Author Topic: Win32spytrojan.agent / Keylogger menace (Read 23295 times)

TMNT · « **on:** March 21, 2010, 12:14:45 PM »

Hello. Yesterday I was performing my usual computer cleaning procedure (CCleaner, Superantispyware, Malwarebytes), and what is strange is that I kept finding malware or infected files, even if I ran the program after it had just finished. I also ran the Ad-Aware, and found the Win32spytrojan.agent. It is also worth noting that my computer was extremely slow, for no apparent reason since it had been working properly the days before.

Having this in mind, I downloaded the free trial version of the Kaspersky Internet Security 2010 program. Considering my computer was so slow that it kept failing and freezing while trying to perform the most simple of tasks, it seems the Kaspersky wasn't properly updated. But all the same, I ran it and it indicated the possility of a keylogger existing in my computer. I decided to restart my computer in the safe mode and run the Ccleaner, Malwarebytes and SuperAntiSpyware again. Then I proceeded to uninstall Kaspersky.

Now it isn't as slow as before, and the anti-malware programs don't find any infected files when they finish their scan. But I'd like to know if my computer is finally safe, or perhaps there's something lurking in there that hasn't been detected so far?

Thanks in advance.

[Saving space, attachment deleted by admin]

Dr Jay · « **Reply #1 on:** March 22, 2010, 04:58:27 PM »

Please download OTS by OldTimer and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS to start the program (if you are running on Vista then right-click the program and
choose Run as Administrator).
At the top, tick on Scan All Users section
At File Age set it to 90 Days
In the Processes, Modules, Services, Drivers, and Registry
section, please set on Safe List.
In the Files Created Within and Files Modified Within section, set it to File Age
At the bottom, tick on all Safe List and Use Company Name WhiteList option
Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - Ext
Reg - IE
Explorer Bar
Reg - NetSvcs
Reg - Safeboot Minimal
Reg - Safeboot Network
File - Lop Check
File - Purity Scan

Do NOT change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

TMNT · « **Reply #2 on:** March 22, 2010, 05:15:41 PM »

Thank you very much for your answer, here is the information requested.

[Saving space, attachment deleted by admin]

Dr Jay · « **Reply #3 on:** March 22, 2010, 05:22:56 PM »

Hello. Please copy and paste the log in a new post instead of upload.

TMNT · « **Reply #4 on:** March 22, 2010, 05:33:00 PM »

I uploaded it since the system says "The message exceeds the maximum allowed length (50000 characters). " Should I divide it into two posts, perhaps?

Dr Jay · « **Reply #5 on:** March 22, 2010, 05:47:59 PM »

Yes. Two or three.

TMNT · « **Reply #6 on:** March 22, 2010, 05:49:20 PM »

Code: [Select]

OTS logfile created on: 23/03/2010 00:13:28 - Run 1
OTS by OldTimer - Version 3.1.27.1     Folder = C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 179,50 Gb Total Space | 113,05 Gb Free Space | 62,98% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 150,02 Gb Free Space | 80,52% Space Free | Partition Type: NTFS
Drive E: | 6,80 Gb Total Space | 0,83 Gb Free Space | 12,21% Space Free | Partition Type: FAT32
Drive F: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NOM-FB9B15D2723
Current User Name: HP_Administrateur
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\OTS.exe -> [2010/03/23 00:08:28 | 000,637,440 | ---- | M] (OldTimer Tools)
avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2010/03/09 12:24:10 | 002,769,336 | ---- | M] (ALWIL Software)
avastsvc.exe -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/03/09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software)
jusched.exe -> C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.)
wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/09/30 19:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation)
lifechat.exe -> C:\Program Files\Microsoft LifeChat\LifeChat.exe -> [2008/08/21 10:16:56 | 000,267,296 | ---- | M] (Microsoft Corporation)
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> [2008/07/09 08:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC)
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> [2008/07/09 08:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation)
iaanotif.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe -> [2006/07/06 14:15:00 | 000,151,552 | ---- | M] (Intel Corporation)
iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2006/07/06 14:14:30 | 000,090,112 | ---- | M] (Intel Corporation)
lssrvc.exe -> C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -> [2006/06/21 04:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company)
elservice.exe -> C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -> [2006/06/01 23:25:00 | 000,180,224 | ---- | M] (Intel Corporation)
transcode360tray.exe -> C:\Program Files\Transcode360\Transcode360Tray.exe -> [2006/05/02 18:01:30 | 000,192,512 | ---- | M] ( )
dmascheduler.exe -> C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe -> [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions)
gnotify.exe -> C:\Program Files\Google\Gmail Notifier\gnotify.exe -> [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.)
kmaestro.exe -> C:\Program Files\HP Wireless Keyboard\Kmaestro.exe -> [2005/06/13 02:38:22 | 000,278,528 | ---- | M] (BTC)
uphclean.exe -> C:\Program Files\UPHClean\uphclean.exe -> [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation)
wlancfgg.exe -> C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe -> [2004/09/02 17:09:56 | 000,794,624 | ---- | M] ()
wlservice.exe -> C:\Program Files\Wireless 802.11g Monitor\WLService.exe -> [2004/03/29 16:08:16 | 000,049,152 | ---- | M] ()
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\OTS.exe -> [2010/03/23 00:08:28 | 000,637,440 | ---- | M] (OldTimer Tools)
hid.dll -> C:\WINDOWS\system32\hid.dll -> [2008/04/13 18:33:28 | 000,020,992 | ---- | M] (Microsoft Corporation)
nview.dll -> C:\WINDOWS\system32\nview.dll -> [2006/04/28 08:47:00 | 001,466,368 | ---- | M] ()
nvwrsfr.dll -> C:\WINDOWS\system32\nvwrsfr.dll -> [2006/04/28 08:47:00 | 000,327,680 | ---- | M] (NVIDIA Corporation)
nvwddi.dll -> C:\WINDOWS\system32\nvwddi.dll -> [2006/04/28 08:47:00 | 000,081,920 | ---- | M] (NVIDIA Corporation)
hidkeybd.dll -> C:\Program Files\HP Wireless Keyboard\HidKeybd.dll -> [2004/06/15 08:32:12 | 000,018,476 | ---- | M] (BTC)
 
[Win32 Services - Safe List]
(Planificateur LiveUpdate automatique) Planificateur LiveUpdate automatique [Auto | Stopped] ->  -> File not found
(avast! Web Scanner) avast! Web Scanner [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/03/09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/03/09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software)
(avast! Antivirus) avast! Antivirus [Auto | Running] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/03/09 12:24:08 | 000,040,384 | ---- | M] (ALWIL Software)
(vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2008/07/09 08:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC)
(IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2006/07/06 14:14:30 | 000,090,112 | ---- | M] (Intel Corporation)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Auto | Running] -> C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -> [2006/06/21 04:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company)
(ELService) Intel(R) Quick Resume technology [Auto | Running] -> C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe -> [2006/06/01 23:25:00 | 000,180,224 | ---- | M] (Intel Corporation)
(UPHClean) User Profile Hive Cleanup [Auto | Running] -> C:\Program Files\UPHClean\uphclean.exe -> [2005/04/27 13:59:24 | 000,241,725 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 10:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation)
(R54G Wireless Service) R54G Wireless Service [Auto | Running] -> C:\Program Files\Wireless 802.11g Monitor\WLService.exe -> [2004/03/29 16:08:16 | 000,049,152 | ---- | M] ()
 
[Driver Services - Safe List]
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -> [2010/03/21 18:28:14 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/03/21 18:28:11 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/03/21 18:28:10 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aswTdi.sys -> [2010/03/09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software)
(aswSP) aswSP [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aswSP.sys -> [2010/03/09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\aswRdr.sys -> [2010/03/09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software)
(aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\aswmon2.sys -> [2010/03/09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\aswFsBlk.sys -> [2010/03/09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software)
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\aavmker4.sys -> [2010/03/09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software)
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdc8021x.sys -> [2009/11/22 04:01:16 | 000,015,781 | ---- | M] (Meetinghouse Data Communications)
(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2009/08/09 12:46:12 | 000,721,904 | ---- | M] ()
(vsdatant) vsdatant [Kernel | System | Running] -> C:\WINDOWS\system32\vsdatant.sys -> [2008/07/09 08:05:22 | 000,394,952 | ---- | M] (Zone Labs, LLC)
(MPE) Filtre BDA MPE [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mpe.sys -> [2008/04/13 10:46:24 | 000,015,232 | ---- | M] (Microsoft Corporation)
(usbaudio) Pilote USB audio (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/13 10:45:14 | 000,060,032 | ---- | M] (Microsoft Corporation)
(HDAudBus) Pilote de bus Microsoft UAA pour High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 08:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(srescan) srescan [Kernel | Boot | Running] -> C:\WINDOWS\system32\ZoneLabs\srescan.sys -> [2008/02/27 02:10:44 | 000,051,176 | ---- | M] (Zone Labs, LLC)
(RT2500USB) RT2500 USB Wireless LAN Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rt2500usb.sys -> [2006/11/08 13:45:26 | 000,240,384 | ---- | M] (Ralink Technology Inc.)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\WINDOWS\System32\DRIVERS\iastor.sys -> [2006/07/06 14:59:42 | 000,246,784 | ---- | M] (Intel Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2006/06/14 19:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.)
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\e1e5132.sys -> [2006/05/16 19:37:50 | 000,229,376 | ---- | M] (Intel Corporation)
(ELacpi) ELacpi [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ELacpi.sys -> [2006/05/09 22:36:44 | 000,009,728 | ---- | M] (Intel Corporation)
(ELmon) EL Monitor Service [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Elmon.sys -> [2006/05/09 22:36:42 | 000,007,040 | ---- | M] (Intel Corporation)
(ELkbd) EL KB Service [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Elkbd.sys -> [2006/05/09 22:36:22 | 000,006,912 | ---- | M] (Intel Corporation)
(ELmou) EL Mouse Service [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Elmou.sys -> [2006/05/09 22:36:20 | 000,006,400 | ---- | M] (Intel Corporation)
(ELhid) EL hid Service [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Elhid.sys -> [2006/05/09 22:36:18 | 000,010,112 | ---- | M] (Intel Corporation)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2006/04/28 08:47:00 | 003,663,040 | ---- | M] (NVIDIA Corporation)
(3xHybrid) 3xHybrid service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\3xHybrid.sys -> [2006/04/12 04:36:56 | 002,829,696 | ---- | M] (ASUSTek)
(Ps2) Ps2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\PS2.sys -> [2005/12/13 01:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company)
(WN5301) LIteon Wireless PCI Network Adapter Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wn5301.sys -> [2005/10/05 03:44:06 | 000,468,768 | ---- | M] (Liteon Technology Inc.)
(ftsata2) ftsata2 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ftsata2.sys -> [2005/06/29 16:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.)
(rtl8139) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation)
(rt2571) Wireless 802.11g USB Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rt2571.sys -> [2004/05/07 13:47:10 | 000,079,616 | ---- | M] (Ralink Technology Inc.)
(bb-run) Promise driver accelerator [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\bb-run.sys -> [2003/11/05 06:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.)
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\GTNDIS5.sys -> [2003/09/26 12:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop -> 
HKEY_USERS\.DEFAULT\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop -> 
HKEY_USERS\S-1-5-18\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> -> 
HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\: Main\\"Default_Search_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop -> 
HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\FireFox\Profiles\38zcja25.default\prefs.js -> 
browser.startup.homepage -> "http://www.google.fr/" ->
extensions.enabledItems -> [email protected]:1.1.1 ->
extensions.enabledItems -> {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028 ->
network.proxy.type -> 2 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/03/09 16:07:44 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/02/18 23:43:27 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Extensions -> [2009/07/06 03:06:35 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Firefox\Profiles\38zcja25.default\extensions -> [2010/03/21 19:08:55 | 000,000,000 | ---D | M]
WOT   -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Firefox\Profiles\38zcja25.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2009/11/05 14:15:43 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\Mozilla\Firefox\Profiles\38zcja25.default\extensions\[email protected] -> [2010/03/21 18:29:54 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/03/21 19:08:55 | 000,000,000 | ---D | M]
< HOSTS File > ([2009/07/06 02:13:35 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 000,059,032 | ---- | M] (Adobe Systems Incorporated)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Programme d'aide de l'Assistant de connexion Windows Live] -> [2009/02/17 16:11:04 | 000,408,440 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.)
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT Helper] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] ()
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/06/18 06:56:52 | 000,094,208 | ---- | M] ()
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [&Google] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.)
"{71576546-354D-41c9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] ()
"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [&Google] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.)
WebBrowser\\"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] ()
WebBrowser\\"{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"" ->  [] -> File not found
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" -> C:\Program Files\Google\Gmail Notifier\gnotify.exe [C:\Program Files\Google\Gmail Notifier\gnotify.exe] -> [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.)
"avast5" -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe [C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui] -> [2010/03/09 12:24:10 | 002,769,336 | ---- | M] (ALWIL Software)
"BtcMaestro" -> C:\Program Files\HP Wireless Keyboard\KMaestro.exe ["C:\Program Files\HP Wireless Keyboard\KMaestro.exe"] -> [2005/06/13 02:38:22 | 000,278,528 | ---- | M] (BTC)
"DMAScheduler" -> c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe ["c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"] -> [2006/04/13 09:05:00 | 000,090,112 | ---- | M] (Sonic Solutions)
"ftutil2" -> C:\WINDOWS\System32\ftutil2.dll [rundll32.exe ftutil2.dll,SetWriteCacheMode] -> [2004/06/07 13:05:38 | 000,106,496 | ---- | M] (Promise Technology, Inc.)
"HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/15 22:34:58 | 000,249,856 | ---- | M] (Hewlett-Packard Company)
"IAAnotif" -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe] -> [2006/07/06 14:15:00 | 000,151,552 | ---- | M] (Intel Corporation)
"LifeChat" -> C:\Program Files\Microsoft LifeChat\LifeChat.exe ["C:\Program Files\Microsoft LifeChat\LifeChat.exe"] -> [2008/08/21 10:16:56 | 000,267,296 | ---- | M] (Microsoft Corporation)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2006/04/28 08:47:00 | 007,573,504 | ---- | M] (NVIDIA Corporation)
"nwiz" -> C:\WINDOWS\System32\nwiz.exe [nwiz.exe /installquiet /keeploaded /nodetect] -> [2006/04/28 08:47:00 | 001,519,616 | ---- | M] ()
"Recguard" -> C:\WINDOWS\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005/07/22 22:14:00 | 000,237,568 | ---- | M] ()
"SunJavaUpdateSched" -> C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe ["C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"] -> [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.)
"Transcode360" -> C:\Program Files\Transcode360\Transcode360Tray.exe [C:\Program Files\Transcode360\Transcode360Tray.exe] -> [2006/05/02 18:01:30 | 000,192,512 | ---- | M] ( )
"ZoneAlarm Client" -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2008/07/09 08:05:20 | 000,919,016 | ---- | M] (Zone Labs, LLC)
< Administrateur Startup Folder > -> C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage -> 
 -> C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AutorunsDisabled -> [2008/01/20 06:19:25 | 000,000,000 | -H-D | M]
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage -> 
C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\Pin.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 08:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.)
C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\PinMcLnk.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 08:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.)
< HP_Administrateur Startup Folder > -> C:\Documents and Settings\HP_Administrateur\Menu Démarrer\Programmes\Démarrage -> 
< HP_Administrateur.NOM-FB9B15D2723 Startup Folder > -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Menu Démarrer\Programmes\Démarrage -> 
< HP_Administrateur.NOM-FB9B15D2723.000 Startup Folder > -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723.000\Menu Démarrer\Programmes\Démarrage -> 
< MCX1 Startup Folder > -> C:\Documents and Settings\MCX1\Menu Démarrer\Programmes\Démarrage -> 
C:\Documents and Settings\MCX1\Menu Démarrer\Programmes\Démarrage\Pin.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 08:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.)
C:\Documents and Settings\MCX1\Menu Démarrer\Programmes\Démarrage\PinMcLnk.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 08:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.)
< MCX2 Startup Folder > -> C:\Documents and Settings\MCX2\Menu Démarrer\Programmes\Démarrage -> 
C:\Documents and Settings\MCX2\Menu Démarrer\Programmes\Démarrage\Pin.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 08:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.)
C:\Documents and Settings\MCX2\Menu Démarrer\Programmes\Démarrage\PinMcLnk.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/07 08:11:14 | 000,027,136 | ---- | M] (Hewlett-Packard Co.)
< Software Policy Settings [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
\\"NoCDBurning" ->  [0] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 05:29:58 | 001,347,728 | ---- | M] (Microsoft)
\\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 00:03:28 | 000,001,293 | ---- | M] ()
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xportar a Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000] -> [2009/05/05 12:53:16 | 009,361,232 | R--- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xportar a Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000] -> [2009/05/05 12:53:16 | 009,361,232 | R--- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xportar a Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000] -> [2009/05/05 12:53:16 | 009,361,232 | R--- | M] (Microsoft Corporation)
Télécharger avec Free Download Manager -> C:\Program Files\Free Download Manager\dllink.htm [file://C:\Program Files\Free Download Manager\dllink.htm] -> [2007/06/02 12:25:02 | 000,002,140 | ---- | M] ()
Télécharger la sélection avec Free Download Manager -> C:\Program Files\Free Download Manager\dlselected.htm [file://C:\Program Files\Free Download Manager\dlselected.htm] -> [2007/06/02 12:25:02 | 000,000,463 | ---- | M] ()
Télécharger la vidéo avec Free Download Manager -> C:\Program Files\Free Download Manager\dlfvideo.htm [file://C:\Program Files\Free Download Manager\dlfvideo.htm] -> [2007/07/27 00:34:42 | 000,001,706 | ---- | M] ()
Tout télécharger avec Free Download Manager -> C:\Program Files\Free Download Manager\dlall.htm [file://C:\Program Files\Free Download Manager\dlall.htm] -> [2007/06/02 12:25:02 | 000,000,893 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Aide à la connexion] -> [2006/01/02 21:47:08 | 000,000,706 | ---- | M] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Aide à la connexion] -> [2006/01/02 21:47:08 | 000,000,706 | ---- | M] ()
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Aide à la connexion] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Aide à la connexion] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] ->  [Aide à la connexion] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Bibliothèque de contrôles ActiveX Microsoft -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4821 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab [Checkers Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab [MessengerStatsClient Class] -> 
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] -> 
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab [Java Plug-in 1.6.0_18] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab [Minesweeper Flags Class] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.1 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}\\DhcpNameServer -> 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243   (Carte Fast Ethernet EN1207D-TX 10/100 PCI HP) -> 
{8B5E9E00-B6A5-494B-94B5-33E887F751AF}\\DhcpNameServer -> 192.168.1.1   (Wireless LAN PCI 802.11 b/g adapter WN5301A) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 18:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation)

TMNT · « **Reply #7 on:** March 22, 2010, 05:50:56 PM »

*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -> [2010/03/21 18:27:59 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare] -> [2009/07/26 12:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\mIRC\mirc.exe" -> C:\mIRC\mirc.exe [C:\mIRC\mirc.exe:*:Enabled:mIRC] -> [2006/11/19 23:55:34 | 001,790,464 | ---- | M] (mIRC Co. Ltd.)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe" -> C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe [C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization] -> [2008/09/23 15:41:58 | 040,834,360 | ---- | M] (Firaxis Games)
"C:\Program Files\Ares Ultra\Ares Ultra.exe" -> C:\Program Files\Ares Ultra\Ares Ultra.exe [C:\Program Files\Ares Ultra\Ares Ultra.exe:*:Enabled:Ares Ultra p2p for windows] -> File not found
"C:\Program Files\Azureus\Azureus.exe" -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus] -> File not found
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword] -> [2008/07/29 04:21:25 | 012,767,232 | ---- | M] (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss] -> [2007/09/27 13:48:42 | 011,650,360 | R--- | M] (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4] -> [2008/07/29 04:15:06 | 010,407,936 | ---- | M] (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords] -> [2008/07/26 14:41:16 | 009,976,832 | ---- | M] (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" -> C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe [C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss] -> [2007/05/16 18:57:52 | 008,581,120 | ---- | M] (Firaxis Games)
"C:\Program Files\Opera\opera.exe" -> C:\Program Files\Opera\opera.exe [C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser] -> [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
"C:\Program Files\Transcode360\Transcode360Tray.exe" -> C:\Program Files\Transcode360\Transcode360Tray.exe [C:\Program Files\Transcode360\Transcode360Tray.exe:*:Enabled: ] -> [2006/05/02 18:01:30 | 000,192,512 | ---- | M] ( )
"C:\Program Files\Valve\Half-Life\hl.exe" -> C:\Program Files\Valve\Half-Life\hl.exe [C:\Program Files\Valve\Half-Life\hl.exe:*:Enabled:Half-Life Launcher] -> [2005/11/22 14:33:30 | 000,081,920 | ---- | M] (Valve)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 18:21:00 | 000,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" -> C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare] -> [2009/07/26 12:05:30 | 001,169,224 | ---- | M] (Microsoft Corporation)
"C:\WINDOWS\ehome\ehshell.exe" -> C:\WINDOWS\ehome\ehshell.exe [C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center] -> [2006/10/09 15:19:14 | 003,223,552 | ---- | M] (Microsoft Corporation)
"D:\Games\Unreal Tournament\System\UnrealTournament.exe" -> D:\Games\Unreal Tournament\System\UnrealTournament.exe [D:\Games\Unreal Tournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament] -> [2006/06/02 13:39:46 | 000,241,664 | ---- | M] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> Pilote de CD-ROM ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/01/02 21:41:54 | 000,000,100 | -H-- | M] ()
E:\AUTOEXEC.BAT [] -> E:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

[Registry - Additional Scans - Safe List]
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 02:38:16 | 000,029,696 | ---- | M] (Adobe Systems Incorporated)
C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 08:01:04 | 000,083,360 | ---- | M] (Microsoft Corporation)
C:^Documents and Settings^HP_Administrateur.NOM-FB9B15D2723^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe -> [2008/01/21 14:41:28 | 000,393,216 | ---- | M] ()
C:^Documents and Settings^HP_Administrateur.NOM-FB9B15D2723^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2009/08/18 13:49:56 | 000,384,000 | ---- | M] ()
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
ares destiny hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Ares Destiny\AresDestiny.exe -> File not found
ares vista hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Ares Vista\Ares.exe -> File not found
Comrade.exe hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\GameSpy\Comrade\Comrade.exe -> [2007/05/27 02:19:06 | 000,036,864 | ---- | M] (IGN Entertainment Inc.)
WinampAgent hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\Program Files\Winamp\winampa.exe -> [2009/07/01 17:37:06 | 000,037,888 | ---- | M] ()
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"bootini" -> 0 ->
"services" -> 0 ->
"startup" -> 2 ->
"system.ini" -> 0 ->
"win.ini" -> 0 ->
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"aux2" -> [wdmaud.sys] -> File not found
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 18:34:32 | 000,199,680 | ---- | M] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2008/04/13 18:31:44 | 000,290,816 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.siren" -> C:\WINDOWS\System32\sirenacm.dll [sirenacm.dll] -> [2009/07/26 16:44:56 | 000,048,448 | ---- | M] (Microsoft Corporation)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 18:32:36 | 000,086,016 | ---- | M] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/10 05:00:00 | 000,008,192 | ---- | M] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/13 18:33:50 | 000,054,784 | ---- | M] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/13 18:33:28 | 000,080,384 | ---- | M] (Radius Inc.)
"vidc.DIVX" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2008/06/11 01:03:18 | 000,683,520 | ---- | M] (DivX, Inc.)
"VIDC.FFDS" -> C:\WINDOWS\System32\ff_vfw.dll [ff_vfw.dll] -> [2007/12/24 12:47:52 | 000,007,680 | ---- | M] ()
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/10 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/10 05:00:00 | 000,199,168 | ---- | M] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 18:34:32 | 000,848,384 | ---- | M] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 18:33:28 | 000,755,200 | ---- | M] (Intel Corporation)
"vidc.LEAD" -> [LCODCCMP.DLL] -> File not found
"vidc.yv12" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2008/06/11 01:03:18 | 000,683,520 | ---- | M] (DivX, Inc.)
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\SwDir.dll [Shockwave ActiveX Control] -> [2009/01/16 19:25:34 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> C:\WINDOWS\system32\Adobe\Director\SwDir.dll [Shockwave ActiveX Control] -> [2009/01/16 19:25:34 | 000,202,168 | ---- | M] (Adobe Systems, Inc.)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{4F07F79F-087F-42cf-8B36-7A88D06088E9} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/03/21 19:00:22 | 000,108,320 | ---- | M] (Sun Microsystems, Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/21 19:00:22 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{C2828995-4A83-4100-A212-3024BA117356} [HKLM] -> C:\Program Files\Windows Live SkyDrive\Microsoft.Live.Folders.RichUpload.3.dll [Outil de téléchargement Windows Live] -> [2008/10/29 11:46:56 | 000,245,112 | ---- | M] (Microsoft Corporation)
{CA8A9780-280D-11CF-A24D-444553540000} [HKLM] -> C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroPDF.dll [Adobe PDF Reader] -> [2007/05/10 22:26:40 | 000,632,432 | ---- | M] (Adobe Systems, Inc.)
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre1.6.0_13\bin\npjpi160_13.dll [Java Plug-in 1.6.0_13] -> File not found
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre1.6.0_13\bin\npjpi160_13.dll [Java Plug-in 1.6.0_13] -> File not found
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_13\bin\npjpi160_13.dll [Java Plug-in 1.6.0_13] -> File not found
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/21 19:00:22 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/21 19:00:22 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_18.dll [Java Plug-in 1.6.0_18] -> [2010/03/21 19:00:22 | 000,136,992 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deploytk.dll [Deployment Toolkit] -> [2010/03/21 19:00:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D2517915-48CE-4286-970F-921E881B8C5C} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Contrôle de l'Assistant de connexion Windows Live] -> [2009/02/17 16:11:04 | 000,408,440 | ---- | M] (Microsoft Corporation)
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [Shockwave Flash Object] -> [2008/03/25 03:32:42 | 002,991,488 | R--- | M] (Adobe Systems, Inc.)
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 000,059,032 | ---- | M] (Adobe Systems Incorporated)
{20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> C:\WINDOWS\Downloaded Program Files\CONFLICT.3\msgrchkr.dll [Checkers Class] -> [2007/02/28 13:21:04 | 000,131,472 | ---- | M] ()
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [&Google] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.)
{52A2AAAE-085D-4187-97EA-8C30DB990436} [HKLM] -> C:\WINDOWS\system32\hhctrl.ocx [HHCtrl Object] -> [2008/04/13 18:31:28 | 000,545,280 | ---- | M] (Microsoft Corporation)
{71576546-354D-41C9-AAE8-31F2EC22BF0D} [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] ()
{754FF233-5D4E-11D2-875B-00A0C93C09B3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Programme d'aide de l'Assistant de connexion Windows Live] -> [2009/02/17 16:11:04 | 000,408,440 | ---- | M] (Microsoft Corporation)
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.)
{B1549E58-3894-11D2-BB7F-00A0C999C4C1} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MessengerStatsPAClient.dll [MessengerStatsClient Class] -> [2007/02/22 22:41:12 | 000,304,544 | ---- | M] ()
{C533ADF1-0C80-11D1-8C54-00A02468F316} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT Helper] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] ()
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/06/18 06:56:52 | 000,094,208 | ---- | M] ()
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [Shockwave Flash Object] -> [2008/03/25 03:32:42 | 002,991,488 | R--- | M] (Adobe Systems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> C:\WINDOWS\Downloaded Program Files\CONFLICT.4\MineSweeper.dll [Minesweeper Flags Class] -> [2007/02/28 13:21:04 | 000,130,472 | ---- | M] ()
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 03:16:42 | 000,059,032 | ---- | M] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> C:\WINDOWS\Downloaded Program Files\CONFLICT.3\msgrchkr.dll [Checkers Class] -> [2007/02/28 13:21:04 | 000,131,472 | ---- | M] ()
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [&Google] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.)
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{5C255C8A-E604-49B4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{71576546-354D-41C9-AAE8-31F2EC22BF0D} [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] ()
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Programme d'aide de l'Assistant de connexion Windows Live] -> [2009/02/17 16:11:04 | 000,408,440 | ---- | M] (Microsoft Corporation)
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> c:\Program Files\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> [2007/01/19 22:56:04 | 002,436,160 | R--- | M] (Google Inc.)
{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} [HKLM] -> C:\Program Files\WOT\WOT.dll [WOT Helper] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] ()
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/06/18 06:56:52 | 000,094,208 | ---- | M] ()
{D2517915-48CE-4286-970F-921E881B8C5C} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Contrôle de l'Assistant de connexion Windows Live] -> [2009/02/17 16:11:04 | 000,408,440 | ---- | M] (Microsoft Corporation)
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx [Shockwave Flash Object] -> [2008/03/25 03:32:42 | 002,991,488 | R--- | M] (Adobe Systems, Inc.)
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [HKLM] -> C:\Program Files\Windows Live\Messenger\msgsc.14.0.8089.0726.dll [Reg Error: Value error.] -> [2009/07/26 16:44:56 | 000,221,520 | ---- | M] (Microsoft Corporation)
{E2D4D26B-0180-43A4-B05F-462D6D54C789} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> [2005/02/21 20:50:34 | 000,368,640 | ---- | M] (SEIKO EPSON CORPORATION)
{F31D1897-7EFD-4647-8687-E05894E382AB} [HKLM] -> C:\WINDOWS\system32\runclose.ocx [Runclose Control] -> [2003/04/07 22:22:14 | 000,045,056 | ---- | M] (Hewlett-Packard Company)
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [HKLM] -> C:\WINDOWS\Downloaded Program Files\CONFLICT.4\MineSweeper.dll [Minesweeper Flags Class] -> [2007/02/28 13:21:04 | 000,130,472 | ---- | M] ()
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.html [@ = Opera.HTML] -> C:\Program Files\Opera\Opera.exe -> [2009/11/20 19:01:18 | 000,832,296 | ---- | M] (Opera Software)
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Classes\<extension>\ ->
.html [@ = FirefoxHTML] -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/01/16 04:14:02 | 000,910,296 | ---- | M] (Mozilla Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
Ias -> C:\WINDOWS\system32\ias -> [2005/11/15 04:10:06 | 000,000,000 | ---D | M]
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2004/01/29 15:08:23 | 001,130,496 | ---- | M] (Microsoft Corporation)
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2004/01/29 15:08:23 | 001,130,496 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2004/01/29 15:08:23 | 001,130,496 | ---- | M] (Microsoft Corporation)
ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> c:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll[Microsoft Infotech Storage Protocol for IE 4.0] -> [2001/06/20 08:26:46 | 000,221,184 | ---- | M] (Microsoft Corporation)
mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKLM] -> C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> [2009/07/19 23:13:30 | 007,255,872 | ---- | M] (Microsoft Corporation)
wot:{C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} [HKLM] -> C:\Program Files\WOT\WOT.dll[WOT Protocol] -> [2009/04/15 12:19:44 | 001,290,912 | ---- | M] ()
< SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
System Bus Extender -> Driver Group
vds -> Service
vga.sys -> Driver
< SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ ->
{36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318} -> Net
{4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService
{4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318} -> System
{4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive
{71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices
Base -> Driver Group
Boot Bus Extender -> Driver Group
Boot file system -> Driver Group
File system -> Driver Group
Filter -> Driver Group
NDIS Wrapper -> Driver Group
NetBIOSGroup -> Driver Group
NetDDEGroup -> Driver Group
Network -> Driver Group
NetworkProvider -> Driver Group
PCI Configuration -> Driver Group
PNP Filter -> Driver Group
PNP_TDI -> Driver Group
Primary disk -> Driver Group
SCSI Class -> Driver Group
sermouse.sys -> Driver
Streams Drivers -> Driver Group
System Bus Extender -> Driver Group
TDI -> Driver Group
vga.sys -> Driver
vsmon -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2008/07/09 08:05:18 | 000,075,304 | ---- | M] (Zone Labs, LLC)
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" -> [1] -> File not found
\\"UpdatesDisableNotify" ->

-> File not found

\\"AntiVirusOverride" ->

-> File not found

\\"FirewallOverride" ->

-> File not found

\\"AntiVirusDisableNotify" ->

-> File not found

\\"FirewallDisableNotify" ->

-> File not found

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall
\Monitoring\ZoneLabsFirewall\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" ->

-> File not found

\\"DisableNotifications" ->

-> File not found

\\"DoNotAllowExceptions" ->

-> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> Google Gmail Notifier
{075473F5-846A-448B-BCB3-104AA1760205} -> Sonic RecordNow Data
{0A65A3BD-54B5-4d0d-B084-7688507813F5} -> SlideShow
{0F9196C6-58B4-445B-B56E-B1200FECC151} -> Microsoft Bootvis
{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6} -> OpenOffice.org 3.1
{1341D838-719C-4A05-B50F-49420CA1B4BB} -> HP Boot Optimizer
{15C0AF59-4877-49B6-B8C6-A61CE54515F5} -> cp_OnlineProjectsConfig
{176B3593-72F1-459C-829C-5E9671E2CB35} -> GameSpy Comrade
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate
{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} -> Google Earth
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Outil de téléchargement Windows Live
{2075CB0A-D26F-4DAA-B424-5079296B43BA} -> Windows Live FolderShare
{20C45B32-5AB6-46A4-94EF-58950CAF05E5} -> EPSON Attach To Email
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{23012310-3E05-46A5-88A9-C6CBCABCAC79} -> Amélioration de nos services
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{2376813B-2E5A-4641-B7B3-A0D5ADB55229} -> HPPhotoSmartExpress
{23FE964A-853B-4176-86D7-9E18B5CA1FC0} -> Media Center Extender
{26A24AE4-039D-4CA4-87B4-2F83216013F0} -> Java(TM) 6 Update 13
{26A24AE4-039D-4CA4-87B4-2F83216018FF} -> Java(TM) 6 Update 18
{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64} -> EPSON Scan Assistant
{2F58D60D-2BFD-4467-9B4D-64E7355C329D} -> Sonic_PrimoSDK
{30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Sonic Update Manager
{314F6D08-A8B7-11D8-8446-0050BA1D384D} -> EPSON Image Clip Palette
{32E4F0D2-C135-475E-A841-1D59A0D22989} -> Sid Meier's Civilization 4 - Beyond the Sword
{33BF0960-DBA3-4187-B6CC-C969FCFA2D25} -> SkinsHP1
{350C940c-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{36D620AD-EEBA-4973-BA86-0C9AE6396620} -> OptionalContentQFolder
{3E4B349F-10B5-4586-9D99-489A90A8B228} -> Sid Meier's Civilization 4 - Warlords
{41E776A5-9B12-416D-9A12-B4F7B044EBED} -> CP_Package_Basic1
{4377F918-E6C9-4ECA-A7F5-754B310B7ED8} -> Sid Meier's Civilization 4
{45B8A76B-57EC-4242-B019-066400CD8428} -> BufferChm
{45D707E9-F3C4-11D9-A373-0050BAE317E1} -> HP DVD Play 2.1
{46ABBC54-1872-4AA3-95E2-F2C063A63F31} -> Installation Windows Live
{4A03706F-666A-4037-7777-5F2748764D10} -> Java Auto Updater
{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C} -> FullDPAppQFolder
{5CFD7508-7774-48FE-8280-7A3C0AE71755} -> Services Internet
{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99} -> muvee autoProducer unPlugged 2.0
{66039B36-96AE-40D1-8A32-071F7A61B738} -> Microsoft LifeChat
{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} -> Sonic Express Labeler
{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C} -> RandMap
{67EDD823-135A-4D59-87BD-950616D6E857} -> EPSON Copy Utility 3
{690BE098-6D0D-493D-B079-BD7E8F81A141} -> Opera 10.10
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} -> Windows Media Player Firefox Plugin
{73E94429-C8A2-46B5-A203-E30C62D5379D} -> Wireless 802.11g USB Adapter
{767CC44C-9BBC-438D-BAD3-FD4595DD148B} -> VC80CRTRedist - 8.0.50727.762
{770F1BEC-2871-4E70-B837-FB8525FFA3B1} -> Windows Live Messenger
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec
{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32} -> EPSON Web-To-Page
{8105684D-8CA6-440D-8F58-7E5FD67A499D} -> Connexion Facile à Internet
{82081779-4175-4666-A457-AB711CD37EF0} -> cp_LightScribeConfig
{829DAAD6-BB11-4BB7-921B-07FFB703F944} -> CP_Package_Variety3
{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} -> Windows Live Call
{82E55892-6FFD-403F-AA97-D726846768AA} -> CP_AtenaShokunin1Config
{866A0078-DEA7-4348-9C9A-999AF2991EAA} -> SlideShowMusic
{8A534F71-3202-4464-A422-B767295E67B9} -> CP_Package_Variety2
{8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player
{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05} -> Unload
{90110C0A-6000-11D3-8CFE-0050048383C9} -> Microsoft Office XP Professional
{90120000-0020-0409-0000-0000000FF1CE} -> Compatibility Pack for the 2007 Office system
{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E} -> Intel(R) Matrix Storage Manager
{93E5A317-24EC-4744-812C-16FECFE86E6A} -> CP_Package_Variety1
{95120000-00B9-0409-0000-0000000FF1CE} -> Microsoft Application Error Reporting
{9A394342-4A68-4EBA-85A6-55B559F4E700} -> Microsoft .NET Framework 1.1 French Language Pack
{9F7AF7CD-E3D0-4C68-A3BA-C76C359B3AA8} -> LightScribe 1.4.105.1
{A059DE09-1B49-4450-B340-7AE097EC3F04} -> Microsoft Works
{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} -> Segoe UI
{A29800BA-0BF1-4E63-9F31-DF05A87F4104} -> InstantShareDevices
{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} -> Rome - Total War(TM)
{AB5D51AE-EBC3-438D-872C-705C7C2084B0} -> DeviceManagementQFolder
{AB708C9B-97C8-4AC9-899B-DBF226AC9382} -> Sonic RecordNow Audio
{AC76BA86-7AD7-1036-7B44-A71000000002} -> Adobe Reader 7.1.3 - Français
{B12665F4-4E93-4AB4-B7FC-37053B524629} -> Sonic RecordNow Copy
{B131E59D-202C-43C6-84C9-68F0C37541F1} -> Galerie de photos Windows Live
{B13A7C41581B411290FBC0395694E2A9} -> DivX Converter
{B2157760-AA3C-4E2E-BFE6-D20BC52495D9} -> cp_PosterPrintConfig
{B6286A44-7505-471A-A72B-04EC2DB2F442} -> CueTour
{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3} -> CP_Panorama1Config
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player
{B90450DF-E781-46FD-B1F1-0C86DA40E443} -> PIF DESIGNER
{C1C6767D-B395-43CB-BF99-051B58B86DA6} -> PhotoGallery
{C3FAA091-B278-44A7-BF48-190811C5F9F7} -> cp_UpdateProjectsConfig
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} -> SUPERAntiSpyware Free Edition
{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8} -> Sid Meier's Civilization 4
{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2} -> Assistant de connexion Windows Live
{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38} -> HpSdpAppCoreApp
{DB6BD5D5-8482-45C0-99CF-745C5B924497} -> WOT for Internet Explorer
{E7A02A01-C75A-4490-A168-5CA709A3D862} -> MainConcept for Software Encoder
{E86BC406-944E-41F6-ADE6-2C136734C96B} -> EPSON File Manager
{ED00D08A-3C5F-488D-93A0-A04F21F23956} -> Windows Live Communications Platform
{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F} -> CP_CalendarTemplates1
{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F} -> Le logiciel Intel® Viiv™
{EF36A836-BF89-4A4F-B079-057B0C68C1E0} -> Sid Meier's Civilization IV Colonization
{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU]
{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} -> Microsoft Choice Guard
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F19D07BC-6240-49D3-BA5C-59B015DF8916} -> EPSON Easy Photo Print
{F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
{F80239D8-7811-4D5E-B033-0D0BBFE32920} -> HP DigitalMedia Archive
{FB15E224-67C3-491F-9F5C-F257BC418412} -> Destinations
{FB4740B3-2530-452D-A825-F7AB246CA7DF} -> muvee autoProducer 5.0
{FF77941A-2BFA-4A18-BE2E-69B9498E4D55} -> User Profile Hive Cleanup Service
0D20D36D-A11C-444c-9AF7-70CBFED42ECF -> Otto
99A88D57-2C93-491B-87B8-E41A870FB6BE -> GemMaster Mystic

TMNT · « **Reply #8 on:** March 22, 2010, 05:51:44 PM »

Code: [Select]

ActiveScan 2.0 -> Panda ActiveScan 2.0
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Adobe Shockwave Player -> Adobe Shockwave Player 11
avast5 -> avast! Free Antivirus
BtcMaestro -> HP Wireless Keyboard Driver V1.8 (2.0.W-127AU MUL)
CCleaner -> CCleaner
DAEMON Tools Toolbar -> DAEMON Tools Toolbar
Diablo II -> Diablo II
DVD X Player 4.1 Professional_is1 -> DVD X Player 4.1 Professional
EHome Devices -> Media Center Extender
EL -> Intel(R) Quick Resume Technology Drivers
EPSON Printer and Utilities -> EPSON Logiciel imprimante
EPSON Scanner -> EPSON Scan
ESDX4800_4200 Guide util. -> ESDX4800_4200 Guide util.
ffdshow_is1 -> ffdshow [rev 1723] [2007-12-24]
Foxit Reader -> Foxit Reader
Free Download Manager_is1 -> Free Download Manager 2.5
Half-Life_is1 -> Half-Life
HijackThis -> HijackThis 2.0.2
HP Imaging Device Functions -> HP Imaging Device Functions 7.0
HP Photo & Imaging -> HP Photosmart Premier Software 6.5
HP Photosmart for Media Center PC -> HP Photosmart for Media Center PC
ie8 -> Windows Internet Explorer 8
InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5} -> EPSON Attach To Email
InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79} -> Amélioration de nos services
InstallShield_{5CFD7508-7774-48FE-8280-7A3C0AE71755} -> Services Internet
InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D} -> Connexion Facile à Internet
InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} -> Rome - Total War(TM)
InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862} -> MainConcept for Software Encoder
LastFM_is1 -> Last.fm 1.5.4.24567
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Messenger Plus! Live -> Messenger Plus! Live
Microsoft .NET Framework 1.1  (1033) -> Microsoft .NET Framework 1.1
mIRC -> mIRC
Mozilla Firefox (3.6) -> Mozilla Firefox (3.6)
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
NVIDIA Drivers -> NVIDIA Drivers
PROSet -> Intel(R) PRO Network Connections Drivers
Python 2.2.3 -> Python 2.2.3
pywin32-py2.2 -> Python 2.2 pywin32 extensions (build 203)
RAR Password Cracker -> RAR Password Cracker 4.12
ShockwaveFlash -> Macromedia Flash Player 8
SpywareBlaster_is1 -> SpywareBlaster 4.2
Starcraft -> Starcraft
Transcode360 -> Transcode 360 for Windows Media Center Edition 2005
TVersity Codec Pack -> TVersity Codec Pack 1.2
Unlocker -> Unlocker 1.8.7
VobSub -> VobSub v2.23 (Remove Only)
WIC -> Windows Imaging Component
Winamp -> Winamp
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Lecteur Windows Media 11
Windows XP Service -> Windows XP Service Pack 3
WinLiveSuite_Wave3 -> Installation Windows Live
WinRAR archiver -> Archiveur WinRAR
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
Xfire -> Xfire (remove only)
ZoneAlarm -> ZoneAlarm
< Uninstall List [HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\] > -> HKEY_USERS\S-1-5-21-2898213189-108450122-2556759224-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Antivirus [ Error ] 18/01/2010 03:53:09 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = 
Antivirus [ Error ] 18/01/2010 03:53:10 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = 
Antivirus [ Error ] 18/01/2010 03:53:11 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = 
Antivirus [ Error ] 18/01/2010 03:53:17 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = 
Antivirus [ Error ] 18/01/2010 03:53:21 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = 
Antivirus [ Error ] 18/01/2010 03:53:23 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = 
Antivirus [ Error ] 18/01/2010 03:53:24 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = 
Antivirus [ Error ] 18/01/2010 03:53:25 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = 
Antivirus [ Error ] 18/01/2010 03:53:25 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = 
Antivirus [ Error ] 18/01/2010 03:53:26 Computer Name = NOM-FB9B15D2723 | Source = avast! | ID = 33554522 -> Description = 
Application [ Error ] 21/03/2010 09:31:12 Computer Name = NOM-FB9B15D2723 | Source = COM+ | ID = 135761 -> Description = L'environnement d'exécution a détecté une incohérence dans son état interne qui indique une instabilité possible dans le processus. Cette instabilité peut être provoquée par les composants personnalisés exécutés dans l'application COM+, les composants qu'ils utilisent  ou d'autres facteurs. Erreur dans f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), Hr = 8007041f : InitEventCollector fail
Application [ Error ] 21/03/2010 09:46:24 Computer Name = NOM-FB9B15D2723 | Source = PerfNet | ID = 2004 -> Description = Impossible d'ouvrir le Service serveur. Les données de performance du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0.
Application [ Error ] 21/03/2010 10:34:37 Computer Name = NOM-FB9B15D2723 | Source = PerfNet | ID = 2004 -> Description = Impossible d'ouvrir le Service serveur. Les données de performance du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0.
Application [ Error ] 21/03/2010 10:46:06 Computer Name = NOM-FB9B15D2723 | Source = PerfNet | ID = 2004 -> Description = Impossible d'ouvrir le Service serveur. Les données de performance du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0.
Application [ Error ] 21/03/2010 10:57:10 Computer Name = NOM-FB9B15D2723 | Source = PerfNet | ID = 2004 -> Description = Impossible d'ouvrir le Service serveur. Les données de performance du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0.
Application [ Error ] 21/03/2010 10:58:06 Computer Name = NOM-FB9B15D2723 | Source = WmiAdapter | ID = 4099 -> Description = Échec de l'ouverture de services.
Application [ Error ] 21/03/2010 10:58:07 Computer Name = NOM-FB9B15D2723 | Source = COM+ | ID = 135761 -> Description = L'environnement d'exécution a détecté une incohérence dans son état interne qui indique une instabilité possible dans le processus. Cette instabilité peut être provoquée par les composants personnalisés exécutés dans l'application COM+, les composants qu'ils utilisent  ou d'autres facteurs. Erreur dans f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), Hr = 8007041f : InitEventCollector fail
Application [ Error ] 21/03/2010 11:14:18 Computer Name = NOM-FB9B15D2723 | Source = MsiInstaller | ID = 1008 -> Description = L'installation de C:\Program Files\Fichiers communs\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_26_0_1006.MSI n'est pas autorisée en raison d'une erreur lors du traitement de la stratégie de restriction logicielle. La confiance en l'objet ne peut pas être établie.
Application [ Error ] 21/03/2010 12:07:47 Computer Name = NOM-FB9B15D2723 | Source = PerfNet | ID = 2004 -> Description = Impossible d'ouvrir le Service serveur. Les données de performance du  serveur ne seront pas renvoyées. Le code d'erreur renvoyé est la donnée DWORD 0.
Application [ Error ] 21/03/2010 13:50:37 Computer Name = NOM-FB9B15D2723 | Source = Application Error | ID = 1000 -> Description = Application défaillante javara.exe, version 1.15.0.1745, module défaillant ntdll.dll, version 5.1.2600.5755, adresse de défaillance 0x0000100b.
System [ Error ] 21/03/2010 12:05:32 Computer Name = NOM-FB9B15D2723 | Source = DCOM | ID = 10005 -> Description = DCOM a reçu l'erreur "%1084" lors de la mise en route du service EventSystem avec les arguments ""  pour démarrer le serveur :  {1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 21/03/2010 12:08:11 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7000 -> Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur :   %%3
System [ Error ] 21/03/2010 12:08:23 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7026 -> Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :   Lbd
System [ Error ] 21/03/2010 13:19:57 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7000 -> Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur :   %%3
System [ Error ] 21/03/2010 13:19:58 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7026 -> Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :   Lbd
System [ Error ] 21/03/2010 13:26:59 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7000 -> Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur :   %%3
System [ Error ] 21/03/2010 13:27:00 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7026 -> Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :   Lbd
System [ Error ] 21/03/2010 14:06:45 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7000 -> Description = Le service Planificateur LiveUpdate automatique n'a pas pu démarrer en raison de l'erreur :   %%3
System [ Error ] 21/03/2010 14:06:47 Computer Name = NOM-FB9B15D2723 | Source = Service Control Manager | ID = 7026 -> Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :   Lbd
System [ Error ] 22/03/2010 15:50:03 Computer Name = NOM-FB9B15D2723 | Source = Dhcp | ID = 1002 -> Description = Le bail de l'adresse IP 192.168.1.2 pour la carte réseau dont l'adresse réseau est 00C0A8BF95EA  a été refusé par le serveur DHCP 192.168.1.1 (celui-ci a envoyé un message DHCPNACK).
 
[Files/Folders - Created Within 90 Days]
 OTS.exe -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\OTS.exe -> [2010/03/23 00:08:22 | 000,637,440 | ---- | C] (OldTimer Tools)
 pavboot.sys -> C:\WINDOWS\System32\drivers\pavboot.sys -> [2010/03/22 22:30:17 | 000,028,552 | ---- | C] (Panda Security, S.L.)
 LastGood -> C:\WINDOWS\LastGood -> [2010/03/22 22:30:08 | 000,000,000 | ---D | C]
 Panda Security -> C:\Program Files\Panda Security -> [2010/03/22 22:29:24 | 000,000,000 | ---D | C]
 Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2010/03/21 19:00:52 | 000,000,000 | ---D | C]
 Recent -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Recent -> [2010/03/21 18:50:50 | 000,000,000 | RH-D | C]
 Wise Installation Wizard -> C:\Program Files\Fichiers communs\Wise Installation Wizard -> [2010/03/21 16:14:18 | 000,000,000 | ---D | C]
 moviemk.exe -> C:\WINDOWS\System32\dllcache\moviemk.exe -> [2010/03/10 21:03:11 | 003,558,912 | ---- | C] (Microsoft Corporation)
 msyuv.dll -> C:\WINDOWS\System32\dllcache\msyuv.dll -> [2010/02/10 12:12:40 | 000,017,920 | ---- | C] (Microsoft Corporation)
 Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/02/01 17:25:01 | 000,000,000 | ---D | C]
 aclayers.dll -> C:\WINDOWS\System32\dllcache\aclayers.dll -> [2010/01/13 00:39:24 | 000,471,552 | ---- | C] (Microsoft Corporation)
 Symantec -> C:\Documents and Settings\NetworkService\Application Data\Symantec -> [2007/11/01 14:10:15 | 000,000,000 | ---D | M]
 DivX -> C:\Documents and Settings\LocalService\Application Data\DivX -> [2007/10/28 11:40:57 | 000,000,000 | ---D | M]
 RandFont.dll -> C:\WINDOWS\Fonts\RandFont.dll -> [2006/02/19 10:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.)
 Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2005/11/15 03:23:40 | 000,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2005/11/15 03:23:40 | 000,000,000 | --SD | M]
 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\*.tmp files -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\*.tmp -> 
 
[Files/Folders - Modified Within 90 Days]
 OTS.exe -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\OTS.exe -> [2010/03/23 00:08:28 | 000,637,440 | ---- | M] (OldTimer Tools)
 ntuser.dat -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\ntuser.dat -> [2010/03/23 00:07:57 | 007,602,176 | ---- | M] ()
 Principaux articles traité de Lisbonne.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Principaux articles traité de Lisbonne.doc -> [2010/03/23 00:07:56 | 000,029,184 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/03/22 22:48:03 | 000,000,284 | ---- | M] ()
 activescan2_fr.exe -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\activescan2_fr.exe -> [2010/03/22 22:29:11 | 000,177,176 | ---- | M] ()
 Ad-Aware Update (Weekly).job -> C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job -> [2010/03/22 15:07:00 | 000,000,512 | ---- | M] ()
 MP Scheduled Scan.job -> C:\WINDOWS\tasks\MP Scheduled Scan.job -> [2010/03/22 01:37:00 | 000,000,330 | -H-- | M] ()
 Raccourci vers sniper.lnk -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Raccourci vers sniper.lnk -> [2010/03/21 19:12:57 | 000,000,695 | ---- | M] ()
 hpsysdrv.dat -> C:\WINDOWS\System\hpsysdrv.dat -> [2010/03/21 19:08:33 | 000,000,248 | ---- | M] ()
 nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2010/03/21 19:07:29 | 000,051,048 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/03/21 19:06:19 | 000,000,006 | -H-- | M] ()
 vsconfig.xml -> C:\WINDOWS\System32\vsconfig.xml -> [2010/03/21 19:06:14 | 000,358,382 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/03/21 19:05:55 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/03/21 19:05:48 | 2145,857,536 | -HS- | M] ()
 ntuser.ini -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\ntuser.ini -> [2010/03/21 19:04:26 | 000,000,284 | -HS- | M] ()
 CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2010/03/21 18:29:35 | 000,003,121 | ---- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2010/03/21 18:24:40 | 000,000,603 | ---- | M] ()
 system.ini -> C:\WINDOWS\system.ini -> [2010/03/21 18:24:40 | 000,000,435 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2010/03/21 18:24:40 | 000,000,289 | RHS- | M] ()
 perfh00C.dat -> C:\WINDOWS\System32\perfh00C.dat -> [2010/03/21 17:12:36 | 000,446,984 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/03/21 17:12:36 | 000,381,828 | ---- | M] ()
 perfc00C.dat -> C:\WINDOWS\System32\perfc00C.dat -> [2010/03/21 17:12:36 | 000,064,724 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/03/21 17:12:36 | 000,053,572 | ---- | M] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/03/21 17:12:35 | 000,956,568 | ---- | M] ()
 fidbox.dat -> C:\WINDOWS\System32\drivers\fidbox.dat -> [2010/03/21 12:57:22 | 142,922,784 | -HS- | M] ()
 aaw7boot.cmd -> C:\aaw7boot.cmd -> [2010/03/21 12:14:53 | 000,000,194 | -H-- | M] ()
 fidbox.idx -> C:\WINDOWS\System32\drivers\fidbox.idx -> [2010/03/20 21:15:18 | 001,913,216 | -HS- | M] ()
 ~$plication letter.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\~$plication letter.doc -> [2010/03/20 20:14:38 | 000,000,162 | -H-- | M] ()
 Expose final.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Expose final.doc -> [2010/03/17 12:54:51 | 000,039,424 | ---- | M] ()
 Plan final.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Plan final.doc -> [2010/03/17 08:35:41 | 000,026,112 | ---- | M] ()
 CEDH, Bosphorus, 2005 - commentaire (Camille Cordasco) .doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\CEDH, Bosphorus, 2005 - commentaire (Camille Cordasco) .doc -> [2010/03/16 20:56:31 | 000,071,168 | ---- | M] ()
 wklnhst.dat -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Application Data\wklnhst.dat -> [2010/03/16 06:59:43 | 000,006,728 | ---- | M] ()
 Exposé DIP .doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Exposé DIP .doc -> [2010/03/15 23:41:13 | 000,103,936 | ---- | M] ()
 Relations Sino-Indiennes.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Relations Sino-Indiennes.doc -> [2010/03/15 01:59:01 | 000,043,008 | ---- | M] ()
 aswBoot.exe -> C:\WINDOWS\System32\aswBoot.exe -> [2010/03/09 12:24:05 | 000,153,184 | ---- | M] (ALWIL Software)
 aswTdi.sys -> C:\WINDOWS\System32\drivers\aswTdi.sys -> [2010/03/09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software)
 aswSP.sys -> C:\WINDOWS\System32\drivers\aswSP.sys -> [2010/03/09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software)
 aswRdr.sys -> C:\WINDOWS\System32\drivers\aswRdr.sys -> [2010/03/09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software)
 aswmon2.sys -> C:\WINDOWS\System32\drivers\aswmon2.sys -> [2010/03/09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software)
 aswmon.sys -> C:\WINDOWS\System32\drivers\aswmon.sys -> [2010/03/09 12:08:38 | 000,094,800 | ---- | M] (ALWIL Software)
 aswFsBlk.sys -> C:\WINDOWS\System32\drivers\aswFsBlk.sys -> [2010/03/09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software)
 aavmker4.sys -> C:\WINDOWS\System32\drivers\aavmker4.sys -> [2010/03/09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software)
 rp_stats.dat -> C:\WINDOWS\System32\rp_stats.dat -> [2010/02/21 17:05:31 | 000,000,054 | ---- | M] ()
 rp_rules.dat -> C:\WINDOWS\System32\rp_rules.dat -> [2010/02/21 17:05:30 | 000,000,039 | ---- | M] ()
 EPISMF00.SWB -> C:\WINDOWS\EPISMF00.SWB -> [2010/02/20 14:40:35 | 000,016,574 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/02/18 21:18:51 | 000,001,158 | ---- | M] ()
 avastSS.scr -> C:\WINDOWS\System32\avastSS.scr -> [2010/02/11 19:53:57 | 000,038,848 | ---- | M] (ALWIL Software)
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation)
 srv.sys -> C:\WINDOWS\System32\dllcache\srv.sys -> [2009/12/31 17:50:03 | 000,353,792 | ---- | M] (Microsoft Corporation)
 4 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 1 C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\*.tmp files -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\*.tmp -> 
 
[Files - No Company Name]
 activescan2_fr.exe -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\activescan2_fr.exe -> [2010/03/22 22:29:11 | 000,177,176 | ---- | C] ()
 Principaux articles traité de Lisbonne.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Principaux articles traité de Lisbonne.doc -> [2010/03/21 22:40:41 | 000,029,184 | ---- | C] ()
 Raccourci vers sniper.lnk -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Raccourci vers sniper.lnk -> [2010/03/21 19:12:57 | 000,000,695 | ---- | C] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/03/21 17:06:57 | 2145,857,536 | -HS- | C] ()
 aaw7boot.cmd -> C:\aaw7boot.cmd -> [2010/03/21 12:14:53 | 000,000,194 | -H-- | C] ()
 ~$plication letter.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\~$plication letter.doc -> [2010/03/20 20:14:38 | 000,000,162 | -H-- | C] ()
 Plan final.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Plan final.doc -> [2010/03/17 08:35:41 | 000,026,112 | ---- | C] ()
 Expose final.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Expose final.doc -> [2010/03/17 08:35:38 | 000,039,424 | ---- | C] ()
 CEDH, Bosphorus, 2005 - commentaire (Camille Cordasco) .doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\CEDH, Bosphorus, 2005 - commentaire (Camille Cordasco) .doc -> [2010/03/16 20:56:31 | 000,071,168 | ---- | C] ()
 Exposé DIP .doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Exposé DIP .doc -> [2010/03/15 23:41:12 | 000,103,936 | ---- | C] ()
 Relations Sino-Indiennes.doc -> C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\Relations Sino-Indiennes.doc -> [2010/03/14 23:55:29 | 000,043,008 | ---- | C] ()
 rp_stats.dat -> C:\WINDOWS\System32\rp_stats.dat -> [2010/02/21 17:05:31 | 000,000,054 | ---- | C] ()
 rp_rules.dat -> C:\WINDOWS\System32\rp_rules.dat -> [2010/02/21 17:05:30 | 000,000,039 | ---- | C] ()
 sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2009/08/09 12:46:10 | 000,721,904 | ---- | C] ()
 imsinstall_loc040c.dll -> C:\WINDOWS\System32\imsinstall_loc040c.dll -> [2009/07/09 10:52:20 | 000,021,904 | ---- | C] ()
 imslsp_install_loc040c.dll -> C:\WINDOWS\System32\imslsp_install_loc040c.dll -> [2009/07/09 10:52:20 | 000,017,808 | ---- | C] ()
 libeay32_0.9.6l.dll -> C:\WINDOWS\System32\libeay32_0.9.6l.dll -> [2009/07/09 10:51:53 | 000,796,048 | ---- | C] ()
 GTW32N50.dll -> C:\WINDOWS\System32\GTW32N50.dll -> [2008/07/29 00:07:31 | 000,094,208 | ---- | C] ()
 ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2008/07/27 15:44:57 | 000,007,680 | ---- | C] ()
 ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2008/07/27 15:44:57 | 000,000,547 | ---- | C] ()
 SystemInfo32.sys -> C:\WINDOWS\System32\SystemInfo32.sys -> [2008/07/24 21:43:33 | 000,000,014 | ---- | C] ()
 PICSDK.ini -> C:\WINDOWS\System32\PICSDK.ini -> [2008/07/24 21:17:35 | 000,000,099 | ---- | C] ()
 NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2008/07/22 20:40:42 | 000,000,069 | ---- | C] ()
 graphedit.INI -> C:\WINDOWS\graphedit.INI -> [2008/07/22 04:10:50 | 000,000,000 | ---- | C] ()
 qt-dx331.dll -> C:\WINDOWS\System32\qt-dx331.dll -> [2008/06/11 01:07:20 | 003,596,288 | ---- | C] ()
 dtu100.dll.manifest -> C:\WINDOWS\System32\dtu100.dll.manifest -> [2008/06/11 01:03:26 | 000,000,416 | ---- | C] ()
 dpl100.dll.manifest -> C:\WINDOWS\System32\dpl100.dll.manifest -> [2008/06/11 01:03:26 | 000,000,416 | ---- | C] ()
 DivXWMPExtType.dll -> C:\WINDOWS\System32\DivXWMPExtType.dll -> [2008/05/22 23:18:54 | 000,012,288 | ---- | C] ()
 _delis32.ini -> C:\WINDOWS\_delis32.ini -> [2007/11/01 02:05:36 | 000,001,088 | ---- | C] ()
 Calendar.INI -> C:\WINDOWS\Calendar.INI -> [2007/08/26 17:53:55 | 000,000,790 | ---- | C] ()
 Edofma.INI -> C:\WINDOWS\Edofma.INI -> [2007/07/20 21:47:00 | 000,000,632 | ---- | C] ()
 exctrlst.INI -> C:\WINDOWS\exctrlst.INI -> [2006/12/12 23:09:49 | 000,000,000 | ---- | C] ()
 wp.ini -> C:\WINDOWS\wp.ini -> [2006/11/26 15:15:17 | 000,000,019 | ---- | C] ()
 wp2.ini -> C:\WINDOWS\wp2.ini -> [2006/11/26 14:50:24 | 000,002,059 | ---- | C] ()
 RomeTW.ini -> C:\WINDOWS\RomeTW.ini -> [2006/09/13 10:13:00 | 000,000,248 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/09/13 08:46:33 | 000,000,379 | ---- | C] ()
 Qtw.ini -> C:\WINDOWS\Qtw.ini -> [2006/09/13 08:35:00 | 000,000,190 | ---- | C] ()
 SIERRA.INI -> C:\WINDOWS\SIERRA.INI -> [2006/09/11 11:06:19 | 000,000,218 | ---- | C] ()
 AmvTransform.ini -> C:\WINDOWS\AmvTransform.ini -> [2006/09/11 10:33:24 | 000,008,836 | R--- | C] ()
 AmvPlayer.ini -> C:\WINDOWS\AmvPlayer.ini -> [2006/09/11 10:33:24 | 000,007,997 | R--- | C] ()
 fwupgrade.ini -> C:\WINDOWS\fwupgrade.ini -> [2006/09/11 10:33:23 | 000,007,915 | R--- | C] ()
 SoundCon.INI -> C:\WINDOWS\SoundCon.INI -> [2006/09/11 10:33:23 | 000,003,677 | R--- | C] ()
 CDE DX4200EFGIPSD.ini -> C:\WINDOWS\CDE DX4200EFGIPSD.ini -> [2006/09/10 13:18:44 | 000,000,027 | ---- | C] ()
 px.ini -> C:\WINDOWS\System32\px.ini -> [2006/06/16 19:58:18 | 000,000,000 | ---- | C] ()
 smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/01/02 22:09:07 | 000,000,061 | ---- | C] ()
 USBkey.sys -> C:\WINDOWS\System32\drivers\USBkey.sys -> [2006/01/02 21:48:22 | 000,028,848 | ---- | C] ()
 CHODDI.SYS -> C:\WINDOWS\System32\CHODDI.SYS -> [2006/01/02 21:45:10 | 000,014,397 | ---- | C] ()
 hpreg.dll -> C:\WINDOWS\System32\hpreg.dll -> [2006/01/02 21:45:06 | 000,045,056 | ---- | C] ()
 WININIT.INI -> C:\WINDOWS\WININIT.INI -> [2006/01/02 21:37:26 | 000,000,210 | ---- | C] ()
 fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2006/01/02 21:32:41 | 000,003,712 | ---- | C] ()
 34CoInstaller.dll -> C:\WINDOWS\System32\34CoInstaller.dll -> [2006/01/02 21:28:27 | 000,003,072 | ---- | C] ()
 nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2006/01/02 21:27:50 | 001,662,976 | ---- | C] ()
 nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2006/01/02 21:27:50 | 001,019,904 | ---- | C] ()
 nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2006/01/02 21:27:50 | 000,466,944 | ---- | C] ()
 nview.dll -> C:\WINDOWS\System32\nview.dll -> [2006/01/02 21:27:49 | 001,466,368 | ---- | C] ()
 nvapi.dll -> C:\WINDOWS\System32\nvapi.dll -> [2006/01/02 21:27:49 | 000,098,304 | ---- | C] ()
 orun32.ini -> C:\WINDOWS\orun32.ini -> [2006/01/02 21:11:19 | 000,000,821 | ---- | C] ()
 pythoncom22.dll -> C:\WINDOWS\System32\pythoncom22.dll -> [2006/01/02 21:06:52 | 000,323,584 | ---- | C] ()
 pywintypes22.dll -> C:\WINDOWS\System32\pywintypes22.dll -> [2006/01/02 21:06:52 | 000,094,208 | ---- | C] ()
 bcbmm.dll -> C:\WINDOWS\System32\bcbmm.dll -> [2006/01/02 21:06:41 | 000,016,896 | ---- | C] ()
 psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2005/08/05 22:38:54 | 000,235,008 | ---- | C] ()
 qt-mt331.dll -> C:\WINDOWS\System32\qt-mt331.dll -> [2004/09/17 04:24:26 | 003,375,104 | ---- | C] ()
 ADFUUD.SYS -> C:\WINDOWS\ADFUUD.SYS -> [2004/09/16 12:26:40 | 000,012,634 | ---- | C] ()
 oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2003/06/24 18:20:22 | 000,000,651 | ---- | C] ()
 unrar.dll -> C:\WINDOWS\System32\unrar.dll -> [2002/10/15 23:54:04 | 000,153,088 | ---- | C] ()
 
[File - Lop Check]
 Age of Empires 3 -> C:\Documents and Settings\All Users\Application Data\Age of Empires 3 -> [2007/09/13 20:56:18 | 000,000,000 | ---D | M]
 Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/02/01 17:25:01 | 000,000,000 | ---D | M]
 Azureus -> C:\Documents and Settings\All Users\Application Data\Azureus -> [2008/07/22 15:23:16 | 000,000,000 | ---D | M]
 DAEMON Tools Lite -> C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite -> [2009/08/09 12:59:12 | 000,000,000 | ---D | M]
 DVD X Studios -> C:\Documents and Settings\All Users\Application Data\DVD X Studios -> [2008/07/24 21:43:20 | 000,000,000 | ---D | M]
 FreeDownloadManager.ORG -> C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG -> [2008/07/26 22:33:10 | 000,000,000 | ---D | M]
 Grisoft -> C:\Documents and Settings\All Users\Application Data\Grisoft -> [2007/07/21 23:50:24 | 000,000,000 | ---D | M]
 Last.fm -> C:\Documents and Settings\All Users\Application Data\Last.fm -> [2008/07/24 21:54:45 | 000,000,000 | ---D | M]
 MailFrontier -> C:\Documents and Settings\All Users\Application Data\MailFrontier -> [2009/07/09 10:52:31 | 000,000,000 | ---D | M]
 Messenger Plus! -> C:\Documents and Settings\All Users\Application Data\Messenger Plus! -> [2006/11/10 21:41:10 | 000,000,000 | ---D | M]
 muvee Technologies -> C:\Documents and Settings\All Users\Application Data\muvee Technologies -> [2008/07/22 04:30:56 | 000,000,000 | ---D | M]
 TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/07/07 14:32:54 | 000,000,000 | ---D | M]
 UDL -> C:\Documents and Settings\All Users\Application Data\UDL -> [2008/07/24 21:20:22 | 000,000,000 | ---D | M]
 Opera -> C:\Documents and Settings\MCX1\Application Data\Opera -> [2008/07/28 19:17:50 | 000,000,000 | ---D | M]
 Ad-Aware Update (Weekly).job -> C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job -> [2010/03/22 15:07:00 | 000,000,512 | ---- | M] ()
 MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2010/03/22 01:37:00 | 000,000,330 | -H-- | M] ()
 
[File - Purity Scan]
 
 
[Alternate Data Streams]
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Dr Jay · « **Reply #9 on:** March 22, 2010, 06:02:28 PM »

Please download DDS by sUBs from BleepingComputer.com or Forospyware.com and save it to your Desktop.

Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results, click Yes to the Optional_Scan
Please follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your Desktop.

TMNT · « **Reply #10 on:** March 22, 2010, 06:12:07 PM »

DDS (Ver_10-03-17.01) - NTFSx86
Run by HP_Administrateur at 1:10:22,96 on 23/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1525 [GMT 1:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Transcode360\Transcode360Tray.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP Wireless Keyboard\KMaestro.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\rundll32.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Administrateur.NOM-FB9B15D2723\Bureau\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [transcode360] c:\program files\transcode360\Transcode360Tray.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [BtcMaestro] "c:\program files\hp wireless keyboard\KMaestro.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [lifeChat] "c:\program files\microsoft lifechat\LifeChat.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\monite~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\menudé~1\progra~1\démarr~1\autoru~1\maximemo.lnk - c:\program files\maximemo\MaxiMemo.exe
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_adm~1.nom\applic~1\mozilla\firefox\profiles\38zcja25.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut. enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi n", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-3-22 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-9-22 162640]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-6-23 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 66632]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-9 394952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-22 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-1 40384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-29 98304]
R2 R54G Wireless Service;R54G Wireless Service;c:\program files\wireless 802.11g monitor\WLService.exe [2009-11-22 49152]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2006-1-2 2829696]
R3 WN5301;LIteon Wireless PCI Network Adapter Service;c:\windows\system32\drivers\wn5301.sys [2006-1-2 468768]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-1 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-1 40384]
S3 mbr;mbr;\??\c:\docume~1\hp_adm~1.nom\locals~1\temp\mbr.sys --> c:\docume~1\hp_adm~1.nom\locals~1\temp\mbr.sys [?]
S3 rt2571;Wireless 802.11g USB Adapter Driver;c:\windows\system32\drivers\rt2571.sys [2007-2-28 79616]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 12872]

=============== Created Last 30 ================

2010-03-22 21:30:17   28552   ----a-w-   c:\windows\system32\drivers\pavboot.sys
2010-03-22 21:29:24   0   d-----w-   c:\program files\Panda Security
2010-03-21 18:00:35   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2010-03-21 17:59:59   0   ----a-w-   c:\windows\system32\REN8D.tmp
2010-03-21 17:59:59   0   ----a-w-   c:\windows\system32\REN8C.tmp
2010-03-21 17:59:59   0   ----a-w-   c:\windows\system32\REN8B.tmp
2010-03-21 15:14:18   0   d-----w-   c:\program files\fichiers communs\Wise Installation Wizard
2010-03-21 11:14:53   194   ---ha-w-   C:\aaw7boot.cmd
2010-03-10 20:03:11   3558912   ------w-   c:\windows\system32\dllcache\moviemk.exe
2010-02-21 16:05:31   54   ----a-w-   c:\windows\system32\rp_stats.dat
2010-02-21 16:05:30   39   ----a-w-   c:\windows\system32\rp_rules.dat

==================== Find3M ====================

2010-03-21 18:00:21   411368   ----a-w-   c:\windows\system32\deploytk.dll
2010-03-21 16:12:36   64724   ----a-w-   c:\windows\system32\perfc00C.dat
2010-03-21 16:12:36   446984   ----a-w-   c:\windows\system32\perfh00C.dat
2010-03-21 11:57:22   142922784   --sha-w-   c:\windows\system32\drivers\fidbox.dat
2010-03-20 20:15:18   1913216   --sha-w-   c:\windows\system32\drivers\fidbox.idx
2010-03-16 05:59:43   6728   ----a-w-   c:\docume~1\hp_adm~1.nom\applic~1\wklnhst.dat
2009-12-31 16:50:03   353792   ------w-   c:\windows\system32\dllcache\srv.sys
2006-11-04 10:09:34   251   ----a-w-   c:\program files\wt3d.ini

============= FINISH: 1:10:34,70 ===============

[Saving space, attachment deleted by admin]

Dr Jay · « **Reply #11 on:** March 22, 2010, 06:24:58 PM »

Please download the OTM.exe by OldTimer.

Save it to your Desktop.
Please double-click OTM.exe to run it.
Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Files
c:\windows\system32\REN8D.tmp
c:\windows\system32\REN8C.tmp
c:\windows\system32\REN8B.tmp
C:\aaw7boot.cmd

:Commands
[emptytemp]
[purity]
[start explorer]
[Reboot]
Return to OTM.exe, right click in the "Paste Instructions for Items to be Moved" window (under the light yellow bar) and choose Paste.
Click the red Moveit! button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

TMNT · « **Reply #12 on:** March 22, 2010, 06:38:27 PM »

All processes killed
========== FILES ==========
c:\windows\system32\REN8D.tmp moved successfully.
c:\windows\system32\REN8C.tmp moved successfully.
c:\windows\system32\REN8B.tmp moved successfully.
C:\aaw7boot.cmd moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HP_Administrateur
->Temp folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 7493 bytes

User: HP_Administrateur.NOM-FB9B15D2723
->Temp folder emptied: 2162515 bytes
->Temporary Internet Files folder emptied: 451068 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 95249506 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1934464 bytes

User: HP_Administrateur.NOM-FB9B15D2723.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 874 bytes

User: LocalService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MCX1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 0 bytes

User: MCX2
->Temp folder emptied: 19958120 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 659266 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 115,00 mb

OTM by OldTimer - Version 3.1.10.1 log created on 03232010_013259

Files moved on Reboot...
File C:\WINDOWS\temp\Perflib_Perfdata_8c4.dat not found!
File C:\WINDOWS\temp\ZLT03511.TMP not found!
File C:\WINDOWS\temp\ZLT037fd.TMP not found!

Registry entries deleted on Reboot...

Dr Jay · « **Reply #13 on:** March 22, 2010, 06:42:42 PM »

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

TMNT · « **Reply #14 on:** March 23, 2010, 08:33:51 AM »

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=eee2c5cdc92cd34f861c368ead367bdc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-23 04:27:19
# local_time=2010-03-23 05:27:19 (+0100, Paris, Madrid)
# country="France"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 11034 11034 0 0
# compatibility_mode=768 16777191 100 0 4267822 4267822 0 0
# compatibility_mode=5889 16764286 0 100 104328045 114821618 0 0
# compatibility_mode=8192 67108863 100 0 3886 3886 0 0
# compatibility_mode=9217 16777214 75 64 22172550 53718644 0 0
# scanned=201368
# found=3
# cleaned=3
# scan_time=12702
C:\Program Files\Unlocker\eBay_shortcuts_1016.exe   a variant of Win32/Adware.ADON application (deleted - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP131\A0088029.exe   a variant of Win32/Adware.ADON application (deleted - quarantined)   00000000000000000000000000000000   C
D:\Varios\Installers\unlocker1.8.7.exe   a variant of Win32/Adware.ADON application (deleted - quarantined)   00000000000000000000000000000000   C

Dr Jay · « **Reply #15 on:** March 23, 2010, 11:19:16 AM »

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

TMNT · « **Reply #16 on:** March 23, 2010, 11:29:10 AM »

Malwarebytes' Anti-Malware 1.44
Database version: 3905
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/03/2010 18:33:08
mbam-log-2010-03-23 (18-33-08).txt

Scan type: Quick Scan
Objects scanned: 175311
Time elapsed: 6 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dr Jay · « **Reply #17 on:** March 23, 2010, 02:34:50 PM »

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

TMNT · « **Reply #18 on:** March 24, 2010, 04:29:25 PM »

Results of screen317's Security Check version 0.99.2
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
ESET Online Scanner v3
ZoneAlarm
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 13
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.1.3 - Français
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
Zone Labs ZoneAlarm zlclient.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Dr Jay · « **Reply #19 on:** March 24, 2010, 07:27:07 PM »

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

====================

Please go to Control Panel > Add or Remove Programs (Programs and Features in Vista/7) and remove the following program:

Java(TM) 6 Update 13
====================

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

SpywareBlaster
SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
Spybot - Search & Destroy.
Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Firefox may be downloaded from here: http://www.getfirefox.com
Opera is available here: http://www.opera.com/download/

See this page for more info about malware and prevention.

TMNT · « **Reply #20 on:** March 29, 2010, 04:49:24 PM »

Thank you very much for your amazing help! I really appreciate it.

Dr Jay · « **Reply #21 on:** March 29, 2010, 09:12:59 PM »

You're welcome. Only too happy to help.

Computer Hope Forum

News:

Author Topic: Win32spytrojan.agent / Keylogger menace (Read 23295 times)

TMNT

Dr Jay

TMNT

Dr Jay

TMNT

Dr Jay

TMNT

TMNT

TMNT

Dr Jay

TMNT

Dr Jay

TMNT

Dr Jay

TMNT

Dr Jay

TMNT

Dr Jay

TMNT

Dr Jay

TMNT

Dr Jay