Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Trojan Bundespolizei – f0ele


f0ele
 Share

Messages recommandés

Bonjour a tous,

 

J'ai moi aussi attrapper ce virus, je ne sais vraiment plus quoi faire, mon ordinateur ne veut plus demarrer, voici le rapport apres une analyse OTLPE

 

OTL logfile created on: 12/19/2011 6:28:33 PM - Run

OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 24.42 Gb Total Space | 2.97 Gb Free Space | 12.17% Space Free | Partition Type: NTFS

Drive D: | 50.11 Gb Total Space | 2.42 Gb Free Space | 4.84% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet003

 

========== Win32 Services (SafeList) ==========

 

SRV - [2011/12/15 11:09:06 | 000,056,320 | -H-- | M] () [Auto] -- C:\WINNT\system32\41759070AD310639DBA0.sys -- (MSUNatService)

SRV - [2011/06/08 06:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2011/03/30 08:31:44 | 000,507,904 | ---- | M] (Siemens IT Solutions and Services GmbH) [Auto] -- C:\WINNT\CATPC\mosaic\MBEService\MBESrvS.exe -- (MBEService)

SRV - [2011/03/10 17:32:22 | 000,632,176 | ---- | M] (Juniper Networks) [Auto] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)

SRV - [2010/10/14 11:40:16 | 001,349,920 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\OfficeScan NT\tmlisten.exe -- (tmlisten)

SRV - [2010/10/14 11:30:20 | 001,418,672 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\OfficeScan NT\ntrtscan.exe -- (ntrtscan)

SRV - [2010/07/23 09:34:26 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2010/01/07 05:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\OfficeScan NT\TmProxy.exe -- (TmProxy)

SRV - [2008/07/02 07:25:52 | 000,607,744 | ---- | M] (Siemens AG) [Auto] -- C:\WINNT\CATPC\CATSYS\CatSystemSvc.exe -- (CatSystemSvc)

SRV - [2008/01/08 17:00:00 | 000,057,344 | ---- | M] (O2Micro International) [Auto] -- C:\WINNT\system32\o2flash.exe -- (O2Flash)

SRV - [2007/12/18 10:57:34 | 000,416,864 | ---- | M] (Fiberlink Communications Corp.) [Auto] -- C:\Program Files\SFR Global Access\SFR Global Access\ServiceMgr.exe -- (ServiceMgr)

SRV - [2007/12/18 10:57:32 | 000,105,568 | ---- | M] (Fiberlink Communications Corp.) [Auto] -- C:\Program Files\SFR Global Access\SFR Global Access\FLUtilsSvc.exe -- (FLUtilsSvc)

SRV - [2007/12/18 04:48:40 | 000,196,704 | ---- | M] (OptionNV) [Auto] -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc)

SRV - [2007/02/25 15:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)

SRV - [2006/10/12 13:30:46 | 002,138,112 | ---- | M] (BigFix Inc.) [Auto] -- C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe -- (BESClient)

SRV - [2006/02/08 20:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\CCM\CcmExec.exe -- (CcmExec)

SRV - [2006/02/08 20:50:00 | 000,248,544 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINNT\system32\CCM\clicomp\RemCtrl\Wuser32.exe -- (Wuser32)

SRV - [2004/09/10 01:32:48 | 000,053,248 | ---- | M] (Brother Industries, Ltd.) [Auto] -- C:\WINNT\System32\BrmfBAgS.exe -- (brmfbags)

SRV - [2004/04/17 23:11:14 | 000,036,864 | ---- | M] () [Auto] -- C:\Program Files\BackupPC\cygrunsrv.exe -- (BackupPC)

SRV - [2002/06/20 12:52:30 | 000,065,536 | ---- | M] () [Auto] -- C:\Program Files\Siemens\CAT Bulletin Board\CBBS.exe -- (CBBS)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand] -- -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

DRV - File not found [Kernel | System] -- -- (PCIDump)

DRV - File not found [Kernel | On_Demand] -- -- (Netaapl)

DRV - File not found [Kernel | On_Demand] -- -- (MBX2MIDK)

DRV - File not found [Kernel | On_Demand] -- -- (MBX2DFU)

DRV - File not found [Kernel | System] -- -- (lbrtfdc)

DRV - File not found [Kernel | System] -- -- (i2omgmt)

DRV - File not found [Kernel | System] -- -- (Changer)

DRV - [2011/08/07 02:40:40 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINNT\system32\drivers\sptd.sys -- (sptd)

DRV - [2011/07/12 04:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\OfficeScan NT\TmXpflt.sys -- (TmFilter)

DRV - [2011/07/12 04:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\OfficeScan NT\TmPreflt.sys -- (TmPreFilter)

DRV - [2011/07/12 04:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\OfficeScan NT\vsapiNT.sys -- (VSApiNt)

DRV - [2011/05/18 03:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2011/05/18 03:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2011/05/18 03:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2011/05/18 03:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010/11/08 13:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\WINNT\system32\drivers\tmtdi.sys -- (tmtdi)

DRV - [2010/08/27 09:39:05 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\VMM.sys -- (vmm)

DRV - [2010/07/23 09:25:46 | 000,062,032 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\tmactmon.sys -- (tmactmon)

DRV - [2010/07/23 09:25:38 | 000,052,304 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV - [2010/07/23 09:25:30 | 000,163,920 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\tmcomm.sys -- (tmcomm)

DRV - [2010/02/24 05:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINNT\system32\drivers\acedrv11.sys -- (acedrv11)

DRV - [2010/02/18 19:07:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)

DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\tcpip6.sys -- (tcpip6)

DRV - [2010/01/26 21:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\npf.sys -- (npf)

DRV - [2009/08/03 07:06:52 | 000,129,176 | ---- | M] (Alesis) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\AlesisFirewire.sys -- (AlesisFirewire)

DRV - [2009/08/03 07:06:52 | 000,030,872 | ---- | M] (Alesis) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\AlesisFirewireMidi.sys -- (AlesisFirewireMidi)

DRV - [2009/08/03 07:06:52 | 000,028,184 | ---- | M] (Alesis) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\AlesisFirewireAudio.sys -- (AlesisFirewireAudio)

DRV - [2008/12/03 21:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto] -- C:\WINNT\system32\drivers\diginet.sys -- (DigiNet)

DRV - [2008/09/19 03:04:00 | 000,290,432 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\yk51x86.sys -- (yukonwxp)

DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008/04/13 22:51:44 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\mf.sys -- (mf)

DRV - [2008/01/08 17:00:00 | 000,047,448 | ---- | M] (O2Micro ) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\o2media.sys -- (O2MDRDR)

DRV - [2007/12/18 10:28:24 | 000,032,160 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand] -- C:\Program Files\SFR Global Access\SFR Global Access\FIBWLANAPI5.sys -- (FIBWLANAPI5)

DRV - [2007/06/21 06:58:32 | 000,547,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ar5211.sys -- (AR5211)

DRV - [2007/06/11 08:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosrfusb.sys -- (tosrfusb)

DRV - [2007/05/24 08:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\tosrfcom.sys -- (Tosrfcom)

DRV - [2007/05/21 17:00:00 | 000,095,616 | ---- | M] (O2Micro) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ozscr.sys -- (O2SCBUS)

DRV - [2007/04/24 08:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosrfbd.sys -- (tosrfbd)

DRV - [2007/04/16 22:25:12 | 000,035,328 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\gtf32bus.sys -- (GTF32BUS)

DRV - [2007/04/16 22:25:12 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\gtptser.sys -- (GTPTSER)

DRV - [2007/03/11 20:32:40 | 004,486,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/03/01 11:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\Tosrfhid.sys -- (Tosrfhid)

DRV - [2007/01/28 23:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\VMNetSrv.sys -- (VPCNetS2)

DRV - [2007/01/22 04:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\TosRfSnd.sys -- (TosRfSnd)

DRV - [2006/11/20 11:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosrfbnp.sys -- (tosrfbnp)

DRV - [2006/10/10 13:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosporte.sys -- (tosporte)

DRV - [2006/09/28 09:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\pnetmdm.sys -- (pnetmdm)

DRV - [2006/06/28 21:13:08 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/02/08 20:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\CCM\PrepDrv.sys -- (prepdrvr)

DRV - [2006/02/08 20:50:00 | 000,011,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\kbstuff5.sys -- (kbstuff)

DRV - [2006/02/08 20:50:00 | 000,008,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\idisw2km.sys -- (idisw2km)

DRV - [2005/11/01 14:06:36 | 000,021,120 | ---- | M] (FUJITSU LIMITED) [Kernel | Auto] -- C:\Program Files\Fujitsu\BtnHnd\BtnHnd.sys -- (BtnHnd)

DRV - [2005/09/27 01:00:02 | 000,069,920 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINNT\System32\drivers\TPkd.sys -- (TPkd)

DRV - [2005/09/23 00:48:44 | 000,028,544 | ---- | M] (O2Micro ) [Kernel | Boot] -- C:\WINNT\system32\drivers\o2sd.sys -- (O2SDRDR)

DRV - [2005/06/06 17:35:38 | 000,035,968 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ifxtpm.sys -- (IFXTPM)

DRV - [2005/03/31 22:41:26 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2005/01/06 23:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\tosrfnds.sys -- (tosrfnds)

DRV - [2004/01/16 21:15:20 | 000,004,864 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\fuj02e3.sys -- (FUJ02E3)

DRV - [2001/08/17 07:12:24 | 000,003,168 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\BrParImg.sys -- (brparimg)

DRV - [2001/08/17 07:12:18 | 000,039,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\BrParwdm.sys -- (BrParWdm)

DRV - [2001/08/17 07:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\BrFilt.sys -- (brfilt)

DRV - [2001/08/17 07:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\smcirda.sys -- (SMCIRDA)

DRV - [2001/08/17 06:46:40 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\enum1394.sys -- (ENUM1394)

DRV - [2001/08/01 15:00:22 | 000,005,248 | ---- | M] (FUJITSU LIMITED) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\fuj02b1.sys -- (FUJ02B1)

DRV - [2000/02/22 09:46:40 | 000,009,152 | ---- | M] () [Kernel | Auto] -- C:\WINNT\System32\drivers\Ticalc.sys -- (TICalc)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = https://portal.siemens.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61111

 

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

 

IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.siemens.fr

IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm

IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet.siemens.fr

IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France

IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr

IE - HKU\fr025451_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 30 69 4D EC 79 CC 01 [binary data]

IE - HKU\fr025451_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\fr025451_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\fr025451_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.123.2:81

IE - HKU\fr025451_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxyconf-uba.siemens.net/

 

 

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=<proxyserver>:<Port>;https=<proxyserver>:<Port>;ftp=<proxyserver>:<Port>;gopher=localhost:1;socks=<proxyserver>:<Port>

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.fr001.siemens.net/pacfiles/proxy.pac

 

 

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1

FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2

FF - prefs.js..extensions.enabledItems: [email protected]:2.8.0.0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINNT\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/10/25 12:31:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/10/25 12:31:16 | 000,000,000 | ---D | M]

 

[2011/10/27 09:01:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fr025451\Application Data\Mozilla\Extensions

[2009/12/08 15:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\fr025451\Application Data\Mozilla\Extensions\[email protected]

[2011/10/27 09:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/07/06 07:21:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011/11/27 12:13:57 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]

[2011/07/06 07:21:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

 

O1 HOSTS File: ([2011/12/16 14:03:32 | 000,000,834 | ---- | M]) - C:\WINNT\system32\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 139.10.13.45 user.sbs.fr

O1 - Hosts: 139.16.69.65 CHLGSAS1

O1 - Hosts: 139.16.69.67 NGAS2

O1 - Hosts: 74.208.105.171 gs.apple.com

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (wiseHelper Class) - {9BF12F0E-67C3-41db-A597-8AEA428FEAC0} - File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Alcmtr] C:\WINNT\ALCMTR.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [backupdir] C:\Program Files\BackupPC\backupdir.exe ()

O4 - HKLM..\Run: [backuppc_notif] C:\Program Files\BackupPC\BPNotification.exe (Siemens Business Services)

O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [DirXconnect settings] C:\Program Files\Siemens\DIRXDISCOVER\dxdSetup.exe (Siemens AG)

O4 - HKLM..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [LtMoh] File not found

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)

O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)

O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\OfficeScan NT\pccntmon.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [PSUtility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [sIECAST] C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens AG)

O4 - HKLM..\Run: [sSRPM Enrollment Wizard] C:\Program Files\Tools4ever\SSRPM\Enrollment Wizard\SSRPMEnroll.exe (Tools4ever)

O4 - HKLM..\Run: [sSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [TvOutSwitch] C:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [uSM] C:\Program Files\Siemens\USM\USM.exe (Siemens AG)

O4 - HKLM..\Run: [WDF_Mon] C:\Program Files\Windows Desktop Firewall Monitor\WDFMON.EXE (Siemens IT Solutions and Services)

O4 - HKU\fr025451_ON_C..\Run: [] File not found

O4 - HKU\fr025451_ON_C..\Run: [chromium] File not found

O4 - HKU\fr025451_ON_C..\Run: [MsnMsgr] File not found

O4 - HKU\fr025451_ON_C..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - HKU\.DEFAULT..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)

O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)

O4 - HKU\Inst2000_MED_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

O4 - Startup: C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\La Chaîne Météo.lnk = C:\Program Files\La Chaîne Météo\La Chaîne Météo.exe ()

O4 - Startup: C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for iPhone\PdaNetPC.exe ()

O4 - Startup: C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\Thoosje Sidebar.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\MAIN present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\New Windows present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: nointernetopenwith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 1800

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0

O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\fr025451_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\fr025451_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\fr025451_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\fr025451_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowCpl = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: GreyMSIAds = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartRunNoHOMEPATH = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 1 = access.cpl (Microsoft Corporation)

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 2 = Administrative Tools

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 3 = fax.cpl

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 4 = Fonts

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 5 = hdwwiz.cpl (Microsoft Corporation)

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 6 = inetcpl.cpl (Microsoft Corporation)

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 7 = irprops.cpl (Microsoft Corporation)

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 8 = joy.cpl (Microsoft Corporation)

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 9 = Network and Dial-up Connections

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 10 = nusrmgr.cpl (Microsoft Corporation)

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 11 = nwc.cpl (Microsoft Corporation)

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 12 = Scheduled Tasks

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 13 = sticpl.cpl

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl: 14 = telephon.cpl (Microsoft Corporation)

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConnectHomeDirToRoot = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0

O7 - HKU\fr025451_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0

O7 - HKU\Inst2000_MED_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Inst2000_MED_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\Inst2000_MED_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\Inst2000_MED_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\Inst2000_MED_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Persistence present

O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra Button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - Reg Error: Key error. File not found

O9 - Extra 'Tools' menuitem : Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - Reg Error: Key error. File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: gouv.fr ([*.impots] * in Local intranet)

O15 - HKLM\..Trusted Domains: gouv.fr ([*.ir.dgi.minefi] * in Local intranet)

O15 - HKLM\..Trusted Domains: gouv.fr ([tva.dgi.minefi] * in Local intranet)

O15 - HKLM\..Trusted Domains: infineon.com ([*.extra-eu] * in Local intranet)

O15 - HKLM\..Trusted Domains: nokiasiemensnetworks.be ([intranet] https in Sites de confiance)

O15 - HKLM\..Trusted Domains: sbs.fr ([*.par] * in Sites de confiance)

O15 - HKLM\..Trusted Domains: sbs.fr ([its.par] * in Sites de confiance)

O15 - HKLM\..Trusted Domains: sbs.fr ([sdso158a.par] * in Sites de confiance)

O15 - HKLM\..Trusted Domains: siemens.com ([*.automation] * in Sites de confiance)

O15 - HKLM\..Trusted Domains: siemens.fr ([*.mti] * in Sites de confiance)

O15 - HKLM\..Trusted Domains: siemens.fr ([*.par] * in Sites de confiance)

O15 - HKLM\..Trusted Domains: siemens.fr ([sdso158a.par] * in Sites de confiance)

O15 - HKU\.DEFAULT\..Trusted Domains: gouv.fr ([*.impots] * in Local intranet)

O15 - HKU\.DEFAULT\..Trusted Domains: gouv.fr ([*.ir.dgi.minefi] * in Local intranet)

O15 - HKU\.DEFAULT\..Trusted Domains: gouv.fr ([tva.dgi.minefi] * in Local intranet)

O15 - HKU\.DEFAULT\..Trusted Domains: infineon.com ([*.extra-eu] * in Local intranet)

O15 - HKU\.DEFAULT\..Trusted Domains: nokiasiemensnetworks.be ([intranet] https in Sites de confiance)

O15 - HKU\.DEFAULT\..Trusted Domains: sbs.fr ([*.par] * in Sites de confiance)

O15 - HKU\.DEFAULT\..Trusted Domains: sbs.fr ([its.par] * in Sites de confiance)

O15 - HKU\.DEFAULT\..Trusted Domains: sbs.fr ([sdso158a.par] * in Sites de confiance)

O15 - HKU\.DEFAULT\..Trusted Domains: siemens.com ([*.automation] * in Sites de confiance)

O15 - HKU\.DEFAULT\..Trusted Domains: siemens.fr ([*.mti] * in Sites de confiance)

O15 - HKU\.DEFAULT\..Trusted Domains: siemens.fr ([*.par] * in Sites de confiance)

O15 - HKU\.DEFAULT\..Trusted Domains: siemens.fr ([sdso158a.par] * in Sites de confiance)

O15 - HKU\fr025451_ON_C\..Trusted Domains: gouv.fr ([*.impots] * in Local intranet)

O15 - HKU\fr025451_ON_C\..Trusted Domains: gouv.fr ([*.ir.dgi.minefi] * in Local intranet)

O15 - HKU\fr025451_ON_C\..Trusted Domains: gouv.fr ([tva.dgi.minefi] * in Local intranet)

O15 - HKU\fr025451_ON_C\..Trusted Domains: infineon.com ([*.extra-eu] * in Local intranet)

O15 - HKU\fr025451_ON_C\..Trusted Domains: nokiasiemensnetworks.be ([intranet] https in Sites de confiance)

O15 - HKU\fr025451_ON_C\..Trusted Domains: sbs.fr ([*.par] * in Sites de confiance)

O15 - HKU\fr025451_ON_C\..Trusted Domains: sbs.fr ([its.par] * in Sites de confiance)

O15 - HKU\fr025451_ON_C\..Trusted Domains: sbs.fr ([sdso158a.par] * in Sites de confiance)

O15 - HKU\fr025451_ON_C\..Trusted Domains: siemens.com ([*.automation] * in Sites de confiance)

O15 - HKU\fr025451_ON_C\..Trusted Domains: siemens.fr ([*.mti] * in Sites de confiance)

O15 - HKU\fr025451_ON_C\..Trusted Domains: siemens.fr ([*.par] * in Sites de confiance)

O15 - HKU\fr025451_ON_C\..Trusted Domains: siemens.fr ([sdso158a.par] * in Sites de confiance)

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://localhost:8080/swservice/plugins/awswaxf.cab (Macromedia Authorware Web Player Control)

O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/fr/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)

O16 - DPF: {7066F4E2-EABF-4F73-90E6-F01D18000F56} http://localhost:8080/swservice/plugins/Annotation.cab (Annotation Control)

O16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} http://localhost:8080/swservice/plugins/tsccinst.cab (TSCCInstall Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {85C86CCC-2158-4123-9C7D-785190CED875} http://www.digitalpublishing.de/launcher/dpLaunchPlugin.cab (dp Launcher Plugin)

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/plugins/MaConfig_5_1_5_0.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-1_4_2_06-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ura.siemens.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr001.siemens.net

O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAPpc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)

O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAPpc\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\System32\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (CatUInit) - C:\WINNT\System32\CatUInit.exe (Siemens AG)

O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\41759070AD310639DBA0.exe) - C:\WINNT\system32\41759070AD310639DBA0.exe ()

O20 - HKLM Winlogon: GinaDLL - (SSRPMGINA.dll) - C:\WINNT\System32\SSRPMGINA.dll (Tools4ever)

O20 - Winlogon\Notify\FLWLEvents: DllName - C:\Program Files\SFR Global Access\SFR Global Access\FiberlinkNetProv.dll - C:\Program Files\SFR Global Access\SFR Global Access\FiberlinkNetProv.dll (Fiberlink Communications Corp.)

O20 - Winlogon\Notify\PSUTY: DllName - PSUWNP.dll - C:\WINNT\System32\PSUWNP.dll (FUJITSU LIMITED)

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found

O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found

O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/10/30 06:26:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: SSHNAS - File not found

 

 

 

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {0E9A3196-39EA-409D-8EB4-20D7FABC191A} - Microsoft .NET Framework 1.0 Hotfix (KB928367)

ActiveX: {0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} - Microsoft Office Communicator 2007 R2

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {14303301-758B-402B-9A0D-2C6A591680DB} - Microsoft .NET Framework 1.0 Service Pack 3 (KB867461)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {78705f0d-e8db-4b2d-8193-982bdda15ecd} - .NET Framework

ActiveX: {81B52903-4C11-11D6-B6E1-00B0D049139F} - Microsoft .NET Framework 1.0 Service Pack 2 (KB867461)

ActiveX: {871F8A30-15A2-11D6-8711-0002B3281F8B} - Microsoft .NET Framework 1.0 Service Pack 1 (KB867461)

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINNT\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F196AC50-7C95-42E1-9947-BDAB18BF3C8C} - .NET Framework

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINNT\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINNT\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINNT\system32\rundll32.exe" "C:\WINNT\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: Microsoft Base Smart Card Crypto Provider Package -

 

Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - ir32_32.dll File not found

Drivers32: vidc.iv32 - ir32_32.dll File not found

Drivers32: vidc.iv41 - ir41_32.ax File not found

Drivers32: vidc.iv50 - ir50_32.dll File not found

Drivers32: vidc.tscc - C:\WINNT\System32\tsccvid.dll (TechSmith Corporation)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/12/19 11:43:41 | 001,036,288 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\explorer.exe

[2011/12/19 11:42:37 | 001,036,288 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\explorer.exe

[2011/12/19 05:56:38 | 000,000,000 | ---D | C] -- C:\WINNT\LastGood

[2011/12/19 02:40:22 | 000,000,000 | ---D | C] -- C:\1d3277359ecc08439e9e6c6b2643

[2011/12/18 22:31:12 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/12/18 22:20:43 | 026,705,144 | ---- | C] (Emsi Software GmbH ) -- C:\EmsisoftAntiMalwareSetup.exe

[2011/12/18 22:17:28 | 000,000,000 | ---D | C] -- C:\ZHPDiag

[2011/12/18 21:36:55 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware

[2011/12/18 21:27:12 | 001,036,288 | ---- | C] (Microsoft Corporation) -- C:\explorer.exe

[2011/12/18 17:01:41 | 000,000,000 | -HSD | C] -- C:\found.000

[2011/12/18 13:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\~Backup

[2011/12/16 17:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/12/16 17:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/12/16 17:15:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/12/16 11:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Mariage Pierre Yves

[2011/12/15 15:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\BSP 200.2

[2011/12/15 15:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Documents Siemens

[2011/12/12 11:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Tatouage

[2011/12/12 03:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Application Data\VDownloader

[2011/12/12 03:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Local Settings\Application Data\VDownloader

[2011/12/12 03:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap

[2011/12/12 03:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VDownloader

[2011/12/12 03:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\VDownloader

[2011/12/12 03:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Xi

[2011/12/11 09:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Maison Roquefort la Bedoule

[2011/12/09 17:50:36 | 000,000,000 | ---D | C] -- C:\Program Files\Safari

[2011/12/09 17:25:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2011/12/09 17:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011/12/09 11:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

[2011/12/09 11:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2011/12/09 07:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN

[2011/12/08 04:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Application Data\com.adobe.example.widget.F826D533138FC008516DC0DE4625BA08DCDBC443.1

[2011/12/08 04:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\La Chaîne Météo

[2011/12/08 04:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2011/12/08 03:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Local Settings\Application Data\Stardock

[2011/12/08 03:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Thoosje Vista Sidebar

[2011/12/06 07:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Idées de terrasse

[2011/12/06 03:27:03 | 000,000,000 | ---D | C] -- C:\CB-DOC

[2011/12/06 03:26:54 | 000,000,000 | ---D | C] -- C:\WINNT\A6W_DATA

[2011/12/05 16:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Local Settings\Application Data\Google

[2011/12/05 06:11:13 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaws.exe

[2011/12/05 06:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\javaw.exe

[2011/12/05 06:11:13 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINNT\System32\java.exe

[2011/11/27 12:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\TomTom International B.V

[2011/11/24 14:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fr025451\Desktop\Photos pour retirages gratuit

[2009/10/30 07:48:10 | 003,125,248 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll

[2009/10/30 07:48:09 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll

[2009/10/30 07:48:09 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll

[2009/10/30 07:48:08 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx

[2008/04/13 17:30:00 | 000,554,008 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao360.dll

[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/12/19 05:55:43 | 000,000,002 | -HS- | M] () -- C:\Documents and Settings\fr025451\RECYCLER

[2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

[2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2011/12/19 05:55:10 | 000,000,248 | -H-- | M] () -- C:\WINNT\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

[2011/12/19 05:54:00 | 000,000,509 | ---- | M] () -- C:\WINNT\SMSCFG.ini

[2011/12/19 05:53:11 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat

[2011/12/19 05:53:09 | 2135,756,800 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/18 22:20:43 | 026,705,144 | ---- | M] (Emsi Software GmbH ) -- C:\EmsisoftAntiMalwareSetup.exe

[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\explorer.exe

[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\explorer.exe

[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\explorer.exe

[2011/12/16 17:17:16 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/12/16 17:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes

[2011/12/16 17:04:03 | 000,000,284 | ---- | M] () -- C:\WINNT\tasks\AppleSoftwareUpdate.job

[2011/12/16 16:05:42 | 000,000,069 | ---- | M] () -- C:\WINNT\NeroDigital.ini

[2011/12/16 16:03:15 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\fr025451\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/16 11:48:24 | 000,030,346 | RHS- | M] () -- C:\Documents and Settings\fr025451\ntuser.pol

[2011/12/16 11:14:00 | 000,016,322 | ---- | M] () -- C:\WINNT\cfgall.ini

[2011/12/16 08:42:22 | 000,057,494 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

[2011/12/16 07:38:16 | 000,000,350 | ---- | M] () -- C:\WINNT\tasks\At1.job

[2011/12/16 01:50:46 | 000,513,246 | ---- | M] () -- C:\WINNT\System32\perfh009.dat

[2011/12/16 01:50:45 | 000,092,106 | ---- | M] () -- C:\WINNT\System32\perfc009.dat

[2011/12/15 11:09:07 | 000,056,320 | -H-- | M] () -- C:\WINNT\System32\41759070AD310639DBA0.exe

[2011/12/15 11:09:06 | 000,056,320 | -H-- | M] () -- C:\WINNT\System32\41759070AD310639DBA0.sys

[2011/12/15 03:32:37 | 000,075,763 | ---- | M] () -- C:\WINNT\Run32S60.mch

[2011/12/15 03:16:16 | 000,000,035 | ---- | M] () -- C:\WINNT\A6W.INI

[2011/12/14 20:54:40 | 000,505,427 | ---- | M] () -- C:\Documents and Settings\fr025451\Desktop\Nouvelle_reglementation2008.pdf

[2011/12/14 13:44:36 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\fr025451\Application Data\Microsoft\Internet Explorer\Quick Launch\Siemens Healthcare SPC (2).lnk

[2011/12/13 04:14:09 | 000,225,302 | ---- | M] () -- C:\Documents and Settings\fr025451\Desktop\__partenaires.ticketnet.fr_recapcommande.pdf

[2011/12/12 14:15:28 | 000,138,464 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/12/12 03:23:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VDownloader

[2011/12/10 03:45:26 | 000,002,206 | ---- | M] () -- C:\WINNT\System32\wpa.dbl

[2011/12/09 17:50:46 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk

[2011/12/09 17:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime

[2011/12/09 11:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight

[2011/12/09 07:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN

[2011/12/09 02:50:54 | 000,000,718 | ---- | M] () -- C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\La Chaîne Météo.lnk

[2011/12/09 02:33:01 | 000,000,526 | ---- | M] () -- C:\WINNT\AWSHKWV.INI

[2011/12/08 04:28:11 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\La Chaîne Météo.lnk

[2011/12/08 03:26:38 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\Thoosje Sidebar.lnk

[2011/12/07 13:33:02 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\fr025451\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Communicator 2007 R2.lnk

[2011/12/07 09:39:01 | 000,244,720 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT

[2011/12/06 13:50:14 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh324

[2011/12/05 08:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF-XChange PDF Viewer

[2011/12/05 02:19:45 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\fr025451\Application Data\Microsoft\Internet Explorer\Quick Launch\Spotify.lnk

[2011/12/02 05:48:25 | 000,000,386 | ---- | M] () -- C:\WINNT\BrmfBidi.ini

[2011/11/24 15:50:24 | 000,002,250 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oceanlog 2.x.lnk

[2011/11/23 19:08:10 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh323

[2011/11/23 19:08:10 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh322

[2011/11/23 19:08:10 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh321

[2011/11/23 19:08:10 | 000,481,078 | ---- | M] () -- C:\WINNT\System32\winsh320

[2 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh324

[2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh323

[2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh322

[2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh321

[2011/12/16 18:30:09 | 000,481,078 | ---- | C] () -- C:\WINNT\System32\winsh320

[2011/12/16 17:17:16 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2011/12/15 11:09:07 | 000,056,320 | -H-- | C] () -- C:\WINNT\System32\41759070AD310639DBA0.exe

[2011/12/15 11:09:06 | 000,056,320 | -H-- | C] () -- C:\WINNT\System32\41759070AD310639DBA0.sys

[2011/12/14 20:54:40 | 000,505,427 | ---- | C] () -- C:\Documents and Settings\fr025451\Desktop\Nouvelle_reglementation2008.pdf

[2011/12/13 04:14:06 | 000,225,302 | ---- | C] () -- C:\Documents and Settings\fr025451\Desktop\__partenaires.ticketnet.fr_recapcommande.pdf

[2011/12/12 03:23:52 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe

[2011/12/09 17:50:46 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk

[2011/12/08 04:29:32 | 000,000,718 | ---- | C] () -- C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\La Chaîne Météo.lnk

[2011/12/08 04:28:11 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\La Chaîne Météo.lnk

[2011/12/08 03:26:38 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\fr025451\Start Menu\Programs\Startup\Thoosje Sidebar.lnk

[2011/12/06 03:30:46 | 000,075,763 | ---- | C] () -- C:\WINNT\Run32S60.mch

[2011/12/06 03:26:54 | 000,000,035 | ---- | C] () -- C:\WINNT\A6W.INI

[2011/12/06 03:26:53 | 000,000,526 | ---- | C] () -- C:\WINNT\AWSHKWV.INI

[2011/12/05 02:19:45 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\Microsoft\Internet Explorer\Quick Launch\Spotify.lnk

[2011/09/28 12:23:51 | 000,221,184 | --S- | C] () -- C:\WINNT\System32\glut32.dll

[2011/05/27 06:00:37 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\$_hpcst$.hpc

[2011/03/04 16:53:10 | 000,000,098 | ---- | C] () -- C:\WINNT\WirelessFTP.INI

[2011/02/12 03:12:36 | 000,000,209 | ---- | C] () -- C:\WINNT\Brpfx04a.ini

[2011/02/12 03:12:36 | 000,000,092 | ---- | C] () -- C:\WINNT\brpcfx.ini

[2011/02/12 03:12:36 | 000,000,052 | ---- | C] () -- C:\WINNT\BRPP2KA.INI

[2011/01/28 17:02:23 | 000,138,464 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/01/02 15:25:37 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\PnkBstrK.sys

[2011/01/02 15:25:33 | 000,103,736 | ---- | C] () -- C:\WINNT\System32\PnkBstrB.exe

[2011/01/02 15:24:10 | 000,066,872 | ---- | C] () -- C:\WINNT\System32\PnkBstrA.exe

[2010/12/23 14:12:06 | 000,005,763 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\5C8E.4C1

[2010/11/29 08:37:31 | 000,000,664 | ---- | C] () -- C:\WINNT\System32\d3d9caps.dat

[2010/11/04 11:45:37 | 000,009,152 | ---- | C] () -- C:\WINNT\System32\drivers\Ticalc.sys

[2010/11/04 11:45:37 | 000,000,711 | ---- | C] () -- C:\WINNT\Wlink89.ini

[2010/08/18 07:54:42 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat

[2010/07/23 03:25:52 | 000,129,423 | ---- | C] () -- C:\WINNT\Install_IE7_CATS_after_reboot.EXE

[2010/07/23 03:15:34 | 000,183,134 | ---- | C] () -- C:\WINNT\refresh_desktop.exe

[2010/06/27 12:38:14 | 000,000,042 | ---- | C] () -- C:\WINNT\ce52e.INI

[2010/05/27 12:13:46 | 000,000,095 | ---- | C] () -- C:\WINNT\p7vrvisx.INI

[2010/05/27 11:42:36 | 000,020,480 | ---- | C] () -- C:\WINNT\CallUninst.exe

[2010/02/15 06:10:55 | 000,035,000 | -H-- | C] () -- C:\WINNT\System32\mlfcache.dat

[2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- C:\WINNT\System32\pthreadVC.dll

[2010/01/15 10:09:36 | 000,000,097 | ---- | C] () -- C:\WINNT\SIM_HM.INI

[2009/12/11 06:44:24 | 000,000,185 | ---- | C] () -- C:\WINNT\aristos.INI

[2009/12/08 03:26:21 | 000,217,088 | ---- | C] () -- C:\WINNT\System32\qtmlClient.dll

[2009/11/25 03:43:18 | 000,002,143 | ---- | C] () -- C:\WINNT\xcs_err.ini

[2009/11/25 03:43:17 | 000,121,920 | R--- | C] () -- C:\WINNT\spc_find.exe

[2009/11/25 03:43:16 | 000,017,343 | ---- | C] () -- C:\WINNT\ACSCOM.DLL

[2009/11/25 03:43:16 | 000,001,221 | ---- | C] () -- C:\WINNT\card_xcs.ini

[2009/11/25 03:43:16 | 000,000,208 | ---- | C] () -- C:\WINNT\fl_co_.ini

[2009/11/25 03:43:16 | 000,000,058 | ---- | C] () -- C:\WINNT\cardxcs_.ini

[2009/11/24 04:21:40 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\fr025451\BackupPcError.dat

[2009/11/13 09:15:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\fr025451\Application Data\wgjpi.data

[2009/11/12 10:06:06 | 000,716,800 | R--- | C] () -- C:\WINNT\System32\Memorybar.exe

[2009/11/03 04:28:18 | 000,000,019 | ---- | C] () -- C:\WINNT\nt_test.ini

[2009/11/01 16:01:10 | 000,116,224 | ---- | C] () -- C:\WINNT\System32\pdfcmnnt.dll

[2009/10/31 04:40:41 | 000,130,406 | ---- | C] () -- C:\WINNT\manual_catupd.EXE

[2009/10/30 18:07:15 | 000,000,386 | ---- | C] () -- C:\WINNT\BrmfBidi.ini

[2009/10/30 18:06:44 | 000,000,441 | ---- | C] () -- C:\WINNT\BRWMARK.INI

[2009/10/30 18:06:44 | 000,000,065 | ---- | C] () -- C:\WINNT\System32\BD7225N.DAT

[2009/10/30 18:04:21 | 000,000,052 | ---- | C] () -- C:\WINNT\System32\BrmfBAgP.ini

[2009/10/30 18:04:21 | 000,000,036 | ---- | C] () -- C:\WINNT\System32\BrmfBiPP.dat

[2009/10/30 18:04:21 | 000,000,029 | ---- | C] () -- C:\WINNT\System32\BrmfBAgS.ini

[2009/10/30 17:55:10 | 000,000,000 | ---- | C] () -- C:\WINNT\PROTOCOL.INI

[2009/10/30 14:11:38 | 000,204,800 | ---- | C] () -- C:\WINNT\System32\igfxCoIn_v4785.dll

[2009/10/30 14:11:37 | 000,701,840 | ---- | C] () -- C:\WINNT\System32\igmedkrn.dll

[2009/10/30 14:10:07 | 000,004,569 | ---- | C] () -- C:\WINNT\System32\secupd.dat

[2009/10/30 14:10:02 | 000,513,246 | ---- | C] () -- C:\WINNT\System32\perfh009.dat

[2009/10/30 14:10:02 | 000,272,128 | ---- | C] () -- C:\WINNT\System32\perfi009.dat

[2009/10/30 14:10:02 | 000,092,106 | ---- | C] () -- C:\WINNT\System32\perfc009.dat

[2009/10/30 14:10:02 | 000,028,626 | ---- | C] () -- C:\WINNT\System32\perfd009.dat

[2009/10/30 14:10:00 | 000,004,463 | ---- | C] () -- C:\WINNT\System32\oembios.dat

[2009/10/30 14:09:59 | 013,107,200 | ---- | C] () -- C:\WINNT\System32\oembios.bin

[2009/10/30 14:09:55 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat

[2009/10/30 14:09:46 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat

[2009/10/30 14:09:46 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin

[2009/10/30 14:09:29 | 000,218,003 | ---- | C] () -- C:\WINNT\System32\dssec.dat

[2009/10/30 14:09:18 | 000,001,804 | ---- | C] () -- C:\WINNT\System32\Dcache.bin

[2009/10/30 08:34:37 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini

[2009/10/30 08:34:32 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\fr025451\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/10/30 08:25:04 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\fr025451\Local Settings\Application Data\fusioncache.dat

[2009/10/30 08:19:08 | 000,048,687 | ---- | C] () -- C:\WINNT\SBSPOP01.exe

[2009/10/30 08:16:51 | 000,000,509 | ---- | C] () -- C:\WINNT\SMSCFG.ini

[2009/10/30 08:06:36 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\fr025451\RECYCLER

[2009/10/30 08:04:24 | 000,030,346 | RHS- | C] () -- C:\Documents and Settings\fr025451\ntuser.pol

[2009/10/30 08:03:05 | 000,025,253 | ---- | C] () -- C:\WINNT\whatmask.exe

[2009/10/30 07:55:03 | 000,113,890 | ---- | C] () -- C:\WINNT\restore_saplogon.EXE

[2009/10/30 07:48:09 | 000,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt

[2009/10/30 07:48:08 | 000,955,904 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt

[2009/10/30 07:45:59 | 001,064,960 | ---- | C] () -- C:\WINNT\System32\h5krnl32.dll

[2009/10/30 07:45:59 | 000,188,928 | ---- | C] () -- C:\WINNT\System32\h5icon32.dll

[2009/10/30 07:45:59 | 000,175,616 | ---- | C] () -- C:\WINNT\System32\h5menu32.dll

[2009/10/30 07:45:59 | 000,095,744 | ---- | C] () -- C:\WINNT\System32\h5rtf32.dll

[2009/10/30 07:45:59 | 000,051,200 | ---- | C] () -- C:\WINNT\System32\h5tool32.dll

[2009/10/30 07:45:31 | 000,015,872 | ---- | C] () -- C:\WINNT\System32\vtssm32.dll

[2009/10/30 07:45:11 | 000,002,745 | ---- | C] () -- C:\WINNT\saplogon.ini

[2009/10/30 07:45:11 | 000,000,023 | ---- | C] () -- C:\WINNT\saproute.ini

[2009/10/30 07:16:35 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI

[2009/10/30 07:15:50 | 000,244,720 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT

[2009/10/30 07:15:30 | 000,016,322 | ---- | C] () -- C:\WINNT\cfgall.ini

[2009/10/30 07:05:45 | 000,000,470 | ---- | C] () -- C:\WINNT\ODBC.INI

[2009/10/30 06:42:15 | 000,000,000 | ---- | C] () -- C:\WINNT\tosOBEX.INI

[2009/10/30 06:28:36 | 000,002,048 | --S- | C] () -- C:\WINNT\bootstat.dat

[2009/10/30 06:24:29 | 000,021,640 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat

[2009/04/16 09:32:46 | 000,040,517 | ---- | C] () -- C:\WINNT\System32\jRegistryKey.dll

[2008/04/18 09:56:18 | 000,311,296 | ---- | C] () -- C:\WINNT\System32\siecaces.dll

[2007/12/18 10:28:10 | 000,059,016 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml

[2007/06/21 04:49:24 | 000,118,784 | ---- | C] () -- C:\WINNT\System32\TosBtAcc.dll

[2007/04/16 07:01:06 | 000,184,320 | ---- | C] () -- C:\WINNT\System32\gmp4_2_1.dll

[2007/04/12 02:48:40 | 000,028,672 | ---- | C] () -- C:\WINNT\System32\siecacsp.dll

[2005/07/22 15:30:18 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\TosCommAPI.dll

[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI

[2000/08/18 08:14:10 | 000,000,207 | ---- | C] () -- C:\WINNT\ORGD.INI

[1997/06/25 09:24:16 | 000,040,448 | ---- | C] () -- C:\WINNT\System32\regobj.dll

 

========== LOP Check ==========

 

[2010/02/02 03:36:14 | 000,000,000 | ---D | M] -- C:\WINNT\system32\config\systemprofile\Application Data\Application Updater

[2011/02/03 03:02:25 | 000,000,000 | ---D | M] -- C:\WINNT\system32\config\systemprofile\Application Data\Fixit

[2011/09/28 11:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\2020 Fusion

[2010/02/10 16:00:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\3M

[2010/11/15 16:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\AlesisFirewire

[2011/09/24 13:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\ArchiFacile

[2009/11/20 13:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\CatPC

[2011/12/08 04:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\com.adobe.example.widget.F826D533138FC008516DC0DE4625BA08DCDBC443.1

[2011/02/12 20:11:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\digital publishing

[2011/09/16 12:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Eltima Software

[2010/09/15 11:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\FileZilla

[2009/12/17 13:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\FreeVideoConverter

[2010/12/20 11:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\GrabIt

[2011/05/20 06:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Juniper Networks

[2011/01/28 16:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\National Library of Medicine

[2011/09/24 06:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\NesterSoft

[2011/10/25 12:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Nokia

[2011/10/25 12:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Nokia Ovi Suite

[2009/12/08 03:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\PACE Anti-Piracy

[2011/10/25 12:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\PC Suite

[2010/02/03 17:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\PhotoFiltre

[2011/01/05 11:26:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\ProtectDISC

[2011/04/11 10:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Siemens

[2011/10/26 12:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Sierra Wireless

[2011/12/14 19:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Spotify

[2010/07/23 03:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Steelray Software

[2010/12/20 11:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\SuperNZB

[2009/12/08 15:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\TomTom

[2009/12/13 18:38:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\Trillium Lane

[2011/12/12 03:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\VDownloader

[2011/02/17 03:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fr025451\Application Data\WindSolutions

[2010/12/27 16:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2011/09/28 11:24:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iDeal Designer Hygena

[2009/10/30 08:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks

[2011/11/04 06:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs

[2010/05/12 04:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir

[2011/10/25 12:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache

[2009/12/08 03:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy

[2011/10/25 12:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite

[2009/10/30 08:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SFR Global Access

[2010/05/12 04:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir

[2010/09/30 13:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/06/11 11:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2011/10/28 10:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite

[2011/02/17 03:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions

[2010/05/01 04:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/10/31 15:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2011/12/16 07:38:16 | 000,000,350 | ---- | M] () -- C:\WINNT\Tasks\At1.job

[2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2011/12/19 05:55:10 | 000,000,248 | -H-- | M] () -- C:\WINNT\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

[2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

 

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

 

Invalid Environment Variable: %APPDATA%\*.

 

Invalid Environment Variable: %APPDATA%\*.exe

 

< %SYSTEMDRIVE%\*.exe >

[2011/12/18 22:20:43 | 026,705,144 | ---- | M] (Emsi Software GmbH ) -- C:\EmsisoftAntiMalwareSetup.exe

[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\explorer.exe

 

 

< MD5 for: AEC.SYS >

[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:aec.sys

[2008/04/13 17:09:24 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINNT\system32\drivers\aec.sys

 

< MD5 for: AGP440.SYS >

[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:AGP440.sys

 

< MD5 for: ALG.EXE >

[2008/04/13 22:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINNT\system32\alg.exe

[2008/04/13 22:42:14 | 000,044,544 | ---- | M] (Microsoft Corporation) MD5=8C515081584A38AA007909CD02020B3D -- C:\WINNT\system32\dllcache\alg.exe

 

< MD5 for: ATAPI.SYS >

[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:atapi.sys

[2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\system32\drivers\atapi.sys

 

< MD5 for: CDROM.SYS >

[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:cdrom.sys

[2008/04/13 22:51:44 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINNT\system32\drivers\cdrom.sys

 

< MD5 for: CSRSS.EXE >

[2008/04/13 22:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINNT\system32\csrss.exe

[2008/04/13 22:42:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINNT\system32\dllcache\csrss.exe

 

< MD5 for: CTFMON.EXE >

[2008/04/13 22:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINNT\system32\ctfmon.exe

[2008/04/13 22:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5F1D5F88303D4A4DBC8E5F97BA967CC3 -- C:\WINNT\system32\dllcache\ctfmon.exe

 

< MD5 for: DISK.SYS >

[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:disk.sys

[2008/04/13 22:51:44 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINNT\system32\drivers\disk.sys

 

< MD5 for: EVENTLOG.DLL >

[2008/04/13 22:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\system32\dllcache\eventlog.dll

[2008/04/13 22:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\system32\eventlog.dll

 

< MD5 for: EXPLORER.EXE >

[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\explorer.exe

[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINNT\system32\dllcache\explorer.exe

[2011/12/18 21:27:20 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINNT\system32\explorer.exe

 

< MD5 for: I8042PRT.SYS >

[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:i8042prt.sys

[2008/04/13 19:48:02 | 000,052,480 | ---- | M] (Microsoft Corporation) MD5=4A0B06AA8943C1E332520F7440C0AA30 -- C:\WINNT\system32\drivers\i8042prt.sys

 

< MD5 for: IASTOR.SYS >

[2007/02/11 22:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINNT\CATPC\9\iastor.sys

 

< MD5 for: IMAPI.SYS >

[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:imapi.sys

[2008/04/13 22:51:44 | 000,042,112 | ---- | M] (Microsoft Corporation) MD5=083A052659F5310DD8B6A6CB05EDCF8E -- C:\WINNT\system32\drivers\imapi.sys

 

< MD5 for: INTELIDE.SYS >

[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:intelide.sys

 

< MD5 for: MOUNTMGR.SYS >

[2008/04/13 17:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINNT\system32\dllcache\mountmgr.sys

[2008/04/13 17:09:48 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINNT\system32\drivers\mountmgr.sys

 

< MD5 for: MRXSMB.SYS >

[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:mrxsmb.sys

[2009/12/04 12:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINNT\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys

[2008/10/24 06:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINNT\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys

[2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINNT\Driver Cache\i386\mrxsmb.sys

[2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINNT\system32\dllcache\mrxsmb.sys

[2011/07/15 08:29:31 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=7D304A5EB4344EBEEAB53A2FE3FFB9F0 -- C:\WINNT\system32\drivers\mrxsmb.sys

[2010/02/24 06:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINNT\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys

[2011/07/15 08:29:35 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=FB2FCCC70F7174C7BF64F48E96D3ADF4 -- C:\WINNT\$hf_mig$\KB2536276-v2\SP3QFE\mrxsmb.sys

[2011/02/17 08:19:38 | 000,457,472 | ---- | M] (Microsoft Corporation) MD5=FB7DFD15D760AD339837A470F0E780D3 -- C:\WINNT\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys

 

< MD5 for: NDIS.SYS >

[2008/04/13 17:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINNT\system32\dllcache\ndis.sys

[2008/04/13 17:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINNT\system32\drivers\ndis.sys

 

< MD5 for: NETLOGON.DLL >

[2008/04/16 23:50:11 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINNT\system32\dllcache\netlogon.dll

[2008/04/16 23:50:11 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINNT\system32\netlogon.dll

 

< MD5 for: RASACD.SYS >

[2001/08/23 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINNT\system32\dllcache\rasacd.sys

[2001/08/23 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINNT\system32\drivers\rasacd.sys

 

< MD5 for: RDPCDD.SYS >

[2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINNT\system32\dllcache\rdpcdd.sys

[2001/08/23 07:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=4912D5B403614CE99C28420F75353332 -- C:\WINNT\system32\drivers\rdpcdd.sys

 

< MD5 for: REDBOOK.SYS >

[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:redbook.sys

[2008/04/13 19:10:28 | 000,057,600 | ---- | M] (Microsoft Corporation) MD5=F828DD7E1419B6653894A8F97A0094C5 -- C:\WINNT\system32\drivers\redbook.sys

 

< MD5 for: SCECLI.DLL >

[2008/04/13 22:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\system32\dllcache\scecli.dll

[2008/04/13 22:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\system32\scecli.dll

 

< MD5 for: SERVICES.EXE >

[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINNT\$hf_mig$\KB956572\SP3QFE\services.exe

[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINNT\system32\dllcache\services.exe

[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINNT\system32\services.exe

 

< MD5 for: SMSS.EXE >

[2008/04/13 22:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINNT\system32\dllcache\smss.exe

[2008/04/13 22:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINNT\system32\smss.exe

 

< MD5 for: SPOOLSV.EXE >

[2010/08/17 08:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINNT\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINNT\system32\dllcache\spoolsv.exe

[2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINNT\system32\spoolsv.exe

 

< MD5 for: SVCHOST.EXE >

[2008/04/13 22:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\dllcache\svchost.exe

[2008/04/13 22:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINNT\system32\svchost.exe

 

< MD5 for: TCPIP.SYS >

[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINNT\system32\dllcache\tcpip.sys

[2008/06/20 06:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINNT\system32\drivers\tcpip.sys

[2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINNT\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[2008/06/20 06:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINNT\$hf_mig$\KB951748\SP3QFE\tcpip.sys

 

< MD5 for: TERMDD.SYS >

[2008/04/13 22:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp3.cab:termdd.sys

[2008/04/13 23:43:22 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINNT\system32\drivers\termdd.sys

 

< MD5 for: USERINIT.EXE >

[2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\dllcache\userinit.exe

[2008/04/13 22:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINNT\system32\userinit.exe

 

< MD5 for: WIN32K.SYS >

[2010/08/31 08:38:48 | 001,861,888 | ---- | M] (Microsoft Corporation) MD5=51420D569A883CC13D656783B2C86D8E -- C:\WINNT\$hf_mig$\KB981957\SP3QFE\win32k.sys

[2010/12/31 08:14:45 | 001,864,064 | ---- | M] (Microsoft Corporation) MD5=62FC2280FBEA1DCC64A276BCF71709D9 -- C:\WINNT\$hf_mig$\KB2479628\SP3QFE\win32k.sys

[2009/04/17 10:20:20 | 001,847,808 | ---- | M] (Microsoft Corporation) MD5=7CEDA3396DECF312144BC788D699EE48 -- C:\WINNT\$hf_mig$\KB968537\SP3QFE\win32k.sys

[2010/05/02 05:04:16 | 001,860,352 | ---- | M] (Microsoft Corporation) MD5=A3D4A7B714D4A74B7CD4296302F1A9FA -- C:\WINNT\$hf_mig$\KB979559\SP3QFE\win32k.sys

[2011/06/02 09:07:35 | 001,867,904 | ---- | M] (Microsoft Corporation) MD5=BE79F0A0273DEF353BA5D1F43CBAD858 -- C:\WINNT\$hf_mig$\KB2555917\SP3QFE\win32k.sys

[2010/06/23 21:14:38 | 001,861,120 | ---- | M] (Microsoft Corporation) MD5=C0B2DA12C5CB448F9EA3AF16416745CB -- C:\WINNT\$hf_mig$\KB2160329\SP3QFE\win32k.sys

[2011/03/03 08:27:43 | 001,866,880 | ---- | M] (Microsoft Corporation) MD5=D302C0D9ADC931B598405D2C953B334B -- C:\WINNT\$hf_mig$\KB2506223\SP3QFE\win32k.sys

[2011/06/02 09:02:05 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=E97153BE7D053976348554EFD71C53A8 -- C:\WINNT\system32\dllcache\win32k.sys

[2011/06/02 09:02:05 | 001,858,944 | ---- | M] (Microsoft Corporation) MD5=E97153BE7D053976348554EFD71C53A8 -- C:\WINNT\system32\win32k.sys

[2010/10/26 08:27:10 | 001,862,272 | ---- | M] (Microsoft Corporation) MD5=ED970A04FDAEAB9D9A5FA9B25E9196A8 -- C:\WINNT\$hf_mig$\KB2436673\SP3QFE\win32k.sys

[2009/08/14 11:49:40 | 001,859,712 | ---- | M] (Microsoft Corporation) MD5=F6B54A56F02D24BF43E72662D44A6B14 -- C:\WINNT\$hf_mig$\KB969947\SP3QFE\win32k.sys

 

< MD5 for: WINLOGON.EXE >

[2008/04/13 22:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\dllcache\winlogon.exe

[2008/04/13 22:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINNT\system32\winlogon.exe

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2011/03/03 01:55:19 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\dnsapi.dll

[2011/06/23 13:36:29 | 011,081,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\ieframe.dll

[2011/06/23 13:36:30 | 001,991,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\iertutil.dll

[2008/04/13 22:42:02 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\mstask.dll

[2008/04/16 23:50:11 | 000,068,096 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\ntdsapi.dll

[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\shell32.dll

[2 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2009/10/30 07:15:15 | 000,094,208 | ---- | M] () -- C:\WINNT\System32\config\default.sav

[2009/10/30 07:15:15 | 001,093,632 | ---- | M] () -- C:\WINNT\System32\config\software.sav

[2009/10/30 07:15:15 | 000,937,984 | ---- | M] () -- C:\WINNT\System32\config\system.sav

 

< CREATERESTOREPOINT >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1340E25B

@Alternate Data Stream - 1351 bytes -> C:\Program Files\Outlook Express:i9CkdJIVMGJpN3LVwHNzX

@Alternate Data Stream - 1294 bytes -> C:\Documents and Settings\fr025451\Cookies:uiGuDJBaKXX53jX2IjdGAmj

@Alternate Data Stream - 1237 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:QN8NIpVOlohr2VKM4vZhRTTX

@Alternate Data Stream - 1223 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:2nmI9EtZUExGE4AnQv57FB0COeUYEH

@Alternate Data Stream - 1207 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:6cfDGIFENDIP1CKuNRfACAH

< End of report >

 

Merci encore de votre aide

 

A tres bientot

 

-------------- EDIT -------------------

 

Messages désimbriqués du sujet initial : http://forum.zebulon.fr/trojan-bundespolizei-t187592.html

Modifié par Tonton
Lien vers le commentaire
Partager sur d’autres sites

Bonsoir et Bienvenu f0ele :jap:

 

Quand tu veux faire une demande il faut que tu ouvres ton propre post s.t.p.

pas grave pour cette fois mais cela est de rigueur sur tous les forums. :chpas:

Fait ceci et je vais faire deplacer ton post par un modérateur.

 

 

Relance donc le cd que tu viens de graver puis relance OTLPE et dans cette fenêtre.

 

1272203961-otlpe08.gif

Sous Custom Scan box copie_colle le contenu du cadre ci dessous:

 

:OTL

DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)

O1 - Hosts: 139.10.13.45 user.sbs.fr

O1 - Hosts: 139.16.69.65 CHLGSAS1

O1 - Hosts: 139.16.69.67 NGAS2

O1 - Hosts: 74.208.105.171 gs.apple.com

[2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

[2011/12/19 05:55:10 | 000,000,294 | -H-- | M] () -- C:\WINNT\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

[2011/12/19 05:55:10 | 000,000,248 | -H-- | M] () -- C:\WINNT\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

@Alternate Data Stream - 172 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1340E25B

@Alternate Data Stream - 1351 bytes -> C:\Program Files\Outlook Express:i9CkdJIVMGJpN3LVwHNzX

@Alternate Data Stream - 1294 bytes -> C:\Documents and Settings\fr025451\Cookies:uiGuDJBaKXX53jX2IjdGAmj

@Alternate Data Stream - 1237 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:QN8NIpVOlohr2VKM4vZhRTTX

@Alternate Data Stream - 1223 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:2nmI9EtZUExGE4AnQv57FB0COeUYEH

@Alternate Data Stream - 1207 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:6cfDGIFENDIP1CKuNRfACAH

:Files

C:\WINNT\tasks\At*

:Commands

* Cliques sur l'icône RUNFIX (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.log"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Accueil de Cjoint.com ou Cliquez ici.

 

 

Ensuite en mode normal fait ceci.

 

 

Téléchargez MyHosts sur votre bureau .

 

Pour le lancer, faites un double-clic sur l'icône de MyHosts qui se trouve sur votre bureau.

 

Le rapport " MyHosts.txt " s'ouvre quelques secondes après, copiez son contenu et postez-le sur le forum où vous vous faites aider.

 

Si par erreur vous avez fermé le rapport " MyHosts.txt " avant de le copier, vous pouvez le retrouver à la racine de votre disque système ( par exemple C:\MyHosts.txt ) .

 

 

IMPORTANT :

MyHosts doit être lancé sur une session ayant des droits "administrateur", toute exécution sur un compte "limité" entraînera l'apparition d'une fenêtre DOS vous demandant de le relancer à partir d'un compte administrateur.

 

 

Ensuite::

 

Installe Malewarebytes' Antimalware,

 

Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and trojans, plus it protects your computer

 

Prends bien la version FREE

*** Met-le à jour puis choisi, Exécuter un examen complet

 

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

 

Poste le rapport final.

Lien vers le commentaire
Partager sur d’autres sites

Bonjour et merci pour ton aide.

J'ai bien executer ce que tu m'as comseiller, mais en redemarrant en mode normal, le virus reapparait, impossible de redemarrer sur une session normal.

 

Merci encore

 

F0ELE

Lien vers le commentaire
Partager sur d’autres sites

Tu as un nom ou l'adresse de détection s.t.p de cet intrus.

 

Ceci en plus en mode sans échec avec prise en charge du réseau.

 

Télécharge load_tdsskiller de Loup Blanc sur ton Bureau

http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

ou la:

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

Cet outil est conçu pour automatiser différentes tâches proposées par TDSSKiller, un fix de Kaspersky.

 

Lance load_tdsskiller en double-cliquant dessus. Clic droit et exécuter en tant qu'administrateur avec Vista/Seven

 

A cette fenêtre lance le scan.

 

11012708271111174.jpg

 

Tu peux récupérer le rapport en validant Report

 

Si une détection est faite valide Cure puis

 

2663-2-eng.png

Lien vers le commentaire
Partager sur d’autres sites

Bonsoir f0ele, bernard53, ;)

 

J'ai désimbriqué ces messages du sujet initial () pour créer un nouveau sujet.

 

Bonne continuation à vous deux, ;)

Tonton

Lien vers le commentaire
Partager sur d’autres sites

Merci pour ta reponse, mais le mode sans echec ne fonctionne pas sur mon pc, je ne peux malheuresement pas faire cette manip je n'ai acces a mon systeme que par le cd.

Lorsque je lance le safe mode, le systeme reboot en boucle.

Lorsque je lance depuis une clef usb l'antivirus il plante car je ne suis pas en reel "administrateur" a partir du cd.

 

 

A tres bientot

Lien vers le commentaire
Partager sur d’autres sites

ok ceci alors.

 

 

 

Relance donc le cd que tu viens de graver puis relance OTLPE et dans cette fenêtre.

 

1272203961-otlpe08.gif

Sous Custom Scan box copie_colle le contenu du cadre ci dessous:

 

:OTL

SRV - [2011/12/15 11:09:06 | 000,056,320 | -H-- | M] () [Auto] -- C:\WINNT\system32\41759070AD310639DBA0.sys -- (MSUNatService)

O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\41759070AD310639DBA0.exe) - C:\WINNT\system32\41759070AD310639DBA0.exe ()

 

 

:Commands

 

* Cliques sur l'icône RUNFIX (en haut à gauche) .

* Laisse le scan aller à son terme sans te servir du PC

* A la fin du scan un rapport s'ouvrir "OTL.log"

* Copie et colle le ou les rapports dans ta réponse stp...

* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Mets le rapport ici car il prend bien de la place.

Accueil de Cjoint.com ou Cliquez ici.

Modifié par bernard53
Lien vers le commentaire
Partager sur d’autres sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Share

  • En ligne récemment   0 membre est en ligne

    Aucun utilisateur enregistré regarde cette page.

×
×
  • Créer...