32\spoolsv.exe

[2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe

< MD5 for: SPPSVC.EXE >

[2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) MD5=4C287F9069FEDBD791178876EE9DE536 -- C:\Windows\System32\sppsvc.exe

[2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) MD5=4C287F9069FEDBD791178876EE9DE536 -- C:\Windows\winsxs\x86_microsoft-windows-security-spp_31bf3856ad364e35_6.1.7600.16385_none_1a37ad9b82468857\sppsvc.exe

< MD5 for: TCPIP.SYS >

[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys

[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys

[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys

[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: UI0DETECT.EXE >

[2009.07.14 03:14:43 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=8344FD4FCE927880AA1AA7681D4927E5 -- C:\Windows\System32\UI0Detect.exe

[2009.07.14 03:14:43 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=8344FD4FCE927880AA1AA7681D4927E5 -- C:\Windows\winsxs\x86_microsoft-windows-session0viewer_31bf3856ad364e35_6.1.7600.16385_none_e1bd3e25a80193e3\UI0Detect.exe

< MD5 for: USERINIT.EXE >

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: VDS.EXE >

[2009.07.14 03:14:43 | 000,452,608 | ---- | M] (Microsoft Corporation) MD5=8C4E7C49D3641BC9E299E466A7F8867D -- C:\Windows\System32\vds.exe

[2009.07.14 03:14:43 | 000,452,608 | ---- | M] (Microsoft Corporation) MD5=8C4E7C49D3641BC9E299E466A7F8867D -- C:\Windows\winsxs\x86_microsoft-windows-virtualdiskservice_31bf3856ad364e35_6.1.7600.16385_none_6ac128c35c0231aa\vds.exe

< MD5 for: VSSVC.EXE >

[2009.07.14 03:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) MD5=7EA2BCD94D9CFAF4C556F5CC94532A6C -- C:\Windows\System32\VSSVC.exe

[2009.07.14 03:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) MD5=7EA2BCD94D9CFAF4C556F5CC94532A6C -- C:\Windows\winsxs\x86_microsoft-windows-vssservice_31bf3856ad364e35_6.1.7600.16385_none_5aa3249a792b0938\VSSVC.exe

< MD5 for: WATADMINSVC.EXE >

[2010.09.27 23:08:49 | 001,343,400 | ---- | M] () MD5=3685705F252687B9095D3D08F170C6CC -- C:\Windows\System32\Wat\WatAdminSvc.exe

[2010.01.28 04:11:36 | 001,343,400 | ---- | M] () MD5=3685705F252687B9095D3D08F170C6CC -- C:\Windows\winsxs\x86_microsoft-windows-s..ivationtechnologies_31bf3856ad364e35_7.1.7600.16395_none_2dac82dbc20710f5\WatAdminSvc.exe

< MD5 for: WBENGINE.EXE >

[2009.07.14 03:14:44 | 001,202,688 | ---- | M] (Microsoft Corporation) MD5=7790B77FE1E5EE47DCC66247095BB4C9 -- C:\Windows\System32\wbengine.exe

[2009.07.14 03:14:44 | 001,202,688 | ---- | M] (Microsoft Corporation) MD5=7790B77FE1E5EE47DCC66247095BB4C9 -- C:\Windows\winsxs\x86_microsoft-windows-blb-engine-main_31bf3856ad364e35_6.1.7600.16385_none_e3b84c1b61137e4a\wbengine.exe

< MD5 for: WEBCHECK.DLL >

[2009.07.14 03:16:18 | 000,229,376 | ---- | M] (Microsoft Corporation) MD5=177DF28315BF4300ECB5CBEEEE961292 -- C:\Windows\System32\webcheck.dll

[2009.07.14 03:16:18 | 000,229,376 | ---- | M] (Microsoft Corporation) MD5=177DF28315BF4300ECB5CBEEEE961292 -- C:\Windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.7600.16385_none_7bbc80532a0f1e83\webcheck.dll

< MD5 for: WININIT.EXE >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WMIAPSRV.EXE >

[2009.07.14 03:14:46 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=6EB6B66517B048D87DC1856DDF1F4C3F -- C:\Windows\System32\wbem\WmiApSrv.exe

[2009.07.14 03:14:46 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=6EB6B66517B048D87DC1856DDF1F4C3F -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.1.7600.16385_none_b92a593880ec3564\WmiApSrv.exe

< MD5 for: WMPNETWK.EXE >

[2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) MD5=77FBD400984CF72BA0FC4B3489D65F74 -- C:\Program Files\Windows Media Player\wmpnetwk.exe

[2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) MD5=77FBD400984CF72BA0FC4B3489D65F74 -- C:\Windows\winsxs\x86_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7600.16385_none_035d21f62fe736df\wmpnetwk.exe

< %systemroot%\*. /mp /s >

< End of report >

Steven_CH · le 24 avril 2011

OTL Extras logfile created on: 24.04.2011 13:13:07 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Steph\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 0000100c | Country: Suisse | Language: FRS | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free

5.00 Gb Paging File | 4.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): [binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 29.72 Gb Total Space | 6.61 Gb Free Space | 22.24% Space Free | Partition Type: NTFS

Drive E: | 2.93 Gb Total Space | 0.38 Gb Free Space | 13.13% Space Free | Partition Type: NTFS

Drive F: | 928.58 Gb Total Space | 11.07 Gb Free Space | 1.19% Space Free | Partition Type: NTFS

Drive G: | 955.47 Mb Total Space | 753.61 Mb Free Space | 78.87% Space Free | Partition Type: FAT32

Computer Name: ASROCK | User Name: Steph | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4098055962-2749868280-2150505687-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)

"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension

"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}" = Sony Noise Reduction Plug-In 2.0h

"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data

"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA

"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime

"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3514CD14-6F9C-39C9-94F5-6644CAD122CF}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - FRA

"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4BF5A325-DEB6-4F24-BF52-E4BF76329E56}" = Yooda Match Density

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4D9F6AAE-CDA4-44B6-AC20-E59B3E8CB108}" = RealWorld Icon Editor

"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photorécit 3 pour Windows

"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect

"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Pilote vidéo Pinnacle

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pilote vidéo Pinnacle

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{70217FBC-0A7F-4FCE-819E-F17D265A2099}" = Microsoft Visual Round Trip Analyzer v3.0.0253.1024

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{8A8F0E9B-4FC9-3C40-9AFB-9AEEFE81D6A7}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - FRA

"{8BAC9DAB-9118-4D13-8CF4-78812CC4755C}" = ACID Pro 7.0

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR

"{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010

"{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010

"{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010

"{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010

"{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010

"{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010

"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010

"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010

"{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010

"{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010

"{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010

"{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010

"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003

"{90849E84-F026-4638-A184-E6FCFD472C34}" = Brother P-touch Software

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{96FE1BDC-6A66-470B-86A9-75A2966C92BF}" = TitleExtreme

"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14

"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.3 - Français

"{B3783869-5D14-4838-A042-910DF816D070}" = Xara3D6

"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5

"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English

"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM

"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0

"{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0

"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED21ABB5-7296-4F23-A0D4-F65BEC76882D}" = Visual Basic for Applications ® Core - French

"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)

"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIM_7" = AIM 7

"Akamai" = Akamai NetSession Interface

"Avira AntiVir Desktop" = Avira AntiVir Premium

"CCleaner" = CCleaner

"CFWebAdvancedU" = CamfrogWEB Advanced ActiveX Plugin (remove only)

"doPDF 7 printer_is1" = doPDF 7.1 printer

"FileZilla Client" = FileZilla Client 3.4.0

"Folder Marker_is1" = Folder Marker Pro v 3.0

"GIF Movie Gear_is1" = GIF Movie Gear 4.2.3

"Google Earth Pro 4.2" = Google Earth Pro 4.2

"InfraRecorder" = InfraRecorder

"InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0

"LinkedIn Outlook Connector" = LinkedIn Outlook Connector

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaNavigation.CDLabelPrint" = CD-LabelPrint

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"mmfsetup_is1" = MixMeister Fusion 7.3.5

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"Office14.PROPLUSR" = Microsoft Office Professionnel Plus 2010

"proDAD-Mercalli-1.0" = proDAD Mercalli 1.0

"Q-Dir" = Q-Dir

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"stax-Pinnacle_is1" = SureThing Express Labeler

"TaskAngel" = MyPocketSoft TaskAngel 1.7

"TeamViewer 6" = TeamViewer 6

"T-RackS 24" = T-RackS 24

"Usbfix" = UsbFix By TeamXscript

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.1.5

"WinISO_is1" = WinISO 5.3

"WinLiveSuite" = Windows Live

"WinRAR archiver" = WinRAR archiver

"Xilisoft MP4 Converter" = Xilisoft MP4 Converter

"Yooda seeUrank" = Yooda seeUrank

"Yooda Submit" = Yooda Submit

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

pear · le 24 avril 2011

Avant d'aller plus loin, faites cette vérification, svp:

Poste de travail->Outils ->Options des dossiers ->Affichage

Cocher "Afficher les dossiers cachés"

Décocher" Masquer les extension des fichiers dont le type est connu "ainsi que "Masquer les fichiers protégés du système d exploitation"

--> un message dit que cela peut endommager le système, ne pas en tenir compte, valider par oui.

Rendez vous à cette adresse:

Cliquez sur parcourir pour trouver ces fichiers

C:\PhysicalMBR.bin

C:\Windows\System32\Wat\WatAdminSvc.exe

et cliquez sur "envoyer le fichier"

Copiez /collez la réponse dans votre prochain message.

Note: il peut arriver que le fichier ait déjà été analysé. Si c'est le cas, cliquez sur le bouton Reanalyse file now

Relancez Otl:

Sous Custom scan Files ou Personnalisation

Copiez Collez

:OTL