Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

trojan impossible à supprimer

 

1 utilisateur anonyme et 128 utilisateurs inconnus
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

trojan impossible à supprimer

Prévenir les modérateurs en cas d'abus 
ben1748
ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 06/12/2009 à 07:26:27  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour, voilà depuis au moins un mois je n'arrive pas à supprimer un trojan alureon, alors que j'ai essayer au moins quinze logiciels différents, voici le rapport hijackthis pour celui qui réussira à trouver une solution à mon problème

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 07:21:33, on 06/12/2009
 Platform: Windows Vista SP1 (WinNT 6.00.1905)
 MSIE: Internet Explorer v8.00 (8.00.6001.18828)
 Boot mode: Normal

 EDITION MODERATEUR : Règle du forum à respecter :

 Pas de rapport avant qu'il n'en soit demandé un ! :o

 Veuillez lire l'article suivant :
 http://forum.telecharger.01net [...] ges-1.html

 Merci d'en prendre connaissance.

grosbebe
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 06/12/2009 à 15:43:04  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Ben1748


 Ça va être un peu long, je vais te demander d'installer des logiciels qui vont me donner des rapports, et de là, on verra ce qu'on pourra faire :)

 Quelques remarques préliminaires :
 - ce n'est pas parce qu'il n'y a plus de symptômes que c'est fini
 - à partir de maintenant, n'essaie pas de t'en débarrasser tout seul, je pourrais perdre le fil
 - il y a des étapes à suivre, suis les dans l'ordre dans lesquelles je les mets svp
 - ne prends aucune initiative avec les logiciels que tu vas utiliser : si tu es bloqué, ou si tu as un doute, stoppe tout et reviens me voir ... mal utilisés, ces logiciels peuvent sévèrement endommager ton système.
 - Enfin, il y a toujours les aléas de la vie, même si tout a l'air d'aller, un ordinateur peut planter à n'importe quel moment.



 Si tu es d'accord avec ceci, c'est parti.

 Tu es sous vista, tous les logiciels que je vais te demander de lancer doivent être lancés via un clic droit sur leurs icônes => exécuter en tant qu'administrateur.

 Etape 1

 Télécharge TFC (clique ici) (de Old Timer) sur le bureau

 
  • TFC va fermer toutes tes fenêtres, je te conseille d'enregistrer ton travail puis de les fermer par toi même pour éviter de perdre ton travail
  • Double clique sur TFC.exe pour le lancer
  • Clique sur le bouton Start et patiente quelques instants.
  • Une fois le nettoyage terminé, ton pc va redémarrer. S'il ne le fait pas, redémarre le toi même pour terminer le nettoyage.



 Etape 2

 Télécharge MalwareByte's Anti-Malware :

 
  • Installe le programme
  • Lance-le et mets à jour la base de définition.
  • Choisi Exécuter un examen rapide puis Rechercher
  • Laisse l'analyse se faire (cela peut durer longtemps).
  • A la fin, vérifie que les éléments trouvés soient coché (dans "Résultat de l'examen" ).
  • Puis clique sur Supprimer la sélection en bas.
  • Un redémarrage peut être nécessaire.

 Un rapport va s'afficher, enregistre-le sur ton bureau. Sinon, après le démarrage, il se trouvera dans Rapports/logs

 Et poste le rapport svp

 Une aide à l'utilisation ici



 Etape 3

 
  • Clique ici pour télécharger OTL (de Old Timer) sur ton bureau
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
  • Coche Lop Check et Purity check
  • Sous Custom Scans (en bas), copie/colle ceci

 netsvcs
 %SYSTEMDRIVE%\*.*
 %PROGRAMFILES%\*.*
 %PROGRAMFILES%\*.
 /md5start
 eventlog.dll
 scecli.dll
 netlogon.dll
 cngaudit.dll
 sceclt.dll
 ntelogon.dll
 logevent.dll
 iaStor.sys
 nvstor.sys
 atapi.sys
 IdeChnDr.sys
 viasraid.sys
 AGP440.sys
 vaxscsi.sys
 nvatabus.sys
 viamraid.sys
 nvata.sys
 nvgts.sys
 iastorv.sys
 ViPrt.sys
 eNetHook.dll
 ahcix86.sys
 KR10N.sys
 /md5stop
 %systemroot%\*. /mp /s
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\WindowsUpdate\Auto Update\Results\Install|LastSuc​cessTime /rs


 
  • Clique sur le bouton Run Scan en haut à gauche puis patiente quelques instants.

 
  • A la fin du scan, deux rapports s'ouvriront (OTL.Txt et Extras.Txt). Copie/colle ici l'ensemble des rapports.

 PS : Les rapport sont aussi enregistrés sur le bureau



 Etape 4

 Clique ici pour télécharger Gmer sur ton bureau.

 
  • Ferme tous tes programmes et déconnecte toi d'internet.
  • Désactive tes logiciels de sécurité (antivirus, antispyware, etc).

 
  • Décompresse le sur ton bureau et double clique sur Gmer.exe pour le lancer.
  • Utilisateur de Vista : effectue un clic droit sur gmer.exe et sélectionne "Exécuter en tant qu'administrateur".

 
  • Gmer peut te demander de lancer un scan, accepte. Dans le cas contraire, clique sur l'onglet Rootkit/Malware.

 
  • Sur la droite, vérifie que toutes les cases à cocher sont cochées sauf Show All.

 
  • Clique sur le bouton Scan.
  • Laisse Gmer travailler et ne touche plus à ton ordinateur.
  • Patiente car le scan peut être long.

 
  • A la fin du scan, un rapport s'ouvrira : enregistre le sur le bureau sous le nom "gmer.txt" puis copie/colle son contenu ici.
  • Quitte Gmer et réactive tes logiciels de sécurité.

 Attention à ne rien tenter par toi même !!


 Etape 5

 Copie/colle ici les rapports suivants :
 - Malwarebyte
 - Les 2 rapports d'OTL
 - le rapport de GMER

 Les rapports d'OTL vont être très longs, je préfère que tu mettes un rapport par réponse.
 Tu es censé m'envoyer 4 rapports, donc 4 réponses.

 A plus tard

(Publicité)
ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 07/12/2009 à 14:28:13  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
tout d'abord merci grosbébé pour l'aide que tu m'apportes , alors voici le rapport malwarbytes
 Malwarebytes' Anti-Malware 1.42
 Version de la base de données: 3308
 Windows 6.0.6001 Service Pack 1
 Internet Explorer 8.0.6001.18828

 07/12/2009 14:22:44
 mbam-log-2009-12-07 (14-22-44).txt

 Type de recherche: Examen rapide
 Eléments examinés: 91826
 Temps écoulé: 4 minute(s), 3 second(s)

 Processus mémoire infecté(s): 0
 Module(s) mémoire infecté(s): 0
 Clé(s) du Registre infectée(s): 0
 Valeur(s) du Registre infectée(s): 0
 Elément(s) de données du Registre infecté(s): 0
 Dossier(s) infecté(s): 0
 Fichier(s) infecté(s): 0

 Processus mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Module(s) mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Clé(s) du Registre infectée(s):
 (Aucun élément nuisible détecté)

 Valeur(s) du Registre infectée(s):
 (Aucun élément nuisible détecté)

 Elément(s) de données du Registre infecté(s):
 (Aucun élément nuisible détecté)

 Dossier(s) infecté(s):
 (Aucun élément nuisible détecté)

 Fichier(s) infecté(s):
 (Aucun élément nuisible détecté)

ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 07/12/2009 à 14:41:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
voici le rapport otl.txt
 OTL logfile created on: 07/12/2009 14:34:18 - Run 1
 OTL by OldTimer - Version 3.1.11.8     Folder = C:\Users\benoit\Downloads
 Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
 Internet Explorer (Version = 8.0.6001.18828)
 Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
 2,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 86,52% Memory free
 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 322,83 Gb Total Space | 192,17 Gb Free Space | 59,53% Space Free | Partition Type: NTFS
 Drive D: | 12,52 Gb Total Space | 1,72 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
 Drive E: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 F: Drive not present or media not loaded
 G: Drive not present or media not loaded
 H: Drive not present or media not loaded
 I: Drive not present or media not loaded
 
 Computer Name: PC-DE-BENOIT
 Current User Name: benoit
 Logged in as Administrator.
 
 Current Boot Mode: Normal
 Scan Mode: Current user
 Company Name Whitelist: Off
 Skip Microsoft Files: Off
 File Age = 30 Days
 Output = Standard
 
 ========== Processes (SafeList) ==========
 
 PRC - [2009/12/07 14:31:05 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\benoit\Downloads\OTL.​exe
 PRC - [2009/12/05 14:31:16 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
 PRC - [2009/12/05 14:31:16 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
 PRC - [2009/11/11 10:44:44 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAn​tiSpyware.exe
 PRC - [2009/10/23 07:26:21 | 00,604,416 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.e​xe
 PRC - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
 PRC - [2009/09/30 19:58:42 | 00,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
 PRC - [2009/09/28 08:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
 PRC - [2009/09/08 09:14:01 | 00,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.ex​e
 PRC - [2009/09/08 09:14:01 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.ex​e
 PRC - [2009/08/27 06:23:17 | 00,638,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
 PRC - [2009/08/05 10:27:00 | 01,644,088 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
 PRC - [2009/06/30 13:09:40 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 PRC - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
 PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 PRC - [2008/11/06 13:22:18 | 00,266,240 | ---- | M] () -- C:\Program Files\HP\Button Manager\BM.exe
 PRC - [2008/11/03 17:21:18 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 PRC - [2008/11/03 17:21:16 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 PRC - [2008/06/02 14:09:18 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
 PRC - [2008/05/21 12:33:32 | 00,530,944 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
 PRC - [2008/05/14 23:02:32 | 00,679,936 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.e​xe
 PRC - [2008/02/03 13:58:17 | 00,116,064 | ---- | M] (AOL LLC) -- c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
 PRC - [2008/01/21 03:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
 PRC - [2008/01/21 03:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.e​xe
 PRC - [2008/01/21 03:24:54 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.ex​e
 PRC - [2008/01/21 03:24:13 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 PRC - [2008/01/21 03:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 PRC - [2008/01/21 03:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.ex​e
 PRC - [2007/10/04 11:07:02 | 02,983,208 | ---- | M] () -- C:\Program Files\Thrustmaster\FunAccess\P​SPAP.exe
 PRC - [2007/07/17 10:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\MOM.exe
 PRC - [2007/07/17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CCC.exe
 PRC - [2007/05/16 17:56:44 | 00,067,128 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
 PRC - [2007/04/18 16:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
 PRC - [2006/11/13 13:02:08 | 00,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
 PRC - [2004/04/13 05:07:18 | 00,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateServ​ice\issch.exe
 
 
 ========== Modules (SafeList) ==========
 
 MOD - [2009/12/07 14:31:05 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\benoit\Downloads\OTL.​exe
 MOD - [2008/01/21 03:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsof​t.windows.common-controls_6595​b64144ccf1df_6.0.6001.18000_no​ne_5cdbaa5a083979cc\comctl32.d​ll
 
 
 ========== Win32 Services (SafeList) ==========
 
 SRV - [2009/12/05 14:31:16 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
 SRV - [2009/12/05 14:31:16 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 SRV - [2009/10/23 07:26:21 | 00,604,416 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.e​xe -- (TuneUp.ProgramStatisticsSvc)
 SRV - [2009/10/23 07:26:21 | 00,361,216 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefr​agService.exe -- (TuneUp.Defrag)
 SRV - [2009/10/16 04:47:54 | 00,194,032 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe -- (gusvc)
 SRV - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
 SRV - [2009/09/28 08:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
 SRV - [2009/09/23 14:50:28 | 00,238,960 | ---- | M] (CybelSoft) -- C:\Program Files\ma-config.com\maconfserv​ice.exe -- (maconfservice)
 SRV - [2009/04/27 13:21:36 | 00,028,928 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.d​ll -- (UxTuneUp)
 SRV - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
 SRV - [2009/01/21 12:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
 SRV - [2009/01/07 11:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
 SRV - [2008/11/03 17:21:18 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
 SRV - [2008/06/02 14:09:18 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
 SRV - [2008/05/14 23:02:32 | 00,679,936 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.e​xe -- (Ati External Event Utility)
 SRV - [2008/03/29 00:04:58 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
 SRV - [2008/02/03 11:00:00 | 00,129,992 | ---- | M] (EasyBits Sofware AS) -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
 SRV - [2008/01/21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 SRV - [2006/11/13 13:02:08 | 00,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
 SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV - [2009/12/05 14:31:17 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\av​gntflt.sys -- (avgntflt)
 DRV - [2009/12/05 14:31:17 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ss​mdrv.sys -- (ssmdrv)
 DRV - [2009/11/11 10:44:50 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM​.SYS -- (SASENUM)
 DRV - [2009/11/11 10:44:48 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFS​V.SYS -- (SASDIFSV)
 DRV - [2009/11/11 10:44:46 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTI​L.sys -- (SASKUTIL)
 DRV - [2009/09/23 14:53:20 | 00,014,336 | ---- | M] (CybelSoft) -- C:\Program Files\ma-config.com\Drivers\dr​iverhardwarev2.sys -- (driverhardwarev2)
 DRV - [2009/04/03 10:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\PC​TCore.sys -- (PCTCore)
 DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\av​ipbb.sys -- (avipbb)
 DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
 DRV - [2008/11/03 16:56:40 | 00,327,192 | ---- | M] () -- C:\Windows\system32\drivers\ia​stor.sys -- (iaStor)
 DRV - [2008/07/03 18:03:48 | 02,152,088 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RT​KVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
 DRV - [2008/05/22 20:20:54 | 00,020,640 | ---- | M] (PC-Doctor, Inc.) -- C:\PROGRA~1\PC-DOC~1\PCD5SRVC.​pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05​040000})
 DRV - [2008/05/14 23:49:14 | 03,691,520 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\at​ikmdag.sys -- (atikmdag)
 DRV - [2008/02/14 15:56:02 | 00,118,784 | ---- | M] (Realtek Corporation                                            ) -- C:\Windows\System32\drivers\Rt​lh86.sys -- (RTL8169)
 DRV - [2008/01/21 03:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\me​gasr.sys -- (MegaSR)
 DRV - [2008/01/21 03:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\ad​pu320.sys -- (adpu320)
 DRV - [2008/01/21 03:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\me​gasas.sys -- (megasas)
 DRV - [2008/01/21 03:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\ad​pu160m.sys -- (adpu160m)
 DRV - [2008/01/21 03:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\si​sraid4.sys -- (SiSRaid4)
 DRV - [2008/01/21 03:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hp​cisss.sys -- (HpCISSs)
 DRV - [2008/01/21 03:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\ad​pahci.sys -- (adpahci)
 DRV - [2008/01/21 03:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\ls​i_sas.sys -- (LSI_SAS)
 DRV - [2008/01/21 03:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql​2300.sys -- (ql2300)
 DRV - [2008/01/21 03:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1​G60I32.sys -- (E1G60) Intel(R)
 DRV - [2008/01/21 03:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\ar​csas.sys -- (arcsas)
 DRV - [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\ia​storv.sys -- (iaStorV)
 DRV - [2008/01/21 03:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vs​mraid.sys -- (vsmraid)
 DRV - [2008/01/21 03:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ul​sata2.sys -- (ulsata2)
 DRV - [2008/01/21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\ls​i_scsi.sys -- (LSI_SCSI)
 DRV - [2008/01/21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\ls​i_fc.sys -- (LSI_FC)
 DRV - [2008/01/21 03:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\ar​c.sys -- (arc)
 DRV - [2008/01/21 03:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\el​xstor.sys -- (elxstor)
 DRV - [2008/01/21 03:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\ad​p94xx.sys -- (adp94xx)
 DRV - [2008/01/21 03:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nv​raid.sys -- (nvraid)
 DRV - [2008/01/21 03:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\US​BAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
 DRV - [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nv​stor.sys -- (nvstor)
 DRV - [2008/01/21 03:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\ul​iahci.sys -- (uliahci)
 DRV - [2008/01/21 03:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\vi​aide.sys -- (viaide)
 DRV - [2008/01/21 03:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cm​dide.sys -- (cmdide)
 DRV - [2008/01/21 03:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\al​iide.sys -- (aliide)
 DRV - [2007/07/02 14:08:14 | 00,017,664 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\System32\drivers\Ar​cSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
 DRV - [2007/03/13 17:19:12 | 00,434,304 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\rt​73.sys -- (RT73)
 DRV - [2006/11/10 14:05:00 | 00,018,688 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\af​c.sys -- (Afc)
 DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql​40xx.sys -- (ql40xx)
 DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ul​sata.sys -- (UlSata)
 DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nf​rd960.sys -- (nfrd960)
 DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\ii​rsp.sys -- (iirsp)
 DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\dj​svs.sys -- (aic78xx)
 DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\it​eraid.sys -- (iteraid)
 DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\it​eatapi.sys -- (iteatapi)
 DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sy​mc8xx.sys -- (Symc8xx)
 DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sy​m_u3.sys -- (Sym_u3)
 DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mr​aid35x.sys -- (Mraid35x)
 DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sy​m_hi.sys -- (Sym_hi)
 DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\br​serid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
 DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\br​usbser.sys -- (BrUsbSer)
 DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\br​filtup.sys -- (BrFiltUp)
 DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\br​filtlo.sys -- (BrFiltLo)
 DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\br​serwdm.sys -- (BrSerWdm)
 DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\br​usbmdm.sys -- (BrUsbMdm)
 DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\nt​rigdigi.sys -- (ntrigdigi)
 DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\se​cdrv.sys -- (secdrv)
 DRV - [2005/12/12 18:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\PS​2.sys -- (Ps2)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 IE - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/ [...] on&pf=cndt
 IE - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page = http://www.ustart.org
 
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/ [...] on&pf=cndt
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 CE C5 21 AB 75 CA 01  [binary data]
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,StartPageCache = 1
 IE - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 ========== FireFox ==========
 
 FF - prefs.js..browser.search.selec​tedEngine: "uStart"
 FF - prefs.js..browser.startup.home​page: "http://go.microsoft.com/fwlin​k/?LinkId=69157"
 FF - prefs.js..extensions.enabledIt​ems: {E2883E8F-472F-4fb0-9522-AC9BF​37916A7}:1
 FF - prefs.js..extensions.enabledIt​ems: 6
 FF - prefs.js..extensions.enabledIt​ems: 2
 FF - prefs.js..extensions.enabledIt​ems: 48
 FF - prefs.js..keyword.URL: "http://www.google.com/search?​ie=UTF-8&oe=UTF-8&sourceid=nav​client&gfns=1&q="
 
 
 FF - HKLM\software\mozilla\Firefox\​Extensions\\{3112ca9c-de6d-488​4-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a8​69-9855de68056c} [2009/12/01 21:34:58 | 00,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/01 21:34:53 | 00,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/01 21:34:53 | 00,000,000 | ---D | M]
 
 [2009/10/03 09:43:04 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\mozilla\Extensions
 [2009/11/12 06:58:12 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\mozilla\Firefox\Profiles\wgn​t27b1.default\extensions
 [2009/10/16 06:40:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
 [2006/09/26 12:03:14 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamespl​ayer.dll
 [2009/07/30 23:44:21 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-f​rance.xml
 [2009/07/30 23:44:21 | 00,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tl​fi-fr.xml
 [2009/07/30 23:44:21 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-fra​nce.xml
 [2009/07/30 23:44:21 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedi​a-fr.xml
 [2009/07/30 23:44:21 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-fr​ance.xml
 
 O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\et​c\hosts
 O1 - Hosts: 127.0.0.1       localhost
 O1 - Hosts: ::1             localhost
 O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578​C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\Ac​roIEHelperShim.dll (Adobe Systems Incorporated)
 O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C​75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
 O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
 O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - C:\Program Files\Google\GoogleToolbarNoti​fier\5.4.4525.1752\swg.dll (Google Inc.)
 O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C​1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
 O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
 O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305​ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
 O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
 O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-00902​7A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
 O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305​ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
 O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
 O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
 O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
 O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
 O4 - HKLM..\Run: [ISUSScheduler] C:\Programmes\Common Files\InstallShield\UpdateServ​ice\issch.exe File not found
 O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
 O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
 O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
 O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe (Advanced Micro Devices, Inc.)
 O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
 O4 - HKCU..\Run: [ISUSPM Startup] C:\Programmes\Common Files\InstallShield\UpdateServ​ice\ISUSPM.exe File not found
 O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAn​tiSpyware.exe (SUPERAntiSpyware.com)
 O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe (Google Inc.)
 O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
 O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
 O6 - HKLM\Software\Policies\Microso​ft\Internet Explorer\control panel present
 O6 - HKLM\Software\Policies\Microso​ft\Internet Explorer\restrictions present
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Syst​em: EnableLUA = 0
 O7 - HKCU\Software\Policies\Microso​ft\Internet Explorer\control panel present
 O7 - HKCU\Software\Policies\Microso​ft\Internet Explorer\restrictions present
 O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\r​esources\fr-FR\local\search.ht​ml ()
 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolba​rDynamic_mui_en_60D6097707281E​79.dll (Google Inc.)
 O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\Windows\bdoscandel.exe ()
 O16 - DPF: {215B8138-A3CF-44C5-803F-82261​43CFC0A} http://ushousecall02.trendmicr [...] hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} http://download.bitdefender.co [...] oscan8.cab (BDSCANONLINE Control)
 O16 - DPF: {6EBC6744-5383-4213-AD5E-66434​ECA1812} http://download.sp.f-secure.co [...] uncher.cab (F-Secure Online Scanner Launcher)
 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11​451AFC5} http://download.eset.com/speci [...] canner.cab (OnlineScanner Control)
 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E​0DC46EF} http://fichiers.touslesdrivers [...] _5_3_0.cab (HardwareDetection Control)
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805​F499D93} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_15)
 O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829D​C0B603C} http://fpdownload.macromedia.c [...] rashim.cab (Reg Error: Key error.)
 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF​06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
 O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_01)
 O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_15)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_15)
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3512000} http://fpdownload2.macromedia. [...] wflash.cab (Reg Error: Key error.)
 O17 - HKLM\System\CCS\Services\Tcpip​\Parameters: DhcpNameServer = 192.168.1.1
 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\​MSGRAP~1.DLL (Microsoft Corporation)
 O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\​MSGRAP~1.DLL (Microsoft Corporation)
 O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7B​E1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
 O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINL​O.dll - C:\Program Files\SUPERAntiSpyware\SASWINL​O.dll (SUPERAntiSpyware.com)
 O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F​4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.​DLL (SuperAdBlocker.com)
 O32 - HKLM CDRom: AutoRun - 1
 O32 - AutoRun File - [2008/09/11 15:33:55 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
 O32 - AutoRun File - [2005/10/28 10:15:41 | 00,000,054 | ---- | M] () - E:\AUTORUN.INF -- [ UDF ]
 O33 - MountPoints2\{123f17d2-8d11-11​dd-bba1-806e6f6e6963}\Shell - "" = AutoRun
 O33 - MountPoints2\{123f17d2-8d11-11​dd-bba1-806e6f6e6963}\Shell\Au​toRun\command - "" = E:\pc/Autorun.exe -- [2005/10/25 10:21:16 | 02,672,705 | ---- | M] ()
 O33 - MountPoints2\{4a7b2d78-7ca5-11​de-b19a-0023541f1344}\Shell\Au​toRun\command - "" = J:\APPInst.exe -- File not found
 O33 - MountPoints2\J\Shell\AutoRun\c​ommand - "" = J:\APPInst.exe -- File not found
 O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
 O35 - comfile [open] -- "%1" %*
 O35 - exefile [open] -- "%1" %*
 
 NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.d​ll (TuneUp Software)
 NetSvcs: FastUserSwitchingCompatibility -  File not found
 NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:34:27 | 00,000,000 | ---D | M]
 NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
 NetSvcs: Nla -  File not found
 NetSvcs: Ntmssvc -  File not found
 NetSvcs: NWCWorkstation -  File not found
 NetSvcs: Nwsapagent -  File not found
 NetSvcs: SRService -  File not found
 NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
 NetSvcs: WmdmPmSp -  File not found
 NetSvcs: LogonHours -  File not found
 NetSvcs: PCAudit -  File not found
 NetSvcs: helpsvc -  File not found
 NetSvcs: uploadmgr -  File not found
 NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2009/12/05 14:24:16 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\av​ipbb.sys
 [2009/12/05 14:24:16 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\av​gntflt.sys
 [2009/12/05 14:24:16 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ss​mdrv.sys
 [2009/12/05 14:24:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
 [2009/12/05 14:24:15 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
 [2009/11/26 05:23:19 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 [2009/11/25 05:24:28 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.c​pl
 [2009/11/17 18:53:26 | 00,000,000 | ---D | C] -- C:\ProgramData\F-Secure
 [2009/11/14 14:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
 [2009/11/13 22:13:17 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpywar​e.com
 [2009/11/13 22:12:58 | 00,000,000 | ---D | C] -- C:\Users\benoit\AppData\Roamin​g\SUPERAntiSpyware.com
 [2009/11/13 22:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
 [2009/11/13 22:12:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
 [2009/11/12 23:38:26 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
 [2009/11/12 23:38:26 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
 [2009/11/12 23:38:26 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
 [2009/11/12 23:38:26 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
 [2009/11/12 23:38:12 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
 [2009/11/12 23:38:10 | 00,000,000 | --SD | C] -- C:\ComboFix
 [2009/11/12 22:38:12 | 00,000,000 | ---D | C] -- C:\Qoobox
 [2009/11/12 22:30:22 | 00,000,000 | ---D | C] -- C:\GenProc
 [2009/11/12 08:16:56 | 00,000,000 | ---D | C] -- C:\Users\benoit\Documents\a-sq​uared Free
 [2009/11/12 08:16:56 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
 [2009/11/12 07:59:22 | 02,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 [2009/11/12 07:58:51 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
 [2009/11/12 07:02:44 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
 [2009/11/12 04:57:31 | 00,000,000 | ---D | C] -- C:\ProgramData\vokuharo
 [2009/11/12 04:57:31 | 00,000,000 | ---D | C] -- C:\ProgramData\merahuro
 [2009/11/09 16:08:06 | 00,000,000 | ---D | C] -- C:\Users\benoit\AppData\Roamin​g\Template
 [2009/11/08 05:42:39 | 00,000,000 | ---D | C] -- C:\Users\benoit\AppData\Roamin​g\WinRAR
 [2009/11/08 05:41:12 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
 [2009/10/03 08:53:03 | 01,888,232 | ---- | C] (Inprise Corporation) -- C:\Program Files\VCL40.BPL
 [2009/10/03 08:53:03 | 00,252,408 | ---- | C] (Inprise Corporation) -- C:\Program Files\VCLX40.BPL
 [2009/10/03 08:53:02 | 01,500,160 | ---- | C] (Borland Corporation) -- C:\Program Files\cc3260mt.dll
 [2009/10/03 08:53:02 | 00,908,800 | ---- | C] (Inprise Corporation) -- C:\Program Files\CP3245MT.DLL
 [2009/10/03 08:53:02 | 00,029,952 | ---- | C] (Borland International) -- C:\Program Files\BORLNDMM.DLL
 
 ========== Files - Modified Within 30 Days ==========
 
 [2009/12/07 14:36:22 | 01,572,864 | -HS- | M] () -- C:\Users\benoit\ntuser.dat
 [2009/12/07 14:16:48 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwar​ebytes' Anti-Malware.lnk
 [2009/12/07 14:16:21 | 01,470,810 | ---- | M] () -- C:\Windows\System32\PerfString​Backup.INI
 [2009/12/07 14:16:21 | 00,669,328 | ---- | M] () -- C:\Windows\System32\perfh00C.d​at
 [2009/12/07 14:16:21 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.d​at
 [2009/12/07 14:16:21 | 00,123,350 | ---- | M] () -- C:\Windows\System32\perfc00C.d​at
 [2009/12/07 14:16:21 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.d​at
 [2009/12/07 14:13:34 | 00,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
 [2009/12/07 14:11:26 | 00,000,374 | ---- | M] () -- C:\Windows\System32\drivers\et​c\hosts.ics
 [2009/12/07 14:11:25 | 00,000,530 | ---- | M] () -- C:\Windows\tasks\Maintenance en 1 clic.job
 [2009/12/07 14:11:10 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
 [2009/12/07 14:11:04 | 00,000,394 | ---- | M] () -- C:\Windows\tasks\Hercules WiFiCtrl 2.job
 [2009/12/07 14:11:04 | 00,000,394 | ---- | M] () -- C:\Windows\tasks\Hercules WiFiCtrl 1.job
 [2009/12/07 14:11:04 | 00,000,394 | ---- | M] () -- C:\Windows\tasks\Hercules WiFiCtrl 0.job
 [2009/12/07 14:11:03 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-3​76B-497e-B012-9C450E1B7327-2P-​1.C7483456-A289-439d-8115-6016​32D005A0
 [2009/12/07 14:11:03 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-3​76B-497e-B012-9C450E1B7327-2P-​0.C7483456-A289-439d-8115-6016​32D005A0
 [2009/12/07 14:11:03 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
 [2009/12/07 14:10:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
 [2009/12/07 14:10:49 | 32,204,14464 | -HS- | M] () -- C:\hiberfil.sys
 [2009/12/07 14:09:46 | 00,524,288 | -HS- | M] () -- C:\Users\benoit\NTUSER.DAT{3a5​39871-6a70-11db-887c-d362bd253​390}.TMContainer00000000000000​000001.regtrans-ms
 [2009/12/07 14:09:46 | 00,065,536 | -HS- | M] () -- C:\Users\benoit\NTUSER.DAT{3a5​39871-6a70-11db-887c-d362bd253​390}.TM.blf
 [2009/12/07 13:58:55 | 00,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Syn​chronization-{3462FD8A-0ACF-46​46-BD9A-73CC5A2BCE4E}.job
 [2009/12/06 13:07:56 | 02,740,296 | -H-- | M] () -- C:\Users\benoit\AppData\Local\​IconCache.db
 [2009/12/05 14:31:17 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\av​gntflt.sys
 [2009/12/05 14:31:17 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ss​mdrv.sys
 [2009/12/05 14:24:23 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
 [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mb​amswissarmy.sys
 [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mb​am.sys
 [2009/12/02 10:26:33 | 00,130,048 | ---- | M] () -- C:\Users\benoit\AppData\Local\​DCBC2A71-70D8-4DAN-EHR8-E0D61D​EA3FDF.ini
 [2009/12/01 21:34:54 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozill​a Firefox.lnk
 [2009/11/28 07:03:02 | 00,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
 [2009/11/17 05:10:54 | 74,924,2368 | ---- | M] () -- C:\Humains.avi
 [2009/11/17 05:08:46 | 73,851,2896 | ---- | M] () -- C:\Angels & Demons.avi
 [2009/11/14 14:20:48 | 00,000,132 | ---- | M] () -- C:\Users\benoit\Desktop\Rappor​t - GenProc[2].URL
 [2009/11/14 14:19:09 | 00,001,400 | ---- | M] () -- C:\Users\benoit\Desktop\GenPro​c - Raccourci.lnk
 [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
 [2009/11/13 22:13:01 | 00,000,904 | ---- | M] () -- C:\Users\Public\Desktop\SUPERA​ntiSpyware Free Edition.lnk
 [2009/11/13 21:28:50 | 00,302,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.D​AT
 [2009/11/12 08:17:09 | 00,000,772 | ---- | M] () -- C:\Users\Public\Desktop\a-squa​red Free.lnk
 [2009/11/09 16:26:32 | 00,016,896 | ---- | M] () -- C:\Users\benoit\Documents\cv christelle.wps
 [2009/11/09 16:26:32 | 00,000,102 | ---- | M] () -- C:\Users\benoit\AppData\Roamin​g\wklnhst.dat
 
 ========== Files Created - No Company Name ==========
 
 [2009/12/05 14:24:22 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
 [2009/11/27 07:28:41 | 74,924,2368 | ---- | C] () -- C:\Humains.avi
 [2009/11/27 07:28:22 | 73,851,2896 | ---- | C] () -- C:\Angels & Demons.avi
 [2009/11/14 14:20:48 | 00,000,132 | ---- | C] () -- C:\Users\benoit\Desktop\Rappor​t - GenProc[2].URL
 [2009/11/13 22:13:01 | 00,000,904 | ---- | C] () -- C:\Users\Public\Desktop\SUPERA​ntiSpyware Free Edition.lnk
 [2009/11/12 23:38:26 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
 [2009/11/12 23:38:26 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
 [2009/11/12 23:38:26 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
 [2009/11/12 23:38:26 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
 [2009/11/12 23:38:26 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
 [2009/11/12 22:30:22 | 00,001,400 | ---- | C] () -- C:\Users\benoit\Desktop\GenPro​c - Raccourci.lnk
 [2009/11/12 08:17:09 | 00,000,772 | ---- | C] () -- C:\Users\Public\Desktop\a-squa​red Free.lnk
 [2009/11/12 07:51:09 | 32,204,14464 | -HS- | C] () -- C:\hiberfil.sys
 [2009/11/09 16:26:32 | 00,016,896 | ---- | C] () -- C:\Users\benoit\Documents\cv christelle.wps
 [2009/11/09 16:07:54 | 00,000,102 | ---- | C] () -- C:\Users\benoit\AppData\Roamin​g\wklnhst.dat
 [2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckCo​ntrol.dll
 [2009/07/21 17:19:25 | 00,030,742 | ---- | C] () -- C:\Users\benoit\AppData\Roamin​g\dcdl_prefs
 [2009/07/03 17:02:08 | 00,130,048 | ---- | C] () -- C:\Users\benoit\AppData\Local\​DCBC2A71-70D8-4DAN-EHR8-E0D61D​EA3FDF.ini
 [2009/07/01 16:35:36 | 00,327,192 | ---- | C] () -- C:\Windows\System32\drivers\ia​Stor.sys
 [2009/06/30 12:39:08 | 00,000,680 | ---- | C] () -- C:\Users\benoit\AppData\Local\​d3d9caps.dat
 [2008/09/12 01:06:04 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.d​ll
 [2008/09/11 15:34:46 | 00,000,714 | ---- | C] () -- C:\ProgramData\hpzinstall.log
 [2008/09/11 15:15:28 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom2​5.dll
 [2008/09/11 15:15:28 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes​25.dll
 [2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE​.dll
 [2006/11/02 11:25:26 | 00,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.d​ll
 [2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.i​ni
 [2005/03/14 14:38:28 | 00,000,469 | ---- | C] () -- C:\Windows\bdoscandellang.ini
 [1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\Windows\System32\indounin.d​ll
 [1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.d​ll
 
 ========== LOP Check ==========
 
 [2009/10/16 05:38:09 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\HouseCall 6.6
 [2009/11/09 16:08:06 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\Template
 [2009/10/23 07:23:30 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\TuneUp Software
 [2009/07/10 17:25:38 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\WildTangent
 [2009/07/01 16:29:47 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\WinBatch
 [2009/10/11 07:05:45 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\Zylom
 [2009/12/07 14:11:04 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 0.job
 [2009/12/07 14:11:04 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 1.job
 [2009/12/07 14:11:04 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 2.job
 [2009/09/22 15:41:09 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 3.job
 [2009/09/22 15:41:09 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 4.job
 [2009/09/22 15:41:09 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 5.job
 [2009/09/22 15:41:09 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 6.job
 [2009/12/07 14:11:25 | 00,000,530 | ---- | M] () -- C:\Windows\Tasks\Maintenance en 1 clic.job
 [2009/12/07 14:09:46 | 00,032,494 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 [2009/12/07 13:58:55 | 00,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Syn​chronization-{3462FD8A-0ACF-46​46-BD9A-73CC5A2BCE4E}.job
 
 ========== Purity Check ==========
 
 
 
 ========== Custom Scans ==========
 
 
 < %SYSTEMDRIVE%\*.*  >
 [2009/11/17 05:08:46 | 73,851,2896 | ---- | M] () -- C:\Angels & Demons.avi
 [2008/09/11 15:33:55 | 00,000,074 | ---- | M] () -- C:\autoexec.bat
 [2009/08/03 11:44:21 | 73,440,6994 | ---- | M] () -- C:\BOHRINGER APRÈS LA GUERRE avec Richard Bohringe.avi
 [2008/01/21 03:24:42 | 00,333,203 | RHS- | M] () -- C:\bootmgr
 [2008/09/12 00:53:44 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
 [2009/09/27 20:13:48 | 73,397,4528 | ---- | M] () -- C:\Bruce Willis - Die Hard 1 - Piege de cristal (1988) (fr) (by MartialC).avi
 [2009/07/26 13:23:54 | 73,507,2256 | ---- | M] () -- C:\Coco. de  Gad Elmaleh avec  Gad Elmaleh, Pascale Arbillot, Manu Payet (Comédie) 2009.avi
 [2009/09/15 04:08:52 | 73,177,4976 | ---- | M] () -- C:\Coeur D'Encre.avi
 [2006/09/18 22:43:37 | 00,000,010 | ---- | M] () -- C:\config.sys
 [2009/07/29 17:14:45 | 00,000,000 | ---- | M] () -- C:\Debug.QC6
 [2009/09/27 07:54:49 | 72,301,3632 | ---- | M] () -- C:\die hard 2.avi
 [2009/09/27 19:55:15 | 73,494,5280 | ---- | M] () -- C:\District.9.FRENCH.TS.MD.Xvi​D.READNFO-VODKA.avi
 [2009/07/26 15:54:39 | 72,564,1608 | ---- | M] () -- C:\Fantomas.-.De.Funes.Fr.-.Dv​drip.par.[emule-island.com].avi
 [2009/07/26 19:34:24 | 71,802,4704 | ---- | M] () -- C:\Fantômas Se Déchaîne (1965) - Un Film D'andré Hunebelle - Avec Louis De Funès, Jean Marais, Mylène Demongeot.avi
 [2009/07/30 19:27:55 | 73,732,9152 | ---- | M] () -- C:\FILM - Titanic (Leonardo Dicaprio & Kate Winslet) FR DvDrip XviD By..NiCoRs57...avi
 [2009/10/15 18:51:24 | 00,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
 [2009/09/03 10:17:33 | 73,604,5056 | ---- | M] () -- C:\G.I.Joe.Rise.Of.The.Cobra.F​RENCH.TS.XviD-PasTAgA.FUCK.[emule-island.com].avi
 [2009/10/30 03:51:29 | 73,579,7248 | ---- | M] () -- C:\Ghost - Demi Moore & Patrick Swayze & Whoopi Goldberg 1990 Fr (XviD 02h01).avi
 [2009/08/11 03:59:34 | 73,035,1616 | ---- | M] () -- C:\Grandes Gueules (Les)-Robert Enrico (1965) Lino Ventura, Bourvil, Marie Dubois Divx Fr.avi
 [2009/12/07 14:10:49 | 32,204,14464 | -HS- | M] () -- C:\hiberfil.sys
 [2007/05/17 12:35:18 | 73,197,6192 | ---- | M] () -- C:\Hibernatus - Louis De Funes.avi
 [2009/11/17 05:10:54 | 74,924,2368 | ---- | M] () -- C:\Humains.avi
 [2009/07/29 17:28:39 | 00,061,904 | ---- | M] () -- C:\Installer.log
 [2009/07/19 18:47:22 | 73,419,3616 | ---- | M] () -- C:\Jo (1971) par Jean Girault avec L. De Funès, Claude Gensac, Michel Galabru, Bernard Blier (comédie).avi
 [2009/07/12 15:36:09 | 73,032,2944 | ---- | M] () -- C:\Jumanji.Fr.par_idonkey.ws.a​vi
 [2009/11/06 23:54:10 | 71,856,3328 | ---- | M] () -- C:\Ken.le.survivant.(le film)FRENCH.DVDRIP.XVID.avi
 [2009/09/07 01:29:44 | 73,527,0912 | ---- | M] () -- C:\L'Attaque Du Metro 123.avi
 [2009/11/06 12:12:58 | 73,917,7078 | ---- | M] () -- C:\L'aube Rouge-(Patrick Swayze) Fr.avi
 [2009/09/30 13:13:09 | 73,209,4882 | ---- | M] () -- C:\L'ombre.blanche..[emule-island.com].avi
 [2009/07/19 12:39:57 | 72,429,2076 | ---- | M] () -- C:\La 7eme Compagnie - On A Retrouvé La Septième Compagnie.avi
 [2009/09/07 05:17:52 | 73,377,5872 | ---- | M] () -- C:\La Cite De L'Ombre.avi
 [2009/11/06 13:28:26 | 74,412,4416 | ---- | M] () -- C:\LA GRANDE MENACE - Lino Ventura, Richard Burton (DvD-Rip) [DivX5-Fr].avi
 [2007/05/02 03:54:38 | 70,256,2304 | ---- | M] () -- C:\La Guerre Des Bouton .avi
 [2009/07/20 02:02:39 | 74,263,5520 | ---- | M] () -- C:\La Zizanie, 1977, de Claude Zidi avec Louis de Funès, Annie Girardot, Julien Guiomar, Maurice Risch.avi
 [2009/07/19 03:27:51 | 73,221,0180 | ---- | M] () -- C:\La_7eme_compagnie_au_clair_​de_lune.by.[emule-island.com].AVI
 [2009/09/29 21:16:55 | 71,124,7872 | ---- | M] () -- C:\Le Dernier Recours (Bruce Willis) - Policier - Francais.avi
 [2009/08/03 02:05:11 | 72,673,9660 | ---- | M] () -- C:\le grand chemin (anémone ,bohringer 1986))dvdrip fr.avi
 [2009/09/14 04:20:24 | 55,811,0250 | ---- | M] () -- C:\Le Premier Cercle.avi
 [2009/07/20 10:55:44 | 73,579,9296 | ---- | M] () -- C:\Le Ruffian (Lino Ventura - Bernard Giraudeau - 1983).avi
 [2009/07/30 23:28:53 | 73,116,4672 | ---- | M] () -- C:\Le.Jour.Le.Plus.Long.DVDRip​.FR.-dvdphoenix.fr.st-.avi
 [2009/07/29 17:27:58 | 00,000,091 | ---- | M] () -- C:\LogiSetup.log
 [2009/07/26 07:58:09 | 72,019,1488 | ---- | M] () -- C:\Louis De Funès - 1967 - Fantomas contre Scotland Yard  [DivX.Fr].avi
 [2009/07/19 04:58:50 | 73,204,3734 | ---- | M] () -- C:\Mais_ou_est_passe_la_7eme_c​ompagnie.by.[emule-island.com].AVI
 [2009/05/17 13:24:56 | 72,377,9584 | ---- | M] () -- C:\Maman j'ai encore rater l'avion - Francais DvdRip.avi
 [2009/05/17 11:41:36 | 73,442,9640 | ---- | M] () -- C:\Maman j'ai rater l'avion - Francais DvdRip.avi
 [2009/07/19 22:21:10 | 72,492,8856 | ---- | M] () -- C:\Manimal 1x01 Manimal Fr Vhsrip Xvid-Farmer09.avi
 [2009/07/22 16:17:50 | 36,954,1120 | ---- | M] () -- C:\Manimal-1x02-Illusion-Ld-Pd​tv-Divx-Fr-Lpdm.avi
 [2009/07/19 06:07:00 | 38,685,7772 | ---- | M] () -- C:\Manimal.1x05.Un.Enjeu.D'Imp​ortance.FR.XviD.[tvu.org.ru].avi
 [2008/04/23 12:19:08 | 72,690,4832 | ---- | M] () -- C:\Midnight.Express.French.Dvd​rip.avi
 [2007/09/07 12:42:12 | 73,145,0370 | ---- | M] () -- C:\Mon beau-pere et moi..avi
 [2007/09/09 21:23:10 | 73,373,9510 | ---- | M] () -- C:\Mon beau-pere, mes parents et moi_.avi
 [2009/07/29 17:28:38 | 00,023,686 | ---- | M] () -- C:\MSIInstall.log
 [2009/07/08 23:41:42 | 74,910,3104 | ---- | M] () -- C:\Ong Bak 2 L'honneur Du Dragon En Francais.avi
 [2009/12/07 14:10:48 | 35,342,41792 | -HS- | M] () -- C:\pagefile.sys
 [2009/08/02 19:18:45 | 73,490,4320 | ---- | M] () -- C:\Papy fait de la résistance (Christian Clavier - Gerard Jugnot - Dominique Lavanant - Josiane Balasko).avi
 [2009/09/30 17:04:41 | 73,380,2496 | ---- | M] () -- C:\Piège En Haute Mer (Steven Seagal-Tommy Lee-Jones) Fr Dvdrip Par Pamela Popo.avi
 [2009/07/12 18:35:41 | 73,615,1552 | ---- | M] () -- C:\Predator 2.avi
 [2009/07/14 09:21:36 | 73,417,6108 | ---- | M] () -- C:\Predator.(Schwarzenegger)[BarnZ.DVDrip.Francais].avi
 [2009/11/06 11:30:52 | 73,768,5431 | ---- | M] () -- C:\que la bete meure - claude chabrol - 1969 (ft. michel duchaussoy, caroline cellier, jean yanne, maurice pialat, jean louis maury) fr.avi
 [2009/09/03 01:42:04 | 73,465,4464 | ---- | M] () -- C:\Race.To.Witch.Mountain.FREN​CH.DVDRip.XviD-SURViVAL.FUCK.[eMule-Box.com].avi
 [2009/09/04 08:18:50 | 73,472,6144 | ---- | M] () -- C:\State.Of.Play.FRENCH.DVDRip​.XviD-SURViVAL.CD1.[emule-island.com].avi
 [2009/09/03 09:21:48 | 73,497,8048 | ---- | M] () -- C:\State.Of.Play.FRENCH.DVDRip​.XviD-SURViVAL.CD2.[emule-island.com].avi
 [2009/09/03 12:28:01 | 87,704,3918 | ---- | M] () -- C:\Terminator 4 renaissance- FRENCH.PROPER.TS.MD.XViD.BY.MA​NO.NatzoX.[MeDiA-ArEnA.Tk].avi
 [2009/09/30 05:41:55 | 73,386,2364 | ---- | M] () -- C:\The Island (2004) de Michael Bay Avec Ewan McGregor, Scarlett Johansson, Djimon Hounsou et Sean Bean (Science-fiction;Action;Drame) -2h16- Fr.avi
 [2009/09/02 22:48:42 | 73,141,4528 | ---- | M] () -- C:\The.Day.The.Earth.Stood.Sti​ll.2008.SUBFORCED.FRENCH.DVDRi​P.XviD-GKS.avi
 [2009/09/26 22:06:33 | 72,990,9248 | ---- | M] () -- C:\The_Forgotten.FRENCH.DVDRip​-XViD.par-www.[emule-island.com].avi
 [2009/07/09 01:08:51 | 14,498,74666 | ---- | M] () -- C:\Transformers.2.FRENCH.TS.MD​.XviD-CaSImIR.[emule-island.com].avi
 [2009/08/03 06:37:28 | 73,542,3238 | ---- | M] () -- C:\Walt Disney-Chérie,j'ai rétréci les gosses FR DVD-RIP(1h29mn41s).avi
 [2007/08/18 18:09:46 | 73,365,7088 | ---- | M] () -- C:\Wild.Hogs.FRENCH.DVDRiP.XVi​D-iD-AphrodisiaK.avi
 [2009/07/14 03:11:56 | 73,577,4720 | ---- | M] () -- C:\Will.Hunting.Français.DVDRi​p.XviD.avi
 [2009/09/13 22:40:08 | 73,415,0656 | ---- | M] () -- C:\Wolfhound.avi
 [2009/10/01 04:01:11 | 73,289,5232 | ---- | M] () -- C:\Échec et mort (Steven Seagal) Fr Divx.avi
 
 < %PROGRAMFILES%\*.*  >
 [1998/02/09 19:00:00 | 00,029,952 | ---- | M] (Borland International) -- C:\Program Files\BORLNDMM.DLL
 [2003/01/30 05:04:00 | 01,500,160 | ---- | M] (Borland Corporation) -- C:\Program Files\cc3260mt.dll
 [1999/03/03 20:00:00 | 00,908,800 | ---- | M] (Inprise Corporation) -- C:\Program Files\CP3245MT.DLL
 [2008/01/21 03:43:21 | 00,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 [1999/01/07 20:02:00 | 01,888,232 | ---- | M] (Inprise Corporation) -- C:\Program Files\VCL40.BPL
 [1998/06/18 19:00:00 | 00,252,408 | ---- | M] (Inprise Corporation) -- C:\Program Files\VCLX40.BPL
 
 < %PROGRAMFILES%\*.  >
 [2009/11/12 08:19:48 | 00,000,000 | ---D | M] -- C:\Program Files\a-squared Free
 [2009/07/25 14:15:01 | 00,000,000 | ---D | M] -- C:\Program Files\Activision
 [2009/11/04 05:28:08 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
 [2009/06/30 13:23:12 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software
 [2009/07/21 17:41:42 | 00,000,000 | ---D | M] -- C:\Program Files\Anuman Interactive
 [2008/09/11 15:45:08 | 00,000,000 | ---D | M] -- C:\Program Files\AOL
 [2009/08/09 07:27:51 | 00,000,000 | ---D | M] -- C:\Program Files\ArcSoft
 [2008/09/11 15:21:30 | 00,000,000 | ---D | M] -- C:\Program Files\ATI
 [2008/09/11 15:22:01 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
 [2009/12/05 14:24:15 | 00,000,000 | ---D | M] -- C:\Program Files\Avira
 [2009/10/26 13:25:34 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
 [2009/11/13 22:12:02 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
 [2008/09/11 15:33:06 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
 [2008/09/11 15:44:52 | 00,000,000 | ---D | M] -- C:\Program Files\EasyBits For Kids
 [2009/07/05 18:58:51 | 00,000,000 | ---D | M] -- C:\Program Files\eChanblard
 [2009/11/14 14:28:30 | 00,000,000 | ---D | M] -- C:\Program Files\ESET
 [2009/06/30 11:50:07 | 00,000,000 | -HSD | M] -- C:\Program Files\Fichiers communs
 [2009/10/16 04:47:54 | 00,000,000 | ---D | M] -- C:\Program Files\Google
 [2009/10/15 18:50:12 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
 [2009/08/09 07:29:26 | 00,000,000 | ---D | M] -- C:\Program Files\HP
 [2008/09/11 15:44:06 | 00,000,000 | ---D | M] -- C:\Program Files\HP Games
 [2009/11/01 04:50:26 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
 [2009/07/25 14:08:32 | 00,000,000 | ---D | M] -- C:\Program Files\InstantTouch
 [2009/06/30 11:52:44 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
 [2009/10/29 13:21:21 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
 [2009/09/08 09:13:58 | 00,000,000 | ---D | M] -- C:\Program Files\Java
 [2009/07/29 17:08:00 | 00,000,000 | ---D | M] -- C:\Program Files\Logitech
 [2009/10/26 12:40:31 | 00,000,000 | ---D | M] -- C:\Program Files\ma-config.com
 [2009/10/27 14:08:46 | 00,000,000 | ---D | M] -- C:\Program Files\maj
 [2009/12/07 14:16:48 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
 [2009/11/06 05:29:22 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
 [2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
 [2009/06/30 11:55:29 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
 [2009/06/30 14:08:51 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
 [2009/11/01 04:48:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mindscape
 [2008/09/12 00:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
 [2009/12/01 21:34:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
 [2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
 [2008/09/11 15:33:43 | 00,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
 [2009/10/15 18:50:47 | 00,000,000 | R--D | M] -- C:\Program Files\Online Services
 [2008/09/11 15:40:04 | 00,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for Windows
 [2009/07/21 17:16:13 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
 [2008/09/11 15:24:11 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
 [2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
 [2009/10/16 12:32:15 | 00,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
 [2009/11/13 22:12:59 | 00,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
 [2009/09/22 15:38:05 | 00,000,000 | ---D | M] -- C:\Program Files\Thrustmaster
 [2009/06/30 13:02:59 | 00,000,000 | ---D | M] -- C:\Program Files\Toox
 [2009/10/23 07:26:16 | 00,000,000 | ---D | M] -- C:\Program Files\TuneUp Utilities 2009
 [2006/11/02 14:01:55 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
 [2009/07/09 04:21:46 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN
 [2008/09/12 00:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
 [2008/09/12 00:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
 [2008/09/12 00:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
 [2008/09/12 00:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal
 [2009/11/06 05:29:52 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
 [2009/06/30 12:52:53 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
 [2009/11/13 21:22:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mail
 [2009/10/29 13:21:21 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
 [2009/06/30 11:50:07 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
 [2008/09/12 00:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
 [2009/10/20 18:02:12 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
 [2009/11/08 05:41:37 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
 [2009/09/22 14:15:34 | 00,000,000 | ---D | M] -- C:\Program Files\WordBiz
 [2009/10/06 12:21:31 | 00,000,000 | ---D | M] -- C:\Program Files\Zuma's Revenge!
 [2009/10/11 07:05:39 | 00,000,000 | ---D | M] -- C:\Program Files\Zylom Games
 
 
 < MD5 for: AGP440.SYS  >
 [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37D​B0D360 -- C:\Windows\System32\drivers\AG​P440.sys
 [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37D​B0D360 -- C:\Windows\System32\DriverStor​e\FileRepository\machine.inf_f​750e484\AGP440.sys
 [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37D​B0D360 -- C:\Windows\winsxs\x86_machine.​inf_31bf3856ad364e35_6.0.6001.​18000_none_ba12ed3bbeb0d97a\AG​P440.sys
 [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37D​B0D360 -- C:\Windows\winsxs\x86_machine.​inf_31bf3856ad364e35_6.0.6002.​18005_none_bbfe6647bbd2a4c6\AG​P440.sys
 [2006/11/02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825C​EAD7D8 -- C:\Windows\System32\DriverStor​e\FileRepository\machine.inf_9​20a2c1f\AGP440.sys
 
 < MD5 for: ATAPI.SYS  >
 [2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562D​E40ED9 -- C:\Windows\System32\drivers\at​api.sys
 [2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562D​E40ED9 -- C:\Windows\System32\DriverStor​e\FileRepository\mshdc.inf_cc1​8792d\atapi.sys
 [2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562D​E40ED9 -- C:\Windows\winsxs\x86_mshdc.in​f_31bf3856ad364e35_6.0.6001.18​000_none_dd38281a2189ce9c\atap​i.sys
 [2006/11/02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7E​C7300F -- C:\Windows\System32\DriverStor​e\FileRepository\mshdc.inf_c6c​2e699\atapi.sys
 
 < MD5 for: CNGAUDIT.DLL  >
 [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D​5FED4D -- C:\Windows\System32\cngaudit.d​ll
 [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D​5FED4D -- C:\Windows\winsxs\x86_microsof​t-windows-cngaudit-dll_31bf385​6ad364e35_6.0.6000.16386_none_​e62d292932a96ce6\cngaudit.dll
 
 < MD5 for: EVENTLOG.DLL  >
 [2007/01/12 21:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA0​42B5A8 -- C:\Program Files\CyberLink\PowerDirector\​EventLog.dll
 
 < MD5 for: IASTOR.SYS  >
 [2008/11/03 16:56:40 | 00,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A3​2D58C5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 [2008/11/03 16:56:40 | 00,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A3​2D58C5 -- C:\Windows\System32\DriverStor​e\FileRepository\iastor.inf_29​dfb0d5\iaStor.sys
 [2008/11/03 17:10:08 | 00,406,040 | ---- | M] (Intel Corporation) MD5=5979854E6FDA990107E3170327​022117 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 [2008/06/11 03:51:14 | 00,318,488 | ---- | M] (Intel Corporation) MD5=DE7C12E59605EA7EA0CF6345AF​EB0F07 -- C:\hp\DRIVERS\Intel_RAID\iasto​r.sys
 [2008/06/11 03:51:14 | 00,318,488 | ---- | M] (Intel Corporation) MD5=DE7C12E59605EA7EA0CF6345AF​EB0F07 -- C:\Windows\System32\DriverStor​e\FileRepository\iaahci.inf_1b​8b56cd\iaStor.sys
 [2008/06/11 03:51:14 | 00,318,488 | ---- | M] (Intel Corporation) MD5=DE7C12E59605EA7EA0CF6345AF​EB0F07 -- C:\Windows\System32\DriverStor​e\FileRepository\iastor.inf_7f​488211\iaStor.sys
 [2008/11/03 16:56:40 | 00,327,192 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\ia​Stor.sys
 
 < MD5 for: IASTORV.SYS  >
 [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3​AC3A14 -- C:\Windows\System32\drivers\ia​StorV.sys
 [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3​AC3A14 -- C:\Windows\System32\DriverStor​e\FileRepository\iastorv.inf_c​9df7691\iaStorV.sys
 [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3​AC3A14 -- C:\Windows\winsxs\x86_iastorv.​inf_31bf3856ad364e35_6.0.6001.​18000_none_af11527887c7fa8f\ia​StorV.sys
 [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101​E6C906 -- C:\Windows\System32\DriverStor​e\FileRepository\iastorv.inf_3​7cdafa4\iaStorV.sys
 
 < MD5 for: NETLOGON.DLL  >
 [2008/01/21 03:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025​D4E37F -- C:\Windows\System32\netlogon.d​ll
 [2008/01/21 03:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025​D4E37F -- C:\Windows\winsxs\x86_microsof​t-windows-security-netlogon_31​bf3856ad364e35_6.0.6001.18000_​none_fdb7b74337f9e857\netlogon​.dll
 
 < MD5 for: NVSTOR.SYS  >
 [2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB​76DFFC -- C:\Windows\System32\DriverStor​e\FileRepository\nvraid.inf_73​3654ff\nvstor.sys
 [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2​688177 -- C:\Windows\System32\drivers\nv​stor.sys
 [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2​688177 -- C:\Windows\System32\DriverStor​e\FileRepository\nvraid.inf_31​c3d71d\nvstor.sys
 [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2​688177 -- C:\Windows\winsxs\x86_nvraid.i​nf_31bf3856ad364e35_6.0.6001.1​8000_none_39dac327befea467\nvs​tor.sys
 
 < MD5 for: SCECLI.DLL  >
 [2008/01/21 03:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D5​91E0B9 -- C:\Windows\System32\scecli.dll
 [2008/01/21 03:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D5​91E0B9 -- C:\Windows\winsxs\x86_microsof​t-windows-s..urationengineclie​nt_31bf3856ad364e35_6.0.6001.1​8000_none_380de25bd91b6f12\sce​cli.dll
 
 < %systemroot%\*. /mp /s  >
 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\WindowsUpdate\Auto Update\Results\Install|LastSuc​cessTime /rs  >
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\WindowsUpdate\Auto Update\Results\Install\\LastSu​ccessTime: 2009-12-03 20:22:47
 
 ========== Alternate Data Streams ==========
 
 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1
 < End of report >

ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 07/12/2009 à 14:43:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
et voici le rapport extras.txt
 OTL Extras logfile created on: 07/12/2009 14:34:18 - Run 1
 OTL by OldTimer - Version 3.1.11.8     Folder = C:\Users\benoit\Downloads
 Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
 Internet Explorer (Version = 8.0.6001.18828)
 Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
 2,00 Gb Total Physical Memory | 1,73 Gb Available Physical Memory | 86,52% Memory free
 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 322,83 Gb Total Space | 192,17 Gb Free Space | 59,53% Space Free | Partition Type: NTFS
 Drive D: | 12,52 Gb Total Space | 1,72 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
 Drive E: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 F: Drive not present or media not loaded
 G: Drive not present or media not loaded
 H: Drive not present or media not loaded
 I: Drive not present or media not loaded
 
 Computer Name: PC-DE-BENOIT
 Current User Name: benoit
 Logged in as Administrator.
 
 Current Boot Mode: Normal
 Scan Mode: Current user
 Company Name Whitelist: Off
 Skip Microsoft Files: Off
 File Age = 30 Days
 Output = Standard
 
 ========== Extra Registry (SafeList) ==========
 
 
 ========== File Associations ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\<extension>]
 .chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
 .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
 ========== Shell Spawning ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\<key>\shell\[comma​nd]\command]
 batfile [open] -- "%1" %*
 chm.file [open] -- "%SystemRoot%\hh.exe" %1
 cmdfile [open] -- "%1" %*
 comfile [open] -- "%1" %*
 exefile [open] -- "%1" %*
 helpfile [open] -- Reg Error: Key error.
 hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
 htmlfile [edit] -- Reg Error: Key error.
 htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
 htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,P​rintHTML "%1"
 http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
 https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
 inffile [install] -- %SystemRoot%\System32\InfDefau​ltInstall.exe "%1" (Microsoft Corporation)
 piffile [open] -- "%1" %*
 regfile [merge] -- Reg Error: Key error.
 scrfile [config] -- "%1"
 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
 scrfile [open] -- "%1" /S
 txtfile [edit] -- Reg Error: Key error.
 Unknown [openas] -- %SystemRoot%\system32\rundll32​.exe %SystemRoot%\system32\shell32.​dll,OpenAs_RunDLL %1
 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
 Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
 Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
 Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
 CLSID\{871C5380-42A0-1069-A2EA​-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
 ========== Security Center Settings ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center]
 "cval" = 1
 "UacDisableNotify" = 0
 "InternetSettingsDisableNotify​" = 0
 "AutoUpdateDisableNotify" = 0
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring]
 "DisableMonitoring" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Monitoring\SymantecFirewall]
 "DisableMonitoring" = 1
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Svc]
 "AntiVirusOverride" = 0
 "AntiSpywareOverride" = 0
 "FirewallOverride" = 0
 "VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Security Center\Svc\Vol]
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\DomainProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\StandardProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\StandardProfile\GloballyOpen​Ports\List]
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\PublicProfile]
 "EnableFirewall" = 1
 "DisableNotifications" = 0
 
 ========== Authorized Applications List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\StandardProfile\AuthorizedAp​plications\List]
 "C:\Users\benoit\AppData\Local​\Microsoft\Windows\Temporary Internet Files\Content.IE5\OUA8YZDB\IMG​00098714911567251832-JPG[1].EXE" = C:\Users\benoit\AppData\Local\​Microsoft\Windows\Temporary Internet Files\Content.IE5\OUA8YZDB\IMG​00098714911567251832-JPG[1].EXE:*:Enabled:Microsoft Update -- File not found
 
 
 ========== Vista Active Open Ports Exception List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\FirewallRules]
 "{08372AB4-07A5-433F-8205-4C5E​0C6C0B0F}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svch​ost.exe |
 "{225E91BD-F240-4AF2-8D18-D5C5​62A70E7F}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
 "{34555094-5830-48CE-A320-4757​54D892F9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svch​ost.exe |
 "{65E9D704-FEF2-4E4D-9B7A-31C3​A59D8A75}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svch​ost.exe |
 "{6C1EA106-B5D2-4E0C-9A1E-5FC6​1EBDBC33}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
 "{6C6353DA-C4C2-47B0-A2A4-F36E​6C2D4335}" = lport=2869 | protocol=6 | dir=in | app=system |
 "{909DE325-B98A-4B95-826D-D55C​B666E07F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 "{96AA7CBF-A90A-44F9-A541-E445​A82E62D0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svch​ost.exe |
 "{9EA5F623-A14F-419D-BAF9-D0D2​65D7EEBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svch​ost.exe |
 "{AE860784-86EA-43DC-9965-6A29​14FF31A9}" = lport=2869 | protocol=6 | dir=in | app=system |
 "{D973F3D1-1CFE-4D78-82A8-524E​FEB30785}" = rport=2869 | protocol=6 | dir=out | app=system |
 "{DEB13129-6910-49F7-AD7C-DD9A​DEA268EC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svch​ost.exe |
 
 ========== Vista Active Application Exception List ==========
 
 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Services\SharedA​ccess\Parameters\FirewallPolic​y\FirewallRules]
 "{14AD605F-5B41-4C67-8DA0-5120​01C613BB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
 "{181FFECD-3502-4AF0-9C57-8460​9F0A7690}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfserv​ice.exe |
 "{5FABD0B0-CB3E-4875-961A-1AC5​199F65EE}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfserv​ice.exe |
 "{6CBB3875-EE80-4FB1-B412-5C70​04BCAF9F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
 "{770A5454-6B94-4646-8C56-D327​7CB15A39}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svch​ost.exe |
 "{A61C6E5D-8006-45A4-8E8A-8100​139183ED}" = dir=in | app=c:\program files\cyberlink\powerdirector\​pdr.exe |
 "{B92F1487-017B-44BB-AD4B-923B​EE894FBA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
 "{EBCD4E90-D65F-417B-A7FD-7D43​67BA6F2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svch​ost.exe |
 "TCP Query User{7DE75DF9-E83D-40CF-834F-6​4EA5762E48E}C:\program files\echanblard\emule.exe" = protocol=6 | dir=in | app=c:\program files\echanblard\emule.exe |
 "TCP Query User{BEC12526-435D-4B28-8E5A-2​0FFA4E7992B}C:\program files\instanttouch\bin\cmcente​rv2.exe" = protocol=6 | dir=in | app=c:\program files\instanttouch\bin\cmcente​rv2.exe |
 "TCP Query User{DE4E4E98-C354-425D-A047-7​FF86B023DB5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 "UDP Query User{68DAC708-B911-4AD4-B079-F​7FD14EA6404}C:\program files\instanttouch\bin\cmcente​rv2.exe" = protocol=17 | dir=in | app=c:\program files\instanttouch\bin\cmcente​rv2.exe |
 "UDP Query User{D2319C77-C036-475C-8C2C-E​0946DF71660}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 "UDP Query User{D506BAD0-0845-46D3-B501-5​9CBBC3E93A5}C:\program files\echanblard\emule.exe" = protocol=17 | dir=in | app=c:\program files\echanblard\emule.exe |
 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall]
 "{002D9D5E-29BA-3E6D-9BC4-3D7D​6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
 "{0136FBFC-3519-4989-DB99-877B​235CC2E0}" = Catalyst Control Center Localization Polish
 "{01C8D40E-AED4-B5E8-D219-2364​7DB50D20}" = Catalyst Control Center Localization Turkish
 "{03881930-4D06-344A-ED3C-8A58​6C499596}" = Catalyst Control Center Graphics Full Existing
 "{08C8BF62-64E3-F94F-D3F7-F8D8​7C5561DF}" = CCC Help Russian
 "{09633A5E-3089-41A8-9FF1-3821​71423C5D}" = PSSWCORE
 "{15B8AFD9-92E9-4E86-96D9-83FA​C510B82E}" = HPPhotoSmartPhotobookWebPack1
 "{166BA127-8FF0-9292-03B1-6A2A​820F89E1}" = ATI Catalyst Install Manager
 "{18455581-E099-4BA8-BC6B-F34B​2F06600C}" = Google Toolbar for Internet Explorer
 "{19B87564-DE23-E660-0CF9-2425​84095D07}" = CCC Help English
 "{1C1290DD-EB9D-4F92-A61B-53DD​B77AD53B}" = FunAccess
 "{1C158357-6B36-9CD5-58BE-F91F​83348766}" = Skins
 "{1CBC7616-8CD5-48A6-904B-9060​ECBA8ABD}" = CCC Help Turkish
 "{1D594C94-84C7-4153-DB02-C052​AE52731F}" = CCC Help Portuguese
 "{1FBF6C24-C1FD-4101-A42B-0C56​4F9E8E79}" = CyberLink DVD Suite Deluxe
 "{205C6BDD-7B73-42DE-8505-9A09​3F35A238}" = Outil de téléchargement Windows Live
 "{21F41E5F-BC7E-DEBA-4055-22B6​47A4C1EF}" = Catalyst Control Center Localization Norwegian
 "{22148913-F136-C621-CD3A-284C​5AC009C0}" = Catalyst Control Center Localization Greek
 "{22B775E7-6C42-4FC5-8E10-9A5E​3257BD94}" = MSVCRT
 "{22BB0F0F-6D99-22F5-FF0A-2361​C7719C6A}" = CCC Help Chinese Traditional
 "{22F761D1-8063-4170-ADF7-2D2F​47834CA9}" = VideoToolkit01
 "{2318C2B1-4965-11d4-9B18-0090​27A5CD4F}" = Google Toolbar for Internet Explorer
 "{2379A8F5-BA36-C701-956B-D345​30C61961}" = CCC Help Dutch
 "{254C37AA-6B72-4300-84F6-98A8​2419187E}" = Hewlett-Packard Active Check for Health Check
 "{26A24AE4-039D-4CA4-87B4-2F83​216015FF}" = Java(TM) 6 Update 15
 "{26EC9601-D617-02AE-ABE1-F68B​8560C408}" = Catalyst Control Center InstallProxy
 "{2BB67266-D1A3-4CCC-8EB2-1677​0AB1FB76}" = ArcSoft WebCam Companion 2
 "{2CCBABCB-6427-4A55-B091-4986​4623C43F}" = Google Toolbar for Firefox
 "{2D3E5692-FE93-2920-9C6F-3AEB​FA5359E8}" = CCC Help Japanese
 "{2E4609A3-F5AF-4408-B0C4-B8B8​4BC753DF}" = Catalyst Control Center - Branding
 "{2FF0A015-DE51-BB1D-4CE3-6EDF​C6E8A8E6}" = Catalyst Control Center Graphics Previews Common
 "{303F26F5-FB3A-43BC-CE6D-3F08​FE97B0D6}" = CCC Help Hungarian
 "{3248F0A8-6813-11D6-A77B-00B0​D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
 "{393CC6C1-0390-99FD-1DA5-B831​959BE347}" = Catalyst Control Center Localization Czech
 "{3B160861-7250-451E-B5EE-8B92​BF30A710}" = Microsoft Works
 "{3DCAC530-48B6-EADD-AB19-608E​1FE7A7E5}" = CCC Help Swedish
 "{3E08B2FA-0A22-FAED-136A-5EFD​32A12D8B}" = Catalyst Control Center Localization German
 "{3E31821C-7917-367E-938E-E65F​C413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
 "{3F00BB04-1FBF-5A1F-DC2D-14CF​5F3267CA}" = Catalyst Control Center Localization Russian
 "{40BF1E83-20EB-11D8-97C5-0009​C5020658}" = Power2Go
 "{425FFD94-36BD-4933-881B-FE0B​9DADF2B7}" = Ma-Config.com
 "{46ABBC54-1872-4AA3-95E2-F2C0​63A63F31}" = Installation Windows Live
 "{47BBA6D8-33A6-4252-85F5-9146​25A78566}" = Des Chiffres et des Lettres
 "{51566A36-1DD1-CA73-B66C-4A33​62F32EA0}" = Catalyst Control Center Localization Japanese
 "{55979C41-7D6A-49CC-B591-64AC​1BBE2C8B}" = HP Picasso Media Center Add-In
 "{55A29068-F2CE-456C-9148-C869​879E2357}" = TuneUp Utilities 2009
 "{5A134575-EE63-91E9-C6B0-60A6​A95C8E28}" = CCC Help German
 "{5B61CE81-E7A8-6B0A-8BF9-6D5D​DDF32ABB}" = Catalyst Control Center Localization French
 "{5CC09697-2668-2628-E55F-132F​D5295061}" = Catalyst Control Center Graphics Previews Vista
 "{5DAA9C36-8F8B-462F-8CCA-E205​BC3751F5}" = HP Active Support Library
 "{5DD76286-9BE7-4894-A990-E905​E91AC818}" = Windows Live Mail
 "{669D4A35-146B-4314-89F1-1AC3​D7B88367}" = Hewlett-Packard Asset Agent for Health Check
 "{6B976ADF-8AE8-434E-B282-A06C​7F624D2F}" = Python 2.5.2
 "{6C8B65B8-1804-033C-0DF2-0141​ABC31AFC}" = ccc-utility
 "{719842F9-FF69-4BA6-A6FE-5224​4575E0B3}" = ArcSoft VideoImpression 2
 "{7299052b-02a4-4627-81f2-1818​da5d550d}" = Microsoft Visual C++ 2005 Redistributable
 "{73A43E42-3658-4DD9-8551-FACD​A3632538}" = HP Advisor
 "{770657D0-A123-3C07-8E44-1C83​EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
 "{770F1BEC-2871-4E70-B837-FB85​25FFA3B1}" = Windows Live Messenger
 "{7720C701-DCEA-8681-F19D-ABF8​F71E71D6}" = CCC Help Greek
 "{79A7C14F-87FB-D194-5206-3DE3​60BF6778}" = CCC Help Spanish
 "{7F10292C-A190-4176-A665-A1ED​3478DF86}" = LightScribe System Software
 "{81FD3A08-36E9-FD60-D966-61E9​2BC28B1A}" = Catalyst Control Center Localization Thai
 "{82C7B308-0BDD-49D8-8EA5-9CD3​A3F9DF41}" = Windows Live Call
 "{90120000-0020-040C-0000-0000​000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
 "{9068B2BE-D93A-4C0A-861C-5E35​E2C0E09E}" = Intel® Matrix Storage Manager
 "{95120000-00AF-040C-0000-0000​000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)
 "{95120000-00B9-0409-0000-0000​000FF1CE}" = Microsoft Application Error Reporting
 "{957DFC8D-C41C-7548-5E8A-A6D6​4310831C}" = Catalyst Control Center Localization Spanish
 "{96F32F32-9869-37A1-9E6B-E09D​BC6A167E}" = Catalyst Control Center Graphics Light
 "{97993BF5-2EBA-B819-6887-249D​F3C4516F}" = Catalyst Control Center Localization Swedish
 "{97ABD26A-3249-46CB-B2E2-F66E​64B2E480}" = HP Demo
 "{983DEE06-316F-D636-78CD-C861​B03369E7}" = Catalyst Control Center Localization Hungarian
 "{9A25302D-30C0-39D9-BD6F-21E6​EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
 "{9AD8869D-DC8A-8148-F9CA-C7E3​9B6B8B6F}" = Catalyst Control Center Localization Chinese Standard
 "{9DBA770F-BF73-4D39-B1DF-6035​D95268FC}" = HP Customer Feedback
 "{9E3F7E39-9370-80D0-35BC-C082​E07094F2}" = Catalyst Control Center Graphics Full New
 "{A0640EC2-B97E-4FC1-AD14-227C​9E386BB4}" = HP Recovery Manager RSS
 "{A49F249F-0C91-497F-86DF-B258​5E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
 "{A51781E3-8F27-EBBC-CF3E-FFCF​D5ADD131}" = CCC Help French
 "{A5A042B2-7E3C-8933-5464-EFFE​2DFA3592}" = CCC Help Polish
 "{A7D36A5C-6E73-859C-9112-D046​B2CEDCDB}" = Catalyst Control Center Localization Italian
 "{AC3F7802-D1C9-0A33-A942-DC5E​6F9D796E}" = Catalyst Control Center Localization Chinese Traditional
 "{AC76BA86-7AD7-1036-7B44-A910​00000001}" = Adobe Reader 9.1 - Français
 "{AE140B16-AE8C-8BB0-D518-00EC​B4CF7D03}" = CCC Help Thai
 "{AE219DD8-1BBA-6EBE-D425-7C2C​4D998FF1}" = ccc-core-static
 "{AFC3D130-069B-12FE-83EF-1DAD​C765ECEA}" = CCC Help Chinese Standard
 "{B11022C0-D0A5-3B00-DDA7-83C1​47EBB888}" = Catalyst Control Center Localization Portuguese
 "{B2544A03-10D0-4E5E-BA69-0362​FFC20D18}" = OGA Notifier 2.0.0048.0
 "{B9AB88D8-3A09-4A4A-8993-0E2F​6F9F294B}" = muvee autoProducer 6.1
 "{BB510D08-023C-31F2-0314-CD09​ECBADA6F}" = CCC Help Finnish
 "{C27C82E4-9C53-4D76-9ED3-A01A​3D5EE679}" = HP Customer Experience Enhancements
 "{C59C179C-668D-49A9-B6EA-0121​CCFC1243}" = LabelPrint
 "{C7724EFE-4992-F2F9-2B90-B567​837C4FB0}" = Catalyst Control Center Localization Danish
 "{C8FD5BC1-92EF-4C15-92A9-F9AC​7F61985F}" = HP Update
 "{CA634931-0CC3-4067-ABCC-7182​E1DC23B7}" = HP Button Manager
 "{CB099890-1D5F-11D5-9EA9-0050​BAE317E1}" = PowerDirector
 "{CCA4110E-F079-AE5C-37C6-D708​BCAA9D8A}" = CCC Help Czech
 "{CD4C3C09-6EE6-4BFB-A0CA-AD80​CE71A6D7}" = Fort Boyard - le Jeu
 "{CDDCBBF1-2703-46BC-938B-BCC8​1A1EEAAA}" = SUPERAntiSpyware Free Edition
 "{CE2CDD62-0124-36CA-84D3-9F4D​CF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
 "{D31612BB-C6D7-4142-96AE-16DB​062354CF}" = Manuel de l'utilisateur de la Webcam HP
 "{D47C1EC7-3C98-06CA-5984-E804​88024F20}" = Catalyst Control Center Localization Korean
 "{D4A1A861-F3C5-569E-364F-CE63​751CC266}" = Catalyst Control Center Core Implementation
 "{D74CFE48-087F-46E1-80E6-E295​0E1A8DCE}" = HP Photosmart Essential 2.5
 "{DAA19C88-9787-33FB-8931-50F7​27AB48D3}" = CCC Help Danish
 "{DCE8CD14-FBF5-4464-B9A4-E18E​473546C7}" = Assistant de connexion Windows Live
 "{E0CBCABF-1A89-2225-5030-B247​7AE952D5}" = CCC Help Norwegian
 "{E2DA8D90-592E-3DE6-2361-A869​AB473101}" = CCC Help Italian
 "{E2DFE069-083E-4631-9B6C-43C4​8E991DE5}" = Junk Mail filter update
 "{E535C94A-B87F-4182-BEA8-1E93​22078D3E}" = Cards_Calendar_OrderGift_DoMor​ePlugout
 "{ECEE0279-785F-4CB3-9F28-E698​13234BF8}" = SPORE Creature Creator Trial Edition
 "{ED00D08A-3C5F-488D-93A0-A04F​21F23956}" = Windows Live Communications Platform
 "{EFA52078-2BB4-A3AA-27EB-171F​84B64126}" = Catalyst Control Center Localization Dutch
 "{F0E12BBA-AD66-4022-A453-A1C8​A0C4D570}" = Microsoft Choice Guard
 "{F132AF7F-7BCA-4EDE-8A7C-9581​08FE7DBC}" = Realtek High Definition Audio Driver
 "{F405DC00-37F3-4A5F-97F4-C131​0CCEE53A}" = HP Easy Setup - Frontend
 "{F41C8F4B-E359-2FF3-4C72-AD86​EA5C690D}" = CCC Help Korean
 "{FAB046D7-C187-4648-A1A9-FC87​5F7E3FCE}" = ArcSoft Magic-i 3
 "{FD9A2359-5EFB-56D0-BA76-C2F8​8D6693A1}" = Catalyst Control Center Localization Finnish
 "{FF66E9F6-83E7-3A3E-AF14-8DE9​A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
 "Activision_lmfUninstallKey" = Le Maillon Faible
 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
 "AOL Toolbar" = AOL Toolbar 5.0
 "a-squared Free_is1" = a-squared Free 4.5
 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
 "CCleaner" = CCleaner (remove only)
 "ESET Online Scanner" = ESET Online Scanner v3
 "Google Updater" = Outil de mise à jour Google
 "HijackThis" = HijackThis 2.0.2
 "HP Photosmart Essential" = HP Photosmart Essential 3.0
 "InstallShield_{CB099890-1D5F-​11D5-9EA9-0050BAE317E1}" = PowerDirector
 "Internet Scrabble Club_is1" = WordBiz version 1.8
 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
 "Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
 "Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
 "OfficeTrial" = Version de démonstration de Microsoft Office Home and Student 2007
 "PC-Doctor for Windows" = Outils de diagnostic du matériel
 "QuickTime" = QuickTime
 "Spyware Doctor" = Spyware Doctor 6.0
 "Super billard et snooker 3D_is1" = Super Billard et Snooker 3D
 "Trend Micro HouseCall 6.6" = HouseCall 6.6
 "Trivial Pursuit Genus Edition Deluxe" = Trivial Pursuit Genus Edition Deluxe
 "VLC media player" = VLC media player 1.0.0
 "WildTangent hp Master Uninstall" = My HP Games
 "WinLiveSuite_Wave3" = Installation Windows Live
 "WinRAR archiver" = Logiciel d'archivage WinRAR
 "Zuma's Revenge!1.0" = Zuma's Revenge!
 
 ========== HKEY_CURRENT_USER Uninstall List ==========
 
 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Uninstall]
 "Groom" = Groom
 
 ========== Last 10 Event Log Errors ==========
 
 [ Application Events ]
 Error - 30/11/2009 06:09:14 | Computer Name = PC-de-benoit | Source = WinMgmt | ID = 10
 Description =
 
 Error - 30/11/2009 06:32:31 | Computer Name = PC-de-benoit | Source = WinMgmt | ID = 10
 Description =
 
 Error - 30/11/2009 06:55:47 | Computer Name = PC-de-benoit | Source = WinMgmt | ID = 10
 Description =
 
 Error - 30/11/2009 07:18:18 | Computer Name = PC-de-benoit | Source = WinMgmt | ID = 10
 Description =
 
 Error - 30/11/2009 07:41:35 | Computer Name = PC-de-benoit | Source = WinMgmt | ID = 10
 Description =
 
 Error - 30/11/2009 08:04:48 | Computer Name = PC-de-benoit | Source = WinMgmt | ID = 10
 Description =
 
 Error - 30/11/2009 08:27:49 | Computer Name = PC-de-benoit | Source = WinMgmt | ID = 10
 Description =
 
 Error - 30/11/2009 08:51:02 | Computer Name = PC-de-benoit | Source = WinMgmt | ID = 10
 Description =
 
 Error - 30/11/2009 09:14:17 | Computer Name = PC-de-benoit | Source = WinMgmt | ID = 10
 Description =
 
 Error - 30/11/2009 09:37:31 | Computer Name = PC-de-benoit | Source = WinMgmt | ID = 10
 Description =
 
 [ System Events ]
 Error - 27/10/2009 10:22:12 | Computer Name = PC-de-benoit | Source = HTTP | ID = 15016
 Description =
 
 Error - 27/10/2009 10:23:13 | Computer Name = PC-de-benoit | Source = ipnathlp | ID = 31004
 Description = L'agent proxy DNS n'a pas pu allouer 0 octets de mémoire. Ceci peut
 indiquer que le système n'a plus beaucoup de mémoire virtuelle, ou que le gestionnaire
 de mémoire a rencontré une erreur interne.
 
 Error - 27/10/2009 19:36:11 | Computer Name = PC-de-benoit | Source = EventLog | ID = 6008
 Description = L'arrêt système précédant à 00:33:56 le 28/10/2009 n'était pas prévu.
 
 Error - 27/10/2009 19:36:21 | Computer Name = PC-de-benoit | Source = HTTP | ID = 15016
 Description =
 
 Error - 27/10/2009 20:25:32 | Computer Name = PC-de-benoit | Source = EventLog | ID = 6008
 Description = L'arrêt système précédant à 01:23:03 le 28/10/2009 n'était pas prévu.
 
 Error - 27/10/2009 20:25:43 | Computer Name = PC-de-benoit | Source = HTTP | ID = 15016
 Description =
 
 Error - 27/10/2009 20:57:19 | Computer Name = PC-de-benoit | Source = EventLog | ID = 6008
 Description = L'arrêt système précédant à 01:55:23 le 28/10/2009 n'était pas prévu.
 
 Error - 27/10/2009 20:57:29 | Computer Name = PC-de-benoit | Source = HTTP | ID = 15016
 Description =
 
 Error - 27/10/2009 22:09:17 | Computer Name = PC-de-benoit | Source = EventLog | ID = 6008
 Description = L'arrêt système précédant à 03:07:12 le 28/10/2009 n'était pas prévu.
 
 Error - 27/10/2009 22:09:27 | Computer Name = PC-de-benoit | Source = HTTP | ID = 15016
 Description =
 
 [ TuneUp Events ]
 Error - 30/11/2009 10:22:41 | Computer Name = PC-de-benoit | Source = TuneUp Program Statistics | ID = 131840
 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-30 15:22:41', '\device\harddiskvolume1\progr​am
 files\malwarebytes' anti-malware\mbam.exe','744',0​)
 
 Error - 30/11/2009 10:45:51 | Computer Name = PC-de-benoit | Source = TuneUp Program Statistics | ID = 131840
 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-11-30 15:45:51', '\device\harddiskvolume1\progr​am
 files\malwarebytes' anti-malware\mbam.exe','956',0​)
 
 Error - 01/12/2009 16:29:50 | Computer Name = PC-de-benoit | Source = TuneUp Program Statistics | ID = 131840
 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-01 21:29:50', '\device\harddiskvolume1\progr​am
 files\malwarebytes' anti-malware\mbam.exe','896',0​)
 
 Error - 04/12/2009 16:15:15 | Computer Name = PC-de-benoit | Source = TuneUp Program Statistics | ID = 131840
 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-04 21:15:15', '\device\harddiskvolume1\progr​am
 files\malwarebytes' anti-malware\mbam.exe','616',0​)
 
 Error - 06/12/2009 01:21:41 | Computer Name = PC-de-benoit | Source = TuneUp Program Statistics | ID = 131840
 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-06 06:21:41', '\device\harddiskvolume1\progr​am
 files\malwarebytes' anti-malware\mbam.exe','2332',​0)
 
 Error - 06/12/2009 07:43:42 | Computer Name = PC-de-benoit | Source = TuneUp Program Statistics | ID = 131840
 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-06 12:43:42', '\device\harddiskvolume1\progr​am
 files\malwarebytes' anti-malware\mbam.exe','2096',​0)
 
 Error - 06/12/2009 08:06:56 | Computer Name = PC-de-benoit | Source = TuneUp Program Statistics | ID = 131840
 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-06 13:06:56', '\device\harddiskvolume1\progr​am
 files\malwarebytes' anti-malware\mbam.exe','1576',​0)
 
 Error - 07/12/2009 08:57:17 | Computer Name = PC-de-benoit | Source = TuneUp Program Statistics | ID = 131840
 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-07 13:57:17', '\device\harddiskvolume1\progr​am
 files\malwarebytes' anti-malware\mbam.exe','2228',​0)
 
 Error - 07/12/2009 09:11:17 | Computer Name = PC-de-benoit | Source = TuneUp Program Statistics | ID = 131840
 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-07 14:11:17', '\device\harddiskvolume1\progr​am
 files\malwarebytes' anti-malware\mbam.exe','2288',​0)
 
 Error - 07/12/2009 09:17:02 | Computer Name = PC-de-benoit | Source = TuneUp Program Statistics | ID = 131840
 Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-12-07 14:17:02', '\device\harddiskvolume1\progr​am
 files\malwarebytes' anti-malware\mbam.exe','5340',​0)
 
 
 < End of report >

(Publicité)
ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 07/12/2009 à 15:01:06  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Pour le rapport de gmer, ce n'est pas possible j'ai essayé deux fois le scan en respectant scupuleusement tes conseils et mon ordi a planté deux fois !

grosbebe
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 07/12/2009 à 22:16:43  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re


 Je vois que tu as déjà utilisé Combofix, attention, c'est risqué de l'utiliser sans supervision.


 Tu as une infection relativement coriace à virer  :/  


 Vu que tu es sous vista, tous les logiciels que je vais te demander d'utiliser doivent être lancés via un clic droit >> exécuter en tant qu'administrateur.


 Etape 1

 Ouvre le bloc note et copie/colle dedans le contenu du cadre ci dessous :

 



@echo off
 copy C:\Windows\System32\DriverStor​e\FileRepository\iastor.inf_29​dfb0d5\iaStor.sys c:\iaStor.sys
 del cp.bat and exit



 Enregistre le sur le bureau sous le nom cp.bat
 Sauvegarde le sous le type : Tous les fichiers

 Lance le (clique droit ...). Tu devrais voir une fenêtre s'ouvrir rapidement.



 Etape 2

 Clique ici pour télécharger The Avenger sur ton bureau.
 

  • Clique droit sur le fichier téléchargé, et décompresse le sur le bureau.
  • Lance Avenger.exe (clique droit ...)

 Copie le contenu du cadre ci dessous dans la fenêtre d'avenger sous Input script here:

 



Folders to delete:
 C:\ProgramData\vokuharo
 C:\ProgramData\merahuro

 Files to move:
 c:\iaStor.sys | C:\Windows\System32\drivers\ia​Stor.sys




 Cette étape a été mise ici pour cet utilisateur, si vous n'êtes pas cet utilisateur ne faites pas ce qui suit, vous pourriez sévèrement endommager le fonctionnement de votre système.

 

  • Ferme toutes tes fenêtres à l'exception de celle d'Avenger
  • Clique sur Execute
  • Réponds Yes quand Avenger te le demandera.

 
  • Laisse le pc redémarrer.
  • Après le redémarrage, un rapport s'ouvrira (tu le trouveras aussi à la racine du dd C:\avenger.txt)

 Copie/colle le rapport de Avenger.txt dans ta prochaine réponse.


 Bonne soirée

grosbebe
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 09/12/2009 à 07:34:41  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
salut

 Réponse à ton MP : le forum bug régulièrement, du coup je n'ai pas eu ton rapport et je n'ai pas pu répondre à ton MP  :sarcastic:

 Essaie de remettre ton rapport ici sinon envoie le moi par MP si tu veux.

 Bonne journée

(Publicité)
ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 09/12/2009 à 13:53:42  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re grosbébé voici le rapport d'avenger que j'ai lancé une deuxième fois donc pour vokuharo et merahuro ils avaient bien été supprimés à la première analyse
 Logfile of The Avenger Version 2.0, (c) by Swandog46
 http://swandog46.geekstogo.com

 Platform:  Windows Vista

 *******************

 Script file opened successfully.
 Script file read successfully.

 Backups directory opened successfully at C:\Avenger

 *******************

 Beginning to process script file:

 Rootkit scan active.
 No rootkits found!


 Error:  folder "C:\ProgramData\vokuharo" not found!
 Deletion of folder "C:\ProgramData\vokuharo" failed!
 Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


 Error:  folder "C:\ProgramData\merahuro" not found!
 Deletion of folder "C:\ProgramData\merahuro" failed!
 Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

 File move operation "c:\iaStor.sys|C:\Windows\Syst​em32\drivers\iaStor.sys" completed successfully.

 Completed script processing.

 *******************

 Finished!  Terminate.

grosbebe
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 09/12/2009 à 20:38:41  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re


 ok, toujours des alertes pour ce trojan alureon ?



 etape 1

 
  • ferme toutes tes fenêtres, puis double clique sur otl.exe pour le lancer.
  • coche lop check et purity check
  • sous custom scans (en bas), copie/colle ceci

 %systemdrive%\*.*
 %programfiles%\*.*
 %programfiles%\*.
 /md5start
 eventlog.dll
 scecli.dll
 netlogon.dll
 cngaudit.dll
 sceclt.dll
 ntelogon.dll
 logevent.dll
 iastor.sys
 nvstor.sys
 atapi.sys
 idechndr.sys
 viasraid.sys
 agp440.sys
 vaxscsi.sys
 nvatabus.sys
 viamraid.sys
 nvata.sys
 nvgts.sys
 iastorv.sys
 viprt.sys
 enethook.dll
 ahcix86.sys
 kr10n.sys
 /md5stop


 
  • clique sur le bouton run scan en haut à gauche puis patiente quelques instants.

 
  • poste le contenu du rapport qui s'ouvrira.



 etape 2

 Télécharge RootRepeal en cliquant sur un des liens ci dessous et sauvegarde le sur ton bureau :

 Lien 1
 Lien 2


 
  • Double clique sur RootRepeal pour le lancer
Vista : clique droit sur l'icône > lancer en tant qu'administrateur

 
  • Clique sur l'onglet Report (en bas)
  • Clique sur le bouton scan
  • coche :

 *Drivers
 *Files
 *Processes
 *SSDT
 *Stealth Objects
 *Hidden Services
 *Shadow SSDT


 
  • Clique sur le bouton OK.
  • Fenêtre suivante, sélectionne tous tes lecteurs. Clique sur OK pour lancer le scan.
Patiente le temps du scan et ne touche plus à rien

 
  • A la fin, clique sur le bouton Save Report et sauvegarde le sur le bureau.

 Quitte le programme et poste le rapport svp

 @+

ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 10/12/2009 à 12:38:09  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re grosbébé et oui toutes les deux heures environ avira me dit trojan alureon en me proposant de le supprimer, mettre en quarantaire etc... mais il est toujours là, voici le rapport otl.txt
 OTL logfile created on: 10/12/2009 12:28:43 - Run 2
 OTL by OldTimer - Version 3.1.11.8     Folder = C:\Users\benoit\Downloads
 Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
 Internet Explorer (Version = 8.0.6001.18828)
 Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
 2,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 82,02% Memory free
 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
 Paging file location(s): ?:\pagefile.sys [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
 Drive C: | 322,83 Gb Total Space | 191,97 Gb Free Space | 59,46% Space Free | Partition Type: NTFS
 Drive D: | 12,52 Gb Total Space | 1,72 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
 Drive E: | 4,26 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 F: Drive not present or media not loaded
 G: Drive not present or media not loaded
 H: Drive not present or media not loaded
 I: Drive not present or media not loaded
 
 Computer Name: PC-DE-BENOIT
 Current User Name: benoit
 Logged in as Administrator.
 
 Current Boot Mode: Normal
 Scan Mode: Current user
 Company Name Whitelist: Off
 Skip Microsoft Files: Off
 File Age = 30 Days
 Output = Standard
 
 ========== Processes (SafeList) ==========
 
 PRC - [2009/12/07 14:31:05 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\benoit\Downloads\OTL.​exe
 PRC - [2009/12/05 14:31:16 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
 PRC - [2009/12/05 14:31:16 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
 PRC - [2009/11/11 10:44:44 | 02,001,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAn​tiSpyware.exe
 PRC - [2009/10/23 07:26:21 | 00,604,416 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.e​xe
 PRC - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
 PRC - [2009/09/30 19:58:42 | 00,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
 PRC - [2009/09/28 08:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
 PRC - [2009/08/05 10:27:00 | 01,644,088 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
 PRC - [2009/06/30 13:09:40 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe
 PRC - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
 PRC - [2009/03/02 13:08:11 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 PRC - [2008/11/06 13:22:18 | 00,266,240 | ---- | M] () -- C:\Program Files\HP\Button Manager\BM.exe
 PRC - [2008/11/03 17:21:18 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 PRC - [2008/11/03 17:21:16 | 00,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
 PRC - [2008/10/29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 PRC - [2008/06/02 14:09:18 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
 PRC - [2008/05/21 12:33:32 | 00,530,944 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\Magic-i.exe
 PRC - [2008/05/14 23:02:32 | 00,679,936 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.e​xe
 PRC - [2008/01/21 03:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
 PRC - [2008/01/21 03:24:59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.e​xe
 PRC - [2008/01/21 03:24:13 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 PRC - [2008/01/21 03:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 PRC - [2008/01/21 03:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.ex​e
 PRC - [2007/10/04 11:07:02 | 02,983,208 | ---- | M] () -- C:\Program Files\Thrustmaster\FunAccess\P​SPAP.exe
 PRC - [2007/07/17 10:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- c:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\MOM.exe
 PRC - [2007/07/17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CCC.exe
 PRC - [2007/05/16 17:56:44 | 00,067,128 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
 PRC - [2007/04/18 16:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
 PRC - [2006/11/13 13:02:08 | 00,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe
 PRC - [2004/04/13 05:07:18 | 00,069,632 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateServ​ice\issch.exe
 
 
 ========== Modules (SafeList) ==========
 
 MOD - [2009/12/07 14:31:05 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Users\benoit\Downloads\OTL.​exe
 MOD - [2008/01/21 03:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsof​t.windows.common-controls_6595​b64144ccf1df_6.0.6001.18000_no​ne_5cdbaa5a083979cc\comctl32.d​ll
 
 
 ========== Win32 Services (SafeList) ==========
 
 SRV - [2009/12/05 14:31:16 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
 SRV - [2009/12/05 14:31:16 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
 SRV - [2009/10/23 07:26:21 | 00,604,416 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.e​xe -- (TuneUp.ProgramStatisticsSvc)
 SRV - [2009/10/23 07:26:21 | 00,361,216 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TuneUpDefr​agService.exe -- (TuneUp.Defrag)
 SRV - [2009/10/16 04:47:54 | 00,194,032 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe -- (gusvc)
 SRV - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
 SRV - [2009/09/28 08:42:50 | 00,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
 SRV - [2009/09/23 14:50:28 | 00,238,960 | ---- | M] (CybelSoft) -- C:\Program Files\ma-config.com\maconfserv​ice.exe -- (maconfservice)
 SRV - [2009/04/27 13:21:36 | 00,028,928 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.d​ll -- (UxTuneUp)
 SRV - [2009/03/17 12:25:40 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
 SRV - [2009/01/21 12:08:06 | 01,095,560 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
 SRV - [2009/01/07 11:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
 SRV - [2008/11/03 17:21:18 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
 SRV - [2008/06/02 14:09:18 | 00,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
 SRV - [2008/05/14 23:02:32 | 00,679,936 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.e​xe -- (Ati External Event Utility)
 SRV - [2008/03/29 00:04:58 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService)
 SRV - [2008/02/03 11:00:00 | 00,129,992 | ---- | M] (EasyBits Sofware AS) -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
 SRV - [2008/01/21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 SRV - [2006/11/13 13:02:08 | 00,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr)
 SRV - [2006/11/02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV - [2009/12/05 14:31:17 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\av​gntflt.sys -- (avgntflt)
 DRV - [2009/12/05 14:31:17 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ss​mdrv.sys -- (ssmdrv)
 DRV - [2009/11/11 10:44:50 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM​.SYS -- (SASENUM)
 DRV - [2009/11/11 10:44:48 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFS​V.SYS -- (SASDIFSV)
 DRV - [2009/11/11 10:44:46 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTI​L.sys -- (SASKUTIL)
 DRV - [2009/09/23 14:53:20 | 00,014,336 | ---- | M] (CybelSoft) -- C:\Program Files\ma-config.com\Drivers\dr​iverhardwarev2.sys -- (driverhardwarev2)
 DRV - [2009/04/03 10:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\PC​TCore.sys -- (PCTCore)
 DRV - [2009/03/30 10:32:47 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\av​ipbb.sys -- (avipbb)
 DRV - [2009/02/13 12:34:33 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
 DRV - [2008/11/03 16:56:40 | 00,327,192 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\ia​stor.sys -- (iaStor)
 DRV - [2008/07/03 18:03:48 | 02,152,088 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RT​KVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
 DRV - [2008/05/22 20:20:54 | 00,020,640 | ---- | M] (PC-Doctor, Inc.) -- C:\PROGRA~1\PC-DOC~1\PCD5SRVC.​pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05​040000})
 DRV - [2008/05/14 23:49:14 | 03,691,520 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\at​ikmdag.sys -- (atikmdag)
 DRV - [2008/02/14 15:56:02 | 00,118,784 | ---- | M] (Realtek Corporation                                            ) -- C:\Windows\System32\drivers\Rt​lh86.sys -- (RTL8169)
 DRV - [2008/01/21 03:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\me​gasr.sys -- (MegaSR)
 DRV - [2008/01/21 03:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\ad​pu320.sys -- (adpu320)
 DRV - [2008/01/21 03:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\me​gasas.sys -- (megasas)
 DRV - [2008/01/21 03:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\ad​pu160m.sys -- (adpu160m)
 DRV - [2008/01/21 03:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\si​sraid4.sys -- (SiSRaid4)
 DRV - [2008/01/21 03:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hp​cisss.sys -- (HpCISSs)
 DRV - [2008/01/21 03:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\ad​pahci.sys -- (adpahci)
 DRV - [2008/01/21 03:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\ls​i_sas.sys -- (LSI_SAS)
 DRV - [2008/01/21 03:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql​2300.sys -- (ql2300)
 DRV - [2008/01/21 03:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1​G60I32.sys -- (E1G60) Intel(R)
 DRV - [2008/01/21 03:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\ar​csas.sys -- (arcsas)
 DRV - [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\ia​storv.sys -- (iaStorV)
 DRV - [2008/01/21 03:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vs​mraid.sys -- (vsmraid)
 DRV - [2008/01/21 03:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ul​sata2.sys -- (ulsata2)
 DRV - [2008/01/21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\ls​i_scsi.sys -- (LSI_SCSI)
 DRV - [2008/01/21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\ls​i_fc.sys -- (LSI_FC)
 DRV - [2008/01/21 03:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\ar​c.sys -- (arc)
 DRV - [2008/01/21 03:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\el​xstor.sys -- (elxstor)
 DRV - [2008/01/21 03:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\ad​p94xx.sys -- (adp94xx)
 DRV - [2008/01/21 03:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nv​raid.sys -- (nvraid)
 DRV - [2008/01/21 03:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\US​BAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
 DRV - [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nv​stor.sys -- (nvstor)
 DRV - [2008/01/21 03:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\ul​iahci.sys -- (uliahci)
 DRV - [2008/01/21 03:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\vi​aide.sys -- (viaide)
 DRV - [2008/01/21 03:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cm​dide.sys -- (cmdide)
 DRV - [2008/01/21 03:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\al​iide.sys -- (aliide)
 DRV - [2007/07/02 14:08:14 | 00,017,664 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\System32\drivers\Ar​cSoftVirtualCapture.sys -- (ARCSOFTVIRTUALCAPTURE)
 DRV - [2007/03/13 17:19:12 | 00,434,304 | ---- | M] (Ralink Technology, Corp.) -- C:\Windows\System32\drivers\rt​73.sys -- (RT73)
 DRV - [2006/11/10 14:05:00 | 00,018,688 | ---- | M] (Arcsoft, Inc.) -- C:\Windows\System32\drivers\af​c.sys -- (Afc)
 DRV - [2006/11/02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql​40xx.sys -- (ql40xx)
 DRV - [2006/11/02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ul​sata.sys -- (UlSata)
 DRV - [2006/11/02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nf​rd960.sys -- (nfrd960)
 DRV - [2006/11/02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\ii​rsp.sys -- (iirsp)
 DRV - [2006/11/02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\dj​svs.sys -- (aic78xx)
 DRV - [2006/11/02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\it​eraid.sys -- (iteraid)
 DRV - [2006/11/02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\it​eatapi.sys -- (iteatapi)
 DRV - [2006/11/02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sy​mc8xx.sys -- (Symc8xx)
 DRV - [2006/11/02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sy​m_u3.sys -- (Sym_u3)
 DRV - [2006/11/02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mr​aid35x.sys -- (Mraid35x)
 DRV - [2006/11/02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sy​m_hi.sys -- (Sym_hi)
 DRV - [2006/11/02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\br​serid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
 DRV - [2006/11/02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\br​usbser.sys -- (BrUsbSer)
 DRV - [2006/11/02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\br​filtup.sys -- (BrFiltUp)
 DRV - [2006/11/02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\br​filtlo.sys -- (BrFiltLo)
 DRV - [2006/11/02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\br​serwdm.sys -- (BrSerWdm)
 DRV - [2006/11/02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\br​usbmdm.sys -- (BrUsbMdm)
 DRV - [2006/11/02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\nt​rigdigi.sys -- (ntrigdigi)
 DRV - [2006/11/02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\se​cdrv.sys -- (secdrv)
 DRV - [2005/12/12 18:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\System32\drivers\PS​2.sys -- (Ps2)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 IE - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/ [...] on&pf=cndt
 IE - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page = http://www.ustart.org
 
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/ [...] on&pf=cndt
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 CE C5 21 AB 75 CA 01  [binary data]
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,StartPageCache = 1
 IE - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 ========== FireFox ==========
 
 FF - prefs.js..browser.search.selec​tedEngine: "uStart"
 FF - prefs.js..browser.startup.home​page: "http://go.microsoft.com/fwlin​k/?LinkId=69157"
 FF - prefs.js..extensions.enabledIt​ems: {E2883E8F-472F-4fb0-9522-AC9BF​37916A7}:1
 FF - prefs.js..extensions.enabledIt​ems: 6
 FF - prefs.js..extensions.enabledIt​ems: 2
 FF - prefs.js..extensions.enabledIt​ems: 48
 FF - prefs.js..keyword.URL: "http://www.google.com/search?​ie=UTF-8&oe=UTF-8&sourceid=nav​client&gfns=1&q="
 
 
 FF - HKLM\software\mozilla\Firefox\​Extensions\\{3112ca9c-de6d-488​4-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a8​69-9855de68056c} [2009/12/01 21:34:58 | 00,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/01 21:34:53 | 00,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/01 21:34:53 | 00,000,000 | ---D | M]
 
 [2009/10/03 09:43:04 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\mozilla\Extensions
 [2009/11/12 06:58:12 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\mozilla\Firefox\Profiles\wgn​t27b1.default\extensions
 [2009/10/16 06:40:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
 [2006/09/26 12:03:14 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamespl​ayer.dll
 [2009/07/30 23:44:21 | 00,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-f​rance.xml
 [2009/07/30 23:44:21 | 00,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tl​fi-fr.xml
 [2009/07/30 23:44:21 | 00,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-fra​nce.xml
 [2009/07/30 23:44:21 | 00,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedi​a-fr.xml
 [2009/07/30 23:44:21 | 00,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-fr​ance.xml
 
 O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\et​c\hosts
 O1 - Hosts: 127.0.0.1       localhost
 O1 - Hosts: ::1             localhost
 O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578​C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\Ac​roIEHelperShim.dll (Adobe Systems Incorporated)
 O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C​75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
 O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
 O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - C:\Program Files\Google\GoogleToolbarNoti​fier\5.4.4525.1752\swg.dll (Google Inc.)
 O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C​1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
 O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
 O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305​ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
 O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
 O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-00902​7A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
 O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305​ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
 O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
 O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
 O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
 O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
 O4 - HKLM..\Run: [ISUSScheduler] C:\Programmes\Common Files\InstallShield\UpdateServ​ice\issch.exe File not found
 O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
 O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
 O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe (Advanced Micro Devices, Inc.)
 O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 O4 - HKCU..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
 O4 - HKCU..\Run: [ISUSPM Startup] C:\Programmes\Common Files\InstallShield\UpdateServ​ice\ISUSPM.exe File not found
 O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAn​tiSpyware.exe (SUPERAntiSpyware.com)
 O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe (Google Inc.)
 O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
 O6 - HKLM\Software\Policies\Microso​ft\Internet Explorer\control panel present
 O6 - HKLM\Software\Policies\Microso​ft\Internet Explorer\restrictions present
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Syst​em: EnableLUA = 0
 O7 - HKCU\Software\Policies\Microso​ft\Internet Explorer\control panel present
 O7 - HKCU\Software\Policies\Microso​ft\Internet Explorer\restrictions present
 O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\r​esources\fr-FR\local\search.ht​ml ()
 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolba​rDynamic_mui_en_60D6097707281E​79.dll (Google Inc.)
 O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-08002​00c9a66} - C:\Windows\bdoscandel.exe ()
 O16 - DPF: {215B8138-A3CF-44C5-803F-82261​43CFC0A} http://ushousecall02.trendmicr [...] hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} http://download.bitdefender.co [...] oscan8.cab (BDSCANONLINE Control)
 O16 - DPF: {6EBC6744-5383-4213-AD5E-66434​ECA1812} http://download.sp.f-secure.co [...] uncher.cab (F-Secure Online Scanner Launcher)
 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11​451AFC5} http://download.eset.com/speci [...] canner.cab (OnlineScanner Control)
 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E​0DC46EF} http://fichiers.touslesdrivers [...] _5_3_0.cab (HardwareDetection Control)
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805​F499D93} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_15)
 O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829D​C0B603C} http://fpdownload.macromedia.c [...] rashim.cab (Reg Error: Key error.)
 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF​06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
 O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_01)
 O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_15)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_15)
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3512000} http://fpdownload2.macromedia. [...] wflash.cab (Reg Error: Key error.)
 O17 - HKLM\System\CCS\Services\Tcpip​\Parameters: DhcpNameServer = 192.168.1.1
 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\​MSGRAP~1.DLL (Microsoft Corporation)
 O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305​202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\​MSGRAP~1.DLL (Microsoft Corporation)
 O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7B​E1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
 O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINL​O.dll - C:\Program Files\SUPERAntiSpyware\SASWINL​O.dll (SUPERAntiSpyware.com)
 O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F​4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.​DLL (SuperAdBlocker.com)
 O32 - HKLM CDRom: AutoRun - 1
 O32 - AutoRun File - [2008/09/11 15:33:55 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
 O32 - AutoRun File - [2005/10/28 10:15:41 | 00,000,054 | ---- | M] () - E:\AUTORUN.INF -- [ UDF ]
 O33 - MountPoints2\{123f17d2-8d11-11​dd-bba1-806e6f6e6963}\Shell - "" = AutoRun
 O33 - MountPoints2\{123f17d2-8d11-11​dd-bba1-806e6f6e6963}\Shell\Au​toRun\command - "" = E:\pc/Autorun.exe -- [2005/10/25 10:21:16 | 02,672,705 | ---- | M] ()
 O33 - MountPoints2\{4a7b2d78-7ca5-11​de-b19a-0023541f1344}\Shell\Au​toRun\command - "" = J:\APPInst.exe -- File not found
 O33 - MountPoints2\J\Shell\AutoRun\c​ommand - "" = J:\APPInst.exe -- File not found
 O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
 O35 - comfile [open] -- "%1" %*
 O35 - exefile [open] -- "%1" %*
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2009/12/08 06:31:09 | 00,000,000 | ---D | C] -- C:\Avenger
 [2009/12/05 14:24:16 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\av​ipbb.sys
 [2009/12/05 14:24:16 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\av​gntflt.sys
 [2009/12/05 14:24:16 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ss​mdrv.sys
 [2009/12/05 14:24:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
 [2009/12/05 14:24:15 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
 [2009/11/26 05:23:19 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
 [2009/11/25 05:24:28 | 00,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.c​pl
 [2009/11/17 18:53:26 | 00,000,000 | ---D | C] -- C:\ProgramData\F-Secure
 [2009/11/14 14:28:30 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
 [2009/11/13 22:13:17 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpywar​e.com
 [2009/11/13 22:12:58 | 00,000,000 | ---D | C] -- C:\Users\benoit\AppData\Roamin​g\SUPERAntiSpyware.com
 [2009/11/13 22:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
 [2009/11/13 22:12:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
 [2009/11/12 23:38:26 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
 [2009/11/12 23:38:26 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
 [2009/11/12 23:38:26 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
 [2009/11/12 23:38:26 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
 [2009/11/12 23:38:12 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
 [2009/11/12 23:38:10 | 00,000,000 | --SD | C] -- C:\ComboFix
 [2009/11/12 22:38:12 | 00,000,000 | ---D | C] -- C:\Qoobox
 [2009/11/12 22:30:22 | 00,000,000 | ---D | C] -- C:\GenProc
 [2009/11/12 08:16:56 | 00,000,000 | ---D | C] -- C:\Users\benoit\Documents\a-sq​uared Free
 [2009/11/12 08:16:56 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Free
 [2009/11/12 07:59:22 | 02,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 [2009/11/12 07:58:51 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
 [2009/11/12 07:02:44 | 00,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
 [2009/10/03 08:53:03 | 01,888,232 | ---- | C] (Inprise Corporation) -- C:\Program Files\VCL40.BPL
 [2009/10/03 08:53:03 | 00,252,408 | ---- | C] (Inprise Corporation) -- C:\Program Files\VCLX40.BPL
 [2009/10/03 08:53:02 | 01,500,160 | ---- | C] (Borland Corporation) -- C:\Program Files\cc3260mt.dll
 [2009/10/03 08:53:02 | 00,908,800 | ---- | C] (Inprise Corporation) -- C:\Program Files\CP3245MT.DLL
 [2009/10/03 08:53:02 | 00,029,952 | ---- | C] (Borland International) -- C:\Program Files\BORLNDMM.DLL
 
 ========== Files - Modified Within 30 Days ==========
 
 [2009/12/10 12:29:52 | 01,572,864 | -HS- | M] () -- C:\Users\benoit\ntuser.dat
 [2009/12/10 12:24:52 | 01,470,810 | ---- | M] () -- C:\Windows\System32\PerfString​Backup.INI
 [2009/12/10 12:24:52 | 00,669,328 | ---- | M] () -- C:\Windows\System32\perfh00C.d​at
 [2009/12/10 12:24:52 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.d​at
 [2009/12/10 12:24:52 | 00,123,350 | ---- | M] () -- C:\Windows\System32\perfc00C.d​at
 [2009/12/10 12:24:52 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.d​at
 [2009/12/10 12:21:59 | 00,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
 [2009/12/10 12:20:31 | 00,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Syn​chronization-{3462FD8A-0ACF-46​46-BD9A-73CC5A2BCE4E}.job
 [2009/12/10 12:20:19 | 00,000,530 | ---- | M] () -- C:\Windows\tasks\Maintenance en 1 clic.job
 [2009/12/10 12:20:16 | 00,000,374 | ---- | M] () -- C:\Windows\System32\drivers\et​c\hosts.ics
 [2009/12/10 12:20:08 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
 [2009/12/10 12:19:24 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-3​76B-497e-B012-9C450E1B7327-2P-​1.C7483456-A289-439d-8115-6016​32D005A0
 [2009/12/10 12:19:24 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-3​76B-497e-B012-9C450E1B7327-2P-​0.C7483456-A289-439d-8115-6016​32D005A0
 [2009/12/10 12:19:23 | 00,000,394 | ---- | M] () -- C:\Windows\tasks\Hercules WiFiCtrl 2.job
 [2009/12/10 12:19:23 | 00,000,394 | ---- | M] () -- C:\Windows\tasks\Hercules WiFiCtrl 1.job
 [2009/12/10 12:19:23 | 00,000,394 | ---- | M] () -- C:\Windows\tasks\Hercules WiFiCtrl 0.job
 [2009/12/10 12:19:22 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
 [2009/12/10 12:19:19 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
 [2009/12/10 12:19:17 | 32,204,14464 | -HS- | M] () -- C:\hiberfil.sys
 [2009/12/09 16:56:23 | 00,524,288 | -HS- | M] () -- C:\Users\benoit\NTUSER.DAT{3a5​39871-6a70-11db-887c-d362bd253​390}.TMContainer00000000000000​000001.regtrans-ms
 [2009/12/09 16:56:23 | 00,065,536 | -HS- | M] () -- C:\Users\benoit\NTUSER.DAT{3a5​39871-6a70-11db-887c-d362bd253​390}.TM.blf
 [2009/12/09 16:56:19 | 02,738,075 | -H-- | M] () -- C:\Users\benoit\AppData\Local\​IconCache.db
 [2009/12/09 13:38:47 | 00,061,440 | ---- | M] () -- C:\Windows\System32\drivers\qc​zytcpd.sys
 [2009/12/07 18:32:33 | 00,130,048 | ---- | M] () -- C:\Users\benoit\AppData\Local\​DCBC2A71-70D8-4DAN-EHR8-E0D61D​EA3FDF.ini
 [2009/12/07 14:16:48 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwar​ebytes' Anti-Malware.lnk
 [2009/12/05 14:31:17 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\av​gntflt.sys
 [2009/12/05 14:31:17 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ss​mdrv.sys
 [2009/12/05 14:24:23 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
 [2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mb​amswissarmy.sys
 [2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mb​am.sys
 [2009/12/01 21:34:54 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozill​a Firefox.lnk
 [2009/11/28 07:03:02 | 00,000,010 | ---- | M] () -- C:\Windows\popcinfo.dat
 [2009/11/17 05:10:54 | 74,924,2368 | ---- | M] () -- C:\Humains.avi
 [2009/11/17 05:08:46 | 73,851,2896 | ---- | M] () -- C:\Angels & Demons.avi
 [2009/11/14 14:20:48 | 00,000,132 | ---- | M] () -- C:\Users\benoit\Desktop\Rappor​t - GenProc[2].URL
 [2009/11/14 14:19:09 | 00,001,400 | ---- | M] () -- C:\Users\benoit\Desktop\GenPro​c - Raccourci.lnk
 [2009/11/14 01:47:57 | 00,260,608 | ---- | M] () -- C:\Windows\PEV.exe
 [2009/11/13 22:13:01 | 00,000,904 | ---- | M] () -- C:\Users\Public\Desktop\SUPERA​ntiSpyware Free Edition.lnk
 [2009/11/13 21:28:50 | 00,302,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.D​AT
 [2009/11/12 08:17:09 | 00,000,772 | ---- | M] () -- C:\Users\Public\Desktop\a-squa​red Free.lnk
 
 ========== Files Created - No Company Name ==========
 
 [2009/12/09 13:38:47 | 00,061,440 | ---- | C] () -- C:\Windows\System32\drivers\qc​zytcpd.sys
 [2009/12/09 13:38:47 | 00,000,280 | ---- | C] () -- C:\Program Files\ampajh.txt
 [2009/12/05 14:24:22 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
 [2009/11/27 07:28:41 | 74,924,2368 | ---- | C] () -- C:\Humains.avi
 [2009/11/27 07:28:22 | 73,851,2896 | ---- | C] () -- C:\Angels & Demons.avi
 [2009/11/14 14:20:48 | 00,000,132 | ---- | C] () -- C:\Users\benoit\Desktop\Rappor​t - GenProc[2].URL
 [2009/11/13 22:13:01 | 00,000,904 | ---- | C] () -- C:\Users\Public\Desktop\SUPERA​ntiSpyware Free Edition.lnk
 [2009/11/12 23:38:26 | 00,260,608 | ---- | C] () -- C:\Windows\PEV.exe
 [2009/11/12 23:38:26 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
 [2009/11/12 23:38:26 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
 [2009/11/12 23:38:26 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
 [2009/11/12 23:38:26 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
 [2009/11/12 22:30:22 | 00,001,400 | ---- | C] () -- C:\Users\benoit\Desktop\GenPro​c - Raccourci.lnk
 [2009/11/12 08:17:09 | 00,000,772 | ---- | C] () -- C:\Users\Public\Desktop\a-squa​red Free.lnk
 [2009/11/12 07:51:09 | 32,204,14464 | -HS- | C] () -- C:\hiberfil.sys
 [2009/11/09 16:07:54 | 00,000,102 | ---- | C] () -- C:\Users\benoit\AppData\Roamin​g\wklnhst.dat
 [2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckCo​ntrol.dll
 [2009/07/21 17:19:25 | 00,030,742 | ---- | C] () -- C:\Users\benoit\AppData\Roamin​g\dcdl_prefs
 [2009/07/03 17:02:08 | 00,130,048 | ---- | C] () -- C:\Users\benoit\AppData\Local\​DCBC2A71-70D8-4DAN-EHR8-E0D61D​EA3FDF.ini
 [2009/06/30 12:39:08 | 00,000,680 | ---- | C] () -- C:\Users\benoit\AppData\Local\​d3d9caps.dat
 [2008/09/12 01:06:04 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.d​ll
 [2008/09/11 15:34:46 | 00,000,714 | ---- | C] () -- C:\ProgramData\hpzinstall.log
 [2008/09/11 15:15:28 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom2​5.dll
 [2008/09/11 15:15:28 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes​25.dll
 [2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE​.dll
 [2006/11/02 11:25:26 | 00,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.d​ll
 [2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.i​ni
 [2005/03/14 14:38:28 | 00,000,469 | ---- | C] () -- C:\Windows\bdoscandellang.ini
 [1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\Windows\System32\indounin.d​ll
 [1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.d​ll
 
 ========== LOP Check ==========
 
 [2009/10/16 05:38:09 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\HouseCall 6.6
 [2009/11/09 16:08:06 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\Template
 [2009/10/23 07:23:30 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\TuneUp Software
 [2009/07/10 17:25:38 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\WildTangent
 [2009/07/01 16:29:47 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\WinBatch
 [2009/10/11 07:05:45 | 00,000,000 | ---D | M] -- C:\Users\benoit\AppData\Roamin​g\Zylom
 [2009/12/10 12:19:23 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 0.job
 [2009/12/10 12:19:23 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 1.job
 [2009/12/10 12:19:23 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 2.job
 [2009/09/22 15:41:09 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 3.job
 [2009/09/22 15:41:09 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 4.job
 [2009/09/22 15:41:09 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 5.job
 [2009/09/22 15:41:09 | 00,000,394 | ---- | M] () -- C:\Windows\Tasks\Hercules WiFiCtrl 6.job
 [2009/12/10 12:20:19 | 00,000,530 | ---- | M] () -- C:\Windows\Tasks\Maintenance en 1 clic.job
 [2009/12/09 16:56:24 | 00,032,494 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 [2009/12/10 12:20:31 | 00,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Syn​chronization-{3462FD8A-0ACF-46​46-BD9A-73CC5A2BCE4E}.job
 
 ========== Purity Check ==========
 
 
 
 ========== Custom Scans ==========
 
 
 < %systemdrive%\*.*  >
 [2009/11/17 05:08:46 | 73,851,2896 | ---- | M] () -- C:\Angels & Demons.avi
 [2008/09/11 15:33:55 | 00,000,074 | ---- | M] () -- C:\autoexec.bat
 [2009/12/09 13:47:59 | 00,001,872 | ---- | M] () -- C:\avenger.txt
 [2009/08/03 11:44:21 | 73,440,6994 | ---- | M] () -- C:\BOHRINGER APRÈS LA GUERRE avec Richard Bohringe.avi
 [2008/01/21 03:24:42 | 00,333,203 | RHS- | M] () -- C:\bootmgr
 [2008/09/12 00:53:44 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
 [2009/09/27 20:13:48 | 73,397,4528 | ---- | M] () -- C:\Bruce Willis - Die Hard 1 - Piege de cristal (1988) (fr) (by MartialC).avi
 [2009/07/26 13:23:54 | 73,507,2256 | ---- | M] () -- C:\Coco. de  Gad Elmaleh avec  Gad Elmaleh, Pascale Arbillot, Manu Payet (Comédie) 2009.avi
 [2009/09/15 04:08:52 | 73,177,4976 | ---- | M] () -- C:\Coeur D'Encre.avi
 [2006/09/18 22:43:37 | 00,000,010 | ---- | M] () -- C:\config.sys
 [2009/07/29 17:14:45 | 00,000,000 | ---- | M] () -- C:\Debug.QC6
 [2009/09/27 07:54:49 | 72,301,3632 | ---- | M] () -- C:\die hard 2.avi
 [2009/09/27 19:55:15 | 73,494,5280 | ---- | M] () -- C:\District.9.FRENCH.TS.MD.Xvi​D.READNFO-VODKA.avi
 [2009/07/26 15:54:39 | 72,564,1608 | ---- | M] () -- C:\Fantomas.-.De.Funes.Fr.-.Dv​drip.par.[emule-island.com].avi
 [2009/07/26 19:34:24 | 71,802,4704 | ---- | M] () -- C:\Fantômas Se Déchaîne (1965) - Un Film D'andré Hunebelle - Avec Louis De Funès, Jean Marais, Mylène Demongeot.avi
 [2009/07/30 19:27:55 | 73,732,9152 | ---- | M] () -- C:\FILM - Titanic (Leonardo Dicaprio & Kate Winslet) FR DvDrip XviD By..NiCoRs57...avi
 [2009/10/15 18:51:24 | 00,000,125 | ---- | M] () -- C:\FINIS_IT.TXT
 [2009/09/03 10:17:33 | 73,604,5056 | ---- | M] () -- C:\G.I.Joe.Rise.Of.The.Cobra.F​RENCH.TS.XviD-PasTAgA.FUCK.[emule-island.com].avi
 [2009/10/30 03:51:29 | 73,579,7248 | ---- | M] () -- C:\Ghost - Demi Moore & Patrick Swayze & Whoopi Goldberg 1990 Fr (XviD 02h01).avi
 [2009/08/11 03:59:34 | 73,035,1616 | ---- | M] () -- C:\Grandes Gueules (Les)-Robert Enrico (1965) Lino Ventura, Bourvil, Marie Dubois Divx Fr.avi
 [2009/12/10 12:19:17 | 32,204,14464 | -HS- | M] () -- C:\hiberfil.sys
 [2007/05/17 12:35:18 | 73,197,6192 | ---- | M] () -- C:\Hibernatus - Louis De Funes.avi
 [2009/11/17 05:10:54 | 74,924,2368 | ---- | M] () -- C:\Humains.avi
 [2009/07/29 17:28:39 | 00,061,904 | ---- | M] () -- C:\Installer.log
 [2009/07/19 18:47:22 | 73,419,3616 | ---- | M] () -- C:\Jo (1971) par Jean Girault avec L. De Funès, Claude Gensac, Michel Galabru, Bernard Blier (comédie).avi
 [2009/07/12 15:36:09 | 73,032,2944 | ---- | M] () -- C:\Jumanji.Fr.par_idonkey.ws.a​vi
 [2009/11/06 23:54:10 | 71,856,3328 | ---- | M] () -- C:\Ken.le.survivant.(le film)FRENCH.DVDRIP.XVID.avi
 [2009/09/07 01:29:44 | 73,527,0912 | ---- | M] () -- C:\L'Attaque Du Metro 123.avi
 [2009/11/06 12:12:58 | 73,917,7078 | ---- | M] () -- C:\L'aube Rouge-(Patrick Swayze) Fr.avi
 [2009/09/30 13:13:09 | 73,209,4882 | ---- | M] () -- C:\L'ombre.blanche..[emule-island.com].avi
 [2009/07/19 12:39:57 | 72,429,2076 | ---- | M] () -- C:\La 7eme Compagnie - On A Retrouvé La Septième Compagnie.avi
 [2009/09/07 05:17:52 | 73,377,5872 | ---- | M] () -- C:\La Cite De L'Ombre.avi
 [2009/11/06 13:28:26 | 74,412,4416 | ---- | M] () -- C:\LA GRANDE MENACE - Lino Ventura, Richard Burton (DvD-Rip) [DivX5-Fr].avi
 [2007/05/02 03:54:38 | 70,256,2304 | ---- | M] () -- C:\La Guerre Des Bouton .avi
 [2009/07/20 02:02:39 | 74,263,5520 | ---- | M] () -- C:\La Zizanie, 1977, de Claude Zidi avec Louis de Funès, Annie Girardot, Julien Guiomar, Maurice Risch.avi
 [2009/07/19 03:27:51 | 73,221,0180 | ---- | M] () -- C:\La_7eme_compagnie_au_clair_​de_lune.by.[emule-island.com].AVI
 [2009/09/29 21:16:55 | 71,124,7872 | ---- | M] () -- C:\Le Dernier Recours (Bruce Willis) - Policier - Francais.avi
 [2009/08/03 02:05:11 | 72,673,9660 | ---- | M] () -- C:\le grand chemin (anémone ,bohringer 1986))dvdrip fr.avi
 [2009/09/14 04:20:24 | 55,811,0250 | ---- | M] () -- C:\Le Premier Cercle.avi
 [2009/07/20 10:55:44 | 73,579,9296 | ---- | M] () -- C:\Le Ruffian (Lino Ventura - Bernard Giraudeau - 1983).avi
 [2009/07/30 23:28:53 | 73,116,4672 | ---- | M] () -- C:\Le.Jour.Le.Plus.Long.DVDRip​.FR.-dvdphoenix.fr.st-.avi
 [2009/07/29 17:27:58 | 00,000,091 | ---- | M] () -- C:\LogiSetup.log
 [2009/07/26 07:58:09 | 72,019,1488 | ---- | M] () -- C:\Louis De Funès - 1967 - Fantomas contre Scotland Yard  [DivX.Fr].avi
 [2009/07/19 04:58:50 | 73,204,3734 | ---- | M] () -- C:\Mais_ou_est_passe_la_7eme_c​ompagnie.by.[emule-island.com].AVI
 [2009/05/17 13:24:56 | 72,377,9584 | ---- | M] () -- C:\Maman j'ai encore rater l'avion - Francais DvdRip.avi
 [2009/05/17 11:41:36 | 73,442,9640 | ---- | M] () -- C:\Maman j'ai rater l'avion - Francais DvdRip.avi
 [2009/07/19 22:21:10 | 72,492,8856 | ---- | M] () -- C:\Manimal 1x01 Manimal Fr Vhsrip Xvid-Farmer09.avi
 [2009/07/22 16:17:50 | 36,954,1120 | ---- | M] () -- C:\Manimal-1x02-Illusion-Ld-Pd​tv-Divx-Fr-Lpdm.avi
 [2009/07/19 06:07:00 | 38,685,7772 | ---- | M] () -- C:\Manimal.1x05.Un.Enjeu.D'Imp​ortance.FR.XviD.[tvu.org.ru].avi
 [2008/04/23 12:19:08 | 72,690,4832 | ---- | M] () -- C:\Midnight.Express.French.Dvd​rip.avi
 [2007/09/07 12:42:12 | 73,145,0370 | ---- | M] () -- C:\Mon beau-pere et moi..avi
 [2007/09/09 21:23:10 | 73,373,9510 | ---- | M] () -- C:\Mon beau-pere, mes parents et moi_.avi
 [2009/07/29 17:28:38 | 00,023,686 | ---- | M] () -- C:\MSIInstall.log
 [2009/07/08 23:41:42 | 74,910,3104 | ---- | M] () -- C:\Ong Bak 2 L'honneur Du Dragon En Francais.avi
 [2009/12/10 12:19:16 | 35,342,41792 | -HS- | M] () -- C:\pagefile.sys
 [2009/08/02 19:18:45 | 73,490,4320 | ---- | M] () -- C:\Papy fait de la résistance (Christian Clavier - Gerard Jugnot - Dominique Lavanant - Josiane Balasko).avi
 [2009/09/30 17:04:41 | 73,380,2496 | ---- | M] () -- C:\Piège En Haute Mer (Steven Seagal-Tommy Lee-Jones) Fr Dvdrip Par Pamela Popo.avi
 [2009/07/12 18:35:41 | 73,615,1552 | ---- | M] () -- C:\Predator 2.avi
 [2009/07/14 09:21:36 | 73,417,6108 | ---- | M] () -- C:\Predator.(Schwarzenegger)[BarnZ.DVDrip.Francais].avi
 [2009/11/06 11:30:52 | 73,768,5431 | ---- | M] () -- C:\que la bete meure - claude chabrol - 1969 (ft. michel duchaussoy, caroline cellier, jean yanne, maurice pialat, jean louis maury) fr.avi
 [2009/09/03 01:42:04 | 73,465,4464 | ---- | M] () -- C:\Race.To.Witch.Mountain.FREN​CH.DVDRip.XviD-SURViVAL.FUCK.[eMule-Box.com].avi
 [2009/09/04 08:18:50 | 73,472,6144 | ---- | M] () -- C:\State.Of.Play.FRENCH.DVDRip​.XviD-SURViVAL.CD1.[emule-island.com].avi
 [2009/09/03 09:21:48 | 73,497,8048 | ---- | M] () -- C:\State.Of.Play.FRENCH.DVDRip​.XviD-SURViVAL.CD2.[emule-island.com].avi
 [2009/09/03 12:28:01 | 87,704,3918 | ---- | M] () -- C:\Terminator 4 renaissance- FRENCH.PROPER.TS.MD.XViD.BY.MA​NO.NatzoX.[MeDiA-ArEnA.Tk].avi
 [2009/09/30 05:41:55 | 73,386,2364 | ---- | M] () -- C:\The Island (2004) de Michael Bay Avec Ewan McGregor, Scarlett Johansson, Djimon Hounsou et Sean Bean (Science-fiction;Action;Drame) -2h16- Fr.avi
 [2009/09/02 22:48:42 | 73,141,4528 | ---- | M] () -- C:\The.Day.The.Earth.Stood.Sti​ll.2008.SUBFORCED.FRENCH.DVDRi​P.XviD-GKS.avi
 [2009/09/26 22:06:33 | 72,990,9248 | ---- | M] () -- C:\The_Forgotten.FRENCH.DVDRip​-XViD.par-www.[emule-island.com].avi
 [2009/07/09 01:08:51 | 14,498,74666 | ---- | M] () -- C:\Transformers.2.FRENCH.TS.MD​.XviD-CaSImIR.[emule-island.com].avi
 [2009/08/03 06:37:28 | 73,542,3238 | ---- | M] () -- C:\Walt Disney-Chérie,j'ai rétréci les gosses FR DVD-RIP(1h29mn41s).avi
 [2007/08/18 18:09:46 | 73,365,7088 | ---- | M] () -- C:\Wild.Hogs.FRENCH.DVDRiP.XVi​D-iD-AphrodisiaK.avi
 [2009/07/14 03:11:56 | 73,577,4720 | ---- | M] () -- C:\Will.Hunting.Français.DVDRi​p.XviD.avi
 [2009/09/13 22:40:08 | 73,415,0656 | ---- | M] () -- C:\Wolfhound.avi
 [2009/10/01 04:01:11 | 73,289,5232 | ---- | M] () -- C:\Échec et mort (Steven Seagal) Fr Divx.avi
 
 < %programfiles%\*.*  >
 [2009/12/09 13:38:47 | 00,000,280 | ---- | M] () -- C:\Program Files\ampajh.txt
 [1998/02/09 19:00:00 | 00,029,952 | ---- | M] (Borland International) -- C:\Program Files\BORLNDMM.DLL
 [2003/01/30 05:04:00 | 01,500,160 | ---- | M] (Borland Corporation) -- C:\Program Files\cc3260mt.dll
 [1999/03/03 20:00:00 | 00,908,800 | ---- | M] (Inprise Corporation) -- C:\Program Files\CP3245MT.DLL
 [2008/01/21 03:43:21 | 00,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 [1999/01/07 20:02:00 | 01,888,232 | ---- | M] (Inprise Corporation) -- C:\Program Files\VCL40.BPL
 [1998/06/18 19:00:00 | 00,252,408 | ---- | M] (Inprise Corporation) -- C:\Program Files\VCLX40.BPL
 
 < %programfiles%\*.  >
 [2009/11/12 08:19:48 | 00,000,000 | ---D | M] -- C:\Program Files\a-squared Free
 [2009/07/25 14:15:01 | 00,000,000 | ---D | M] -- C:\Program Files\Activision
 [2009/11/04 05:28:08 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
 [2009/06/30 13:23:12 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software
 [2009/07/21 17:41:42 | 00,000,000 | ---D | M] -- C:\Program Files\Anuman Interactive
 [2008/09/11 15:45:08 | 00,000,000 | ---D | M] -- C:\Program Files\AOL
 [2009/08/09 07:27:51 | 00,000,000 | ---D | M] -- C:\Program Files\ArcSoft
 [2008/09/11 15:21:30 | 00,000,000 | ---D | M] -- C:\Program Files\ATI
 [2008/09/11 15:22:01 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
 [2009/12/05 14:24:15 | 00,000,000 | ---D | M] -- C:\Program Files\Avira
 [2009/10/26 13:25:34 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
 [2009/11/13 22:12:02 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
 [2008/09/11 15:33:06 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
 [2008/09/11 15:44:52 | 00,000,000 | ---D | M] -- C:\Program Files\EasyBits For Kids
 [2009/07/05 18:58:51 | 00,000,000 | ---D | M] -- C:\Program Files\eChanblard
 [2009/11/14 14:28:30 | 00,000,000 | ---D | M] -- C:\Program Files\ESET
 [2009/06/30 11:50:07 | 00,000,000 | -HSD | M] -- C:\Program Files\Fichiers communs
 [2009/10/16 04:47:54 | 00,000,000 | ---D | M] -- C:\Program Files\Google
 [2009/10/15 18:50:12 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
 [2009/08/09 07:29:26 | 00,000,000 | ---D | M] -- C:\Program Files\HP
 [2008/09/11 15:44:06 | 00,000,000 | ---D | M] -- C:\Program Files\HP Games
 [2009/11/01 04:50:26 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
 [2009/07/25 14:08:32 | 00,000,000 | ---D | M] -- C:\Program Files\InstantTouch
 [2009/06/30 11:52:44 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
 [2009/10/29 13:21:21 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
 [2009/09/08 09:13:58 | 00,000,000 | ---D | M] -- C:\Program Files\Java
 [2009/07/29 17:08:00 | 00,000,000 | ---D | M] -- C:\Program Files\Logitech
 [2009/10/26 12:40:31 | 00,000,000 | ---D | M] -- C:\Program Files\ma-config.com
 [2009/10/27 14:08:46 | 00,000,000 | ---D | M] -- C:\Program Files\maj
 [2009/12/07 14:16:48 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
 [2009/11/06 05:29:22 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
 [2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
 [2009/06/30 11:55:29 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
 [2009/06/30 14:08:51 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
 [2009/11/01 04:48:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mindscape
 [2008/09/12 00:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
 [2009/12/01 21:34:54 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
 [2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
 [2008/09/11 15:33:43 | 00,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
 [2009/10/15 18:50:47 | 00,000,000 | R--D | M] -- C:\Program Files\Online Services
 [2008/09/11 15:40:04 | 00,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for Windows
 [2009/07/21 17:16:13 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
 [2008/09/11 15:24:11 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
 [2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
 [2009/10/16 12:32:15 | 00,000,000 | ---D | M] -- C:\Program Files\Spyware Doctor
 [2009/11/13 22:12:59 | 00,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
 [2009/09/22 15:38:05 | 00,000,000 | ---D | M] -- C:\Program Files\Thrustmaster
 [2009/06/30 13:02:59 | 00,000,000 | ---D | M] -- C:\Program Files\Toox
 [2009/10/23 07:26:16 | 00,000,000 | ---D | M] -- C:\Program Files\TuneUp Utilities 2009
 [2006/11/02 14:01:55 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
 [2009/07/09 04:21:46 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN
 [2008/09/12 00:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
 [2008/09/12 00:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
 [2008/09/12 00:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
 [2008/09/12 00:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal
 [2009/11/06 05:29:52 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
 [2009/06/30 12:52:53 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
 [2009/11/13 21:22:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mail
 [2009/10/29 13:21:21 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
 [2009/06/30 11:50:07 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
 [2008/09/12 00:54:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
 [2009/10/20 18:02:12 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
 [2009/11/08 05:41:37 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
 [2009/09/22 14:15:34 | 00,000,000 | ---D | M] -- C:\Program Files\WordBiz
 [2009/10/06 12:21:31 | 00,000,000 | ---D | M] -- C:\Program Files\Zuma's Revenge!
 [2009/10/11 07:05:39 | 00,000,000 | ---D | M] -- C:\Program Files\Zylom Games
 
 
 < MD5 for: AGP440.SYS  >
 [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37D​B0D360 -- C:\Windows\System32\drivers\AG​P440.sys
 [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37D​B0D360 -- C:\Windows\System32\DriverStor​e\FileRepository\machine.inf_f​750e484\AGP440.sys
 [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37D​B0D360 -- C:\Windows\winsxs\x86_machine.​inf_31bf3856ad364e35_6.0.6001.​18000_none_ba12ed3bbeb0d97a\AG​P440.sys
 [2008/01/21 03:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37D​B0D360 -- C:\Windows\winsxs\x86_machine.​inf_31bf3856ad364e35_6.0.6002.​18005_none_bbfe6647bbd2a4c6\AG​P440.sys
 [2006/11/02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825C​EAD7D8 -- C:\Windows\System32\DriverStor​e\FileRepository\machine.inf_9​20a2c1f\AGP440.sys
 
 < MD5 for: ATAPI.SYS  >
 [2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562D​E40ED9 -- C:\Windows\System32\drivers\at​api.sys
 [2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562D​E40ED9 -- C:\Windows\System32\DriverStor​e\FileRepository\mshdc.inf_cc1​8792d\atapi.sys
 [2008/01/21 03:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562D​E40ED9 -- C:\Windows\winsxs\x86_mshdc.in​f_31bf3856ad364e35_6.0.6001.18​000_none_dd38281a2189ce9c\atap​i.sys
 [2006/11/02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7E​C7300F -- C:\Windows\System32\DriverStor​e\FileRepository\mshdc.inf_c6c​2e699\atapi.sys
 
 < MD5 for: CNGAUDIT.DLL  >
 [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D​5FED4D -- C:\Windows\System32\cngaudit.d​ll
 [2006/11/02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D​5FED4D -- C:\Windows\winsxs\x86_microsof​t-windows-cngaudit-dll_31bf385​6ad364e35_6.0.6000.16386_none_​e62d292932a96ce6\cngaudit.dll
 
 < MD5 for: EVENTLOG.DLL  >
 [2007/01/12 21:30:08 | 00,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA0​42B5A8 -- C:\Program Files\CyberLink\PowerDirector\​EventLog.dll
 
 < MD5 for: IASTOR.SYS  >
 [2008/11/03 16:56:40 | 00,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A3​2D58C5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 [2008/11/03 16:56:40 | 00,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A3​2D58C5 -- C:\Windows\System32\drivers\ia​Stor.sys
 [2008/11/03 16:56:40 | 00,327,192 | ---- | M] (Intel Corporation) MD5=37769C28E1C6489C56E41DB7A3​2D58C5 -- C:\Windows\System32\DriverStor​e\FileRepository\iastor.inf_29​dfb0d5\iaStor.sys
 [2008/11/03 17:10:08 | 00,406,040 | ---- | M] (Intel Corporation) MD5=5979854E6FDA990107E3170327​022117 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 [2008/06/11 03:51:14 | 00,318,488 | ---- | M] (Intel Corporation) MD5=DE7C12E59605EA7EA0CF6345AF​EB0F07 -- C:\hp\DRIVERS\Intel_RAID\iasto​r.sys
 [2008/06/11 03:51:14 | 00,318,488 | ---- | M] (Intel Corporation) MD5=DE7C12E59605EA7EA0CF6345AF​EB0F07 -- C:\Windows\System32\DriverStor​e\FileRepository\iaahci.inf_1b​8b56cd\iaStor.sys
 [2008/06/11 03:51:14 | 00,318,488 | ---- | M] (Intel Corporation) MD5=DE7C12E59605EA7EA0CF6345AF​EB0F07 -- C:\Windows\System32\DriverStor​e\FileRepository\iastor.inf_7f​488211\iaStor.sys
 
 < MD5 for: IASTORV.SYS  >
 [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3​AC3A14 -- C:\Windows\System32\drivers\ia​StorV.sys
 [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3​AC3A14 -- C:\Windows\System32\DriverStor​e\FileRepository\iastorv.inf_c​9df7691\iaStorV.sys
 [2008/01/21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3​AC3A14 -- C:\Windows\winsxs\x86_iastorv.​inf_31bf3856ad364e35_6.0.6001.​18000_none_af11527887c7fa8f\ia​StorV.sys
 [2006/11/02 10:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101​E6C906 -- C:\Windows\System32\DriverStor​e\FileRepository\iastorv.inf_3​7cdafa4\iaStorV.sys
 
 < MD5 for: NETLOGON.DLL  >
 [2008/01/21 03:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025​D4E37F -- C:\Windows\System32\netlogon.d​ll
 [2008/01/21 03:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025​D4E37F -- C:\Windows\winsxs\x86_microsof​t-windows-security-netlogon_31​bf3856ad364e35_6.0.6001.18000_​none_fdb7b74337f9e857\netlogon​.dll
 
 < MD5 for: NVSTOR.SYS  >
 [2006/11/02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB​76DFFC -- C:\Windows\System32\DriverStor​e\FileRepository\nvraid.inf_73​3654ff\nvstor.sys
 [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2​688177 -- C:\Windows\System32\drivers\nv​stor.sys
 [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2​688177 -- C:\Windows\System32\DriverStor​e\FileRepository\nvraid.inf_31​c3d71d\nvstor.sys
 [2008/01/21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2​688177 -- C:\Windows\winsxs\x86_nvraid.i​nf_31bf3856ad364e35_6.0.6001.1​8000_none_39dac327befea467\nvs​tor.sys
 
 < MD5 for: SCECLI.DLL  >
 [2008/01/21 03:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D5​91E0B9 -- C:\Windows\System32\scecli.dll
 [2008/01/21 03:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D5​91E0B9 -- C:\Windows\winsxs\x86_microsof​t-windows-s..urationengineclie​nt_31bf3856ad364e35_6.0.6001.1​8000_none_380de25bd91b6f12\sce​cli.dll
 
 ========== Alternate Data Streams ==========
 
 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1
 < End of report >

(Publicité)
ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 10/12/2009 à 13:00:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
et voici le rapport rootrepeal (et encore merci pour ton aide)
 ROOTREPEAL (c) AD, 2007-2009
 ==============================​====================
 Scan Start Time:  2009/12/10 12:43
 Program Version:  Version 1.3.5.0
 Windows Version:  Windows Vista SP1
 ==============================​====================

 Drivers
 -------------------
 Name: dump_iaStor.sys
 Image Path: C:\Windows\System32\Drivers\du​mp_iaStor.sys
 Address: 0x82B09000 Size: 892928 File Visible: No Signed: -
 Status: -

 Name: rootrepeal[1].sys
 Image Path: C:\Windows\system32\drivers\ro​otrepeal[1].sys
 Address: 0xA15B8000 Size: 49152 File Visible: No Signed: -
 Status: -

 Hidden/Locked Files
 -------------------
 Path: C:\hiberfil.sys
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{0eec7c92-db0b-11d​e-b067-0023541f1344}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{13d2b7c6-d093-11d​e-bc0b-0023541f1344}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{21b22933-ce8d-11d​e-aa35-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{21b2295c-ce8d-11d​e-aa35-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{27c6ee6f-d4bf-11d​e-b814-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{9142d5d9-d979-11d​e-9df3-0023541f1344}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{a5aa9879-dc29-11d​e-90ee-0023541f1344}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{b8a04848-d5f1-11d​e-8703-0023541f1344}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{b8a04852-d5f1-11d​e-8703-0023541f1344}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{b8b1a543-da42-11d​e-aa01-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{ba19a2a7-cf57-11d​e-89f8-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{c49f979d-cdb7-11d​e-b5e8-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{29df78b7-d091-11d​e-9358-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{c689508e-d8b7-11d​e-bcf4-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{cc65fb07-e048-11d​e-9eca-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{d4102d2e-e57d-11d​e-8fe8-0023541f1344}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{de6eb3b2-dbd4-11d​e-8a28-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{e130ee97-e3ba-11d​e-93b2-0023541f1344}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{eb4a6929-d389-11d​e-8dc8-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{f0445993-d789-11d​e-836a-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{f4b69fb1-e19f-11d​e-9027-0023541f1344}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{f7d354a2-ddbe-11d​e-91c9-0023541f1344}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{f7d354ae-ddbe-11d​e-91c9-0023541f1344}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{29df78dd-d091-11d​e-9358-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{3808876b-c176-4e4​8-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{470b5840-ca8b-11d​e-95ce-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{470b587d-ca8b-11d​e-95ce-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\System Volume Information\{4be4f208-cc76-11d​e-9625-0008d3226c3d}{3808876b-​c176-4e48-b7ae-04046e6cc752}
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.9.0.microsoft.vc90.atl​_1fc8b3b9a1e18e3b_9.0.21022.8_​none_5d1777c2e857a23b.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.crt_1fc8b3b9a1​e18e3b_8.0.50727.762_none_10b2​f55f9bffb8f8.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.crt​_1fc8b3b9a1e18e3b_8.0.50727.91​_none_5c400d5e63e93b68.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc90.atl_1fc8b3b9a1​e18e3b_9.0.30729.4148_none_51c​a66a2bbe76806.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.atl​_1fc8b3b9a1e18e3b_8.0.50727.76​2_none_8e053e8c6967ba9d.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.mfc​_1fc8b3b9a1e18e3b_8.0.50727.42​_none_54c11df268b7c6d9.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\amd​64_policy.9.0.microsoft.vc90.c​rt_1fc8b3b9a1e18e3b_9.0.21022.​8_none_18f8a87fd1919cd9.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.9.0.microsoft.vc90.mfc​loc_1fc8b3b9a1e18e3b_9.0.30729​.1_none_818f59bf601aa775.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.ope​nmp_1fc8b3b9a1e18e3b_8.0.50727​.42_none_7658964504b9f3b6.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.9.0.microsoft.vc90.atl​_1fc8b3b9a1e18e3b_9.0.30729.1_​none_81c25f21d3d46d84.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.atl_1fc8b3b9a1​e18e3b_8.0.50727.762_none_11ec​b0ab9b2caf3c.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc90.mfc_1fc8b3b9a1​e18e3b_9.0.21022.8_none_b81d03​8aaf540e86.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.crt​_1fc8b3b9a1e18e3b_8.0.50727.76​2_none_9193a620671dde41.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc90.mfcloc_1fc8b3b​9a1e18e3b_9.0.30729.1_none_da4​695fc507e16e1.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.mfc​loc_1fc8b3b9a1e18e3b_8.0.50727​.42_none_58843c41d2730d3f.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc90.atl_1fc8b3b9a1​e18e3b_9.0.30729.1_none_e29d11​81971ae11e.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.crt_1fc8b3b9a1​e18e3b_8.0.50727.91_none_db5f5​c9d98cb161f.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.mfc_1fc8b3b9a1​e18e3b_8.0.50727.42_none_d6c3e​7af9bae13a2.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.mfc​loc_1fc8b3b9a1e18e3b_8.0.50727​.762_none_8dd7dea5d5a7a18a.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc90.crt_1fc8b3b9a1​e18e3b_9.0.30729.1_none_e16356​3597edeada.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.crt​_1fc8b3b9a1e18e3b_8.0.50727.42​_none_5c4003bc63e949f6.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.9.0.microsoft.vc90.ope​nmp_1fc8b3b9a1e18e3b_9.0.21022​.8_none_7ab8cc63a6e4c2a3.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.mfcloc_1fc8b3b​9a1e18e3b_8.0.50727.762_none_4​3efccf17831d131.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.9.0.microsoft.vc90.atl​_1fc8b3b9a1e18e3b_9.0.30729.41​48_none_f0efb442f8a0f46c.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc90.crt_1fc8b3b9a1​e18e3b_9.0.21022.8_none_bcb86e​d6ac711f91.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc90.mfc_1fc8b3b9a1​e18e3b_9.0.30729.1_none_dcc7ea​e99ad0d9cf.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc90.mfcloc_1fc8b3b​9a1e18e3b_9.0.21022.8_none_b59​bae9d65014b98.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.ope​nmp_1fc8b3b9a1e18e3b_8.0.50727​.762_none_abac38a907ee8801.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.atl_1fc8b3b9a1​e18e3b_8.0.50727.42_none_dc990​e4797f81af1.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.atl_1fc8b3b9a1​e18e3b_8.0.50727.4053_none_d1c​738ec43578ea1.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\amd​64_microsoft.vc90.crt_1fc8b3b9​a1e18e3b_9.0.21022.8_none_750b​37ff97f4f68b.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.atl​_1fc8b3b9a1e18e3b_8.0.50727.42​_none_58b19c2866332652.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.atl_1fc8b3b9a1​e18e3b_8.0.50727.91_none_dc991​7e997f80c63.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.atl​_1fc8b3b9a1e18e3b_8.0.50727.40​53_none_4ddfc6cd11929a02.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.mfc_1fc8b3b9a1​e18e3b_8.0.50727.762_none_0c17​8a139ee2a7ed.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.9.0.microsoft.vc90.mfc​_1fc8b3b9a1e18e3b_9.0.21022.8_​none_5926f98ceadc42c2.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.mfcloc_1fc8b3b​9a1e18e3b_8.0.50727.42_none_0e​9c2a8d74fd3ce6.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.openmp_1fc8b3b​9a1e18e3b_8.0.50727.42_none_45​e008191e507087.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.9.0.microsoft.vc90.crt​_1fc8b3b9a1e18e3b_9.0.21022.8_​none_60a5df56e60dc5df.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.atl​_1fc8b3b9a1e18e3b_8.0.50727.91​_none_58b1a5ca663317c4.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc90.atl_1fc8b3b9a1​e18e3b_9.0.21022.8_none_bdf22a​22ab9e15d5.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.8.0.microsoft.vc80.mfc​_1fc8b3b9a1e18e3b_8.0.50727.76​2_none_8a14c0566bec5b24.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.crt_1fc8b3b9a1​e18e3b_8.0.50727.42_none_db5f5​2fb98cb24ad.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.9.0.microsoft.vc90.mfc​loc_1fc8b3b9a1e18e3b_9.0.21022​.8_none_5ce47260749ddc2c.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.9.0.microsoft.vc90.crt​_1fc8b3b9a1e18e3b_9.0.30729.1_​none_8550c6b5d18a9128.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_policy.9.0.microsoft.vc90.mfc​_1fc8b3b9a1e18e3b_9.0.30729.1_​none_7dd1e0ebd6590e0b.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc80.openmp_1fc8b3b​9a1e18e3b_8.0.50727.762_none_7​b33aa7d218504d2.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\Catalogs\x86​_microsoft.vc90.openmp_1fc8b3b​9a1e18e3b_9.0.21022.8_none_ecd​f8c290e547f39.cat
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\msil_system.​web.resources_b03f5f7f11d50a3a​_6.0.6000.16720_fr-fr_ad1f23d8​b703039c\SYSTEM~1.DLL
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\msil_system.​web.resources_b03f5f7f11d50a3a​_6.0.6000.20883_fr-fr_96573a7c​d0a5488f\SYSTEM~1.DLL
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-iis-sharedlibraries_​31bf3856ad364e35_6.0.6001.1835​9_none_10bc6b74b4f2be85\ASPNET​~1.XML
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-iis-sharedlibraries_​31bf3856ad364e35_6.0.6001.1835​9_none_10bc6b74b4f2be85\REDIRE​~1.CON
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-iis-sharedlibraries_​31bf3856ad364e35_6.0.6001.2255​9_none_11460a25ce105b76\ASPNET​~1.XML
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-iis-sharedlibraries_​31bf3856ad364e35_6.0.6001.2255​9_none_11460a25ce105b76\REDIRE​~1.CON
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-iis-sharedlibraries_​31bf3856ad364e35_6.0.6002.1800​5_none_12d4ebd0b1f42298\ASPNET​~1.XML
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-iis-sharedlibraries_​31bf3856ad364e35_6.0.6002.1800​5_none_12d4ebd0b1f42298\REDIRE​~1.CON
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-iis-sharedlibraries_​31bf3856ad364e35_6.0.6002.1813​9_none_12b87f1ab208d8ee\ASPNET​~1.XML
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-iis-sharedlibraries_​31bf3856ad364e35_6.0.6002.1813​9_none_12b87f1ab208d8ee\REDIRE​~1.CON
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-iis-sharedlibraries_​31bf3856ad364e35_6.0.6002.2226​1_none_1319a9d1cb4601d3\ASPNET​~1.XML
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-iis-sharedlibraries_​31bf3856ad364e35_6.0.6002.2226​1_none_1319a9d1cb4601d3\REDIRE​~1.CON
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-msxml30_31bf3856ad36​4e35_6.0.6001.18136_none_8853d​47896e90b40\$$DeleteMe.msxml3.​dll.01ca6e680539a1f3.0001
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\AD​DUSE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\AP​PCON~2.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\AP​PCON~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\AP​PSET~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\CH​OOSE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\CO​NFIR~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\CO​RPER~1.INI
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\DE​FAUL~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\MA​NAGE~3.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\WI​71FC~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\WI​ZARD~3.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\WI​45FC~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\WI​77B4~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\WI​ZARD~4.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\_D​ATAO~1.INI
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\_D​ATAP~1.INI
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\_D​ATAP~2.INI
 Status: Locked to the Windows API!

 Path: c:\windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\we​badminhelp.aspx.fr.resx
 Status: Allocation size mismatch (API: 28672, Raw: 16384)

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\SM​TPSE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\DV​_ASP~1.CHM
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\ED​ITAP~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\ER​RORA~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\FI​NDUS~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\HO​ME0A~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\HO​ME1A~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\HO​ME2A~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\MA​NAGE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\MA​4234~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\NA​VIGA~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\PR​OVID~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\SE​CURI~2.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.1​6720_fr-fr_a409ac9a88331b9b\SE​CURI~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\AD​DUSE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\AP​PCON~2.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\AP​PCON~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\AP​PSET~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\CH​OOSE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\CO​NFIR~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\CO​RPER~1.INI
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\DE​FAUL~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\MA​NAGE~3.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\WI​71FC~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\WI​ZARD~3.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\WI​45FC~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\WI​77B4~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\WI​ZARD~4.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\_D​ATAO~1.INI
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\_D​ATAP~1.INI
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\_D​ATAP~2.INI
 Status: Locked to the Windows API!

 Path: c:\windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\we​badminhelp.aspx.fr.resx
 Status: Allocation size mismatch (API: 28672, Raw: 16384)

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\SM​TPSE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\DV​_ASP~1.CHM
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\ED​ITAP~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\ER​RORA~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\FI​NDUS~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\HO​ME0A~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\HO​ME1A~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\HO​ME2A~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\MA​NAGE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\MA​4234~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\NA​VIGA~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\PR​OVID~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\SE​CURI~2.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_microsof​t-windows-n..xcorecomp.resourc​es_31bf3856ad364e35_6.0.6000.2​0883_fr-fr_a4556abba17eaf10\SE​CURI~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_mof_b03f5f7f11d50a3a_6.0.​6000.16720_none_a54ef540d05f91​fc\ASPNET~1.UNI
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_mof_b03f5f7f11d50a3a_6.0.​6000.20883_none_8e870be4ea01d6​ef\ASPNET~1.UNI
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_mof_b03f5f7f11d50a3a_6.0.​6001.18111_none_a529d9f6d0b19e​9d\ASPNET~1.UNI
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_mof_b03f5f7f11d50a3a_6.0.​6001.22230_none_8e5e4a92ea5717​b0\ASPNET~1.UNI
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_membership_sql_b03f5f7f11​d50a3a_6.0.6001.22230_none_569​b6e0c6aa641d3\UNINST~1.SQL
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_permissions_b03f​5f7f11d50a3a_6.0.6000.16720_no​ne_950a4e2fda3ee0ba\CREATE~1.A​SP
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_permissions_b03f​5f7f11d50a3a_6.0.6000.16720_no​ne_950a4e2fda3ee0ba\MANAGE~1.A​SP
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_permissions_b03f​5f7f11d50a3a_6.0.6000.20883_no​ne_7e4264d3f3e125ad\CREATE~1.A​SP
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_permissions_b03f​5f7f11d50a3a_6.0.6000.20883_no​ne_7e4264d3f3e125ad\MANAGE~1.A​SP
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_permissions_b03f​5f7f11d50a3a_6.0.6001.18111_no​ne_94e532e5da90ed5b\CREATE~1.A​SP
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_permissions_b03f​5f7f11d50a3a_6.0.6001.18111_no​ne_94e532e5da90ed5b\MANAGE~1.A​SP
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_permissions_b03f​5f7f11d50a3a_6.0.6001.22230_no​ne_7e19a381f436666e\CREATE~1.A​SP
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_permissions_b03f​5f7f11d50a3a_6.0.6001.22230_no​ne_7e19a381f436666e\MANAGE~1.A​SP
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_perm_res_b03f5f7​f11d50a3a_6.0.6000.16720_none_​4cb2b120b7498755\CREATE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_perm_res_b03f5f7​f11d50a3a_6.0.6000.16720_none_​4cb2b120b7498755\MANAGE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_perm_res_b03f5f7​f11d50a3a_6.0.6000.20883_none_​35eac7c4d0ebcc48\CREATE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_perm_res_b03f5f7​f11d50a3a_6.0.6000.20883_none_​35eac7c4d0ebcc48\MANAGE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_perm_res_b03f5f7​f11d50a3a_6.0.6001.18111_none_​4c8d95d6b79b93f6\CREATE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_perm_res_b03f5f7​f11d50a3a_6.0.6001.18111_none_​4c8d95d6b79b93f6\MANAGE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_perm_res_b03f5f7​f11d50a3a_6.0.6001.22230_none_​35c20672d1410d09\CREATE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_perm_res_b03f5f7​f11d50a3a_6.0.6001.22230_none_​35c20672d1410d09\MANAGE~1.RES
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_providers_b03f5f​7f11d50a3a_6.0.6000.16720_none​_7325c867d7281910\CHOOSE~1.ASP
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_providers_b03f5f​7f11d50a3a_6.0.6000.16720_none​_7325c867d7281910\MANAGE~1.ASP
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_providers_b03f5f​7f11d50a3a_6.0.6000.16720_none​_7325c867d7281910\MANAGE~2.ASP
 Status: Locked to the Windows API!

 Path: C:\Windows\winsxs\x86_netfx-as​pnet_webadmin_providers_b03f5f​7f11d50a3a_Processes
 -------------------
 Path: System
 PID: 4 Status: Locked to the Windows API!

 Path: C:\Windows\System32\audiodg.ex​e
 PID: 1300 Status: Locked to the Windows API!

 SSDT
 -------------------
 #: 072 Function Name: NtCreateProcess
 Status: Hooked by "C:\Windows\system32\drivers\P​CTCore.sys" at address 0x8232e282

 #: 073 Function Name: NtCreateProcessEx
 Status: Hooked by "C:\Windows\system32\drivers\P​CTCore.sys" at address 0x8232e474

 #: 078 Function Name: NtCreateThread
 Status: Hooked by "<unknown>" at address 0x93925814

 #: 194 Function Name: NtOpenProcess
 Status: Hooked by "<unknown>" at address 0x93925800

 #: 201 Function Name: NtOpenThread
 Status: Hooked by "<unknown>" at address 0x93925805

 #: 334 Function Name: NtTerminateProcess
 Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTI​L.sys" at address 0x8f1ca0b0

 #: 383 Function Name: NtCreateUserProcess
 Status: Hooked by "C:\Windows\system32\drivers\P​CTCore.sys" at address 0x8232e67c

 Stealth Objects
 -------------------
 Object: Hidden Module [Name: msgsres.dll]
 Process: msnmsgr.exe (PID: 2532) Address: 0x66cf0000 Size: 11403264

 Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll]
 Process: msnmsgr.exe (PID: 2532) Address: 0x69460000 Size: 364544

 Object: Hidden Module [Name: msgrvsta.thm]
 Process: msnmsgr.exe (PID: 2532) Address: 0x6d100000 Size: 20480

 ==EOF==

grosbebe
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 10/12/2009 à 13:27:23  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour


 On continue


 Etape 1

 Relance OTL

 
  • Dans le cadre Custom Scans/Fixes qui est en bas, colle le contenu du cadre ci dessous :

 



:OTL
 [2009/12/09 13:38:47 | 00,061,440 | ---- | C] () -- C:\Windows\System32\drivers\qc​zytcpd.sys
 [2009/12/09 13:38:47 | 00,000,280 | ---- | C] () -- C:\Program Files\ampajh.txt

 :Commands
 [purity]
 [emptytemp]



 Puis clique sur le bouton Run Fix en haut.
 

  • Laisse OTL tourner, le pc va redémarrer.
  • Au redémarrage, un nouveau rapport va s'ouvrir, copie/colle son contenu ici svp


 Etape 2

 Tu as utilisé Combofix, supprime le.


 Télécharge Combofix sur ton bureau depuis un de ces deux liens
 http://download.bleepingcomput [...] mboFix.exe
 http://www.forospyware.com/sUBs/ComboFix.exe

 Ferme toutes tes fenêtres, désactive tes logiciels de sécurité.

 Double clique sur Combofix pour le lancer et suis les instructions à l'écran. Pendant qu'il travaillera, ne touche plus à rien.
 A priori il va redémarrer la machine, laisse le faire.
 A la fin, il te fournira un rapport dont j'aurai besoin, copie/colle son contenu ici svp.

 Une aide en image disponible ici


 Bonne journée

ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 10/12/2009 à 13:35:31  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
ok voici le rapport otl
 All processes killed
 ========== OTL ==========
 C:\Windows\System32\drivers\qc​zytcpd.sys moved successfully.
 C:\Program Files\ampajh.txt moved successfully.
 ========== COMMANDS ==========
 
 [EMPTYTEMP]
 
 User: All Users
 
 User: benoit
 ->Temp folder emptied: 2482426 bytes
 ->Temporary Internet Files folder emptied: 80263554 bytes
 ->Java cache emptied: 0 bytes
 ->FireFox cache emptied: 0 bytes
 
 User: Default
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 0 bytes
 
 User: Default User
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 0 bytes
 
 User: Public
 
 %systemdrive% .tmp files removed: 0 bytes
 %systemroot% .tmp files removed: 0 bytes
 %systemroot%\System32 .tmp files removed: 0 bytes
 Windows Temp folder emptied: 10454 bytes
 %systemroot%\system32\config\s​ystemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
 RecycleBin emptied: 0 bytes
 
 Total Files Cleaned = 78,92 mb
 
 
 OTL by OldTimer - Version 3.1.11.8 log created on 12102009_133035

 Files\Folders moved on Reboot...
 File\Folder C:\Users\benoit\AppData\Local\​Temp\~DF88E6.tmp not found!
 File\Folder C:\Users\benoit\AppData\Local\​Temp\~DF8906.tmp not found!

 Registry entries deleted on Reboot...

(Publicité)
ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 10/12/2009 à 13:39:27  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
par contre tu me demande de supprimer combofix mais je ne le trouve pas sur mon ordi ?

ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 10/12/2009 à 15:02:39  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bon ok voici le rapport de combofix
 ComboFix 09-12-09.04 - benoit 10/12/2009  14:52:24.1.4 - x86
 Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.33.1036.18.307​1.1979 [GMT 1:00]
 Lancé depuis: c:\users\benoit\Desktop\ComboF​ix.exe
 SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC​8560DA7}
 SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132​C1ACF46}
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 c:\$recycle.bin\S-1-5-21-36354​9488-1597083429-637128712-500
 c:\$recycle.bin\S-1-5-21-41720​95798-764186186-2404385666-100​0
 c:\$recycle.bin\S-1-5-21-49962​6708-1767869385-782512452-500

 .
 (((((((((((((((((((((((((((((   Fichiers créés du 2009-11-10 au 2009-12-10  ))))))))))))))))))))))))))))))​))))))
 .

 2009-12-10 13:57 . 2009-12-10 13:57 -------- d-----w- c:\users\Default\AppData\Local​\temp
 2009-12-10 12:30 . 2009-12-10 12:30 -------- d-----w- C:\_OTL
 2009-12-10 11:25 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dl​l
 2009-12-10 11:25 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\ht​tp.sys
 2009-12-10 11:25 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dl​l
 2009-12-05 13:24 . 2009-12-10 13:45 56816 ----a-w- c:\windows\system32\drivers\av​gntflt.sys
 2009-12-05 13:24 . 2009-03-30 09:32 96104 ----a-w- c:\windows\system32\drivers\av​ipbb.sys
 2009-12-05 13:24 . 2009-12-05 13:24 -------- d-----w- c:\programdata\Avira
 2009-12-05 13:24 . 2009-12-05 13:24 -------- d-----w- c:\program files\Avira
 2009-12-01 20:34 . 2009-12-01 20:34 33558 ----a-w- c:\programdata\Google\Toolbar for Firefox\Firefox_Toolbar_Uninst​aller.exe
 2009-11-26 04:23 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
 2009-11-25 04:24 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
 2009-11-25 04:24 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
 2009-11-17 17:53 . 2009-11-17 17:53 -------- d-----w- c:\programdata\F-Secure
 2009-11-14 13:28 . 2009-11-14 13:28 -------- d-----w- c:\program files\ESET
 2009-11-13 21:14 . 2009-11-13 21:14 117760 ----a-w- c:\users\benoit\AppData\Roamin​g\SUPERAntiSpyware.com\SUPERAn​tiSpyware\SDDLLS\UIREPAIR.DLL
 2009-11-13 21:13 . 2009-11-13 21:13 -------- d-----w- c:\programdata\SUPERAntiSpywar​e.com
 2009-11-13 21:12 . 2009-11-13 21:12 -------- d-----w- c:\program files\SUPERAntiSpyware
 2009-11-13 21:12 . 2009-11-13 21:12 -------- d-----w- c:\users\benoit\AppData\Roamin​g\SUPERAntiSpyware.com
 2009-11-13 21:12 . 2009-11-13 21:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
 2009-11-12 21:30 . 2009-11-14 13:19 -------- d-----w- C:\GenProc
 2009-11-12 07:16 . 2009-11-12 07:19 -------- d-----w- c:\program files\a-squared Free
 2009-11-12 06:59 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
 2009-11-12 06:58 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
 2009-11-12 06:02 . 2009-11-12 06:58 -------- d-----w- c:\windows\BDOSCAN8

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2009-12-10 13:49 . 2008-09-11 23:53 669328 ----a-w- c:\windows\system32\perfh00C.d​at
 2009-12-10 13:49 . 2008-09-11 23:53 123350 ----a-w- c:\windows\system32\perfc00C.d​at
 2009-12-10 12:31 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
 2009-12-08 17:57 . 2009-07-09 03:22 -------- d-----w- c:\users\benoit\AppData\Roamin​g\vlc
 2009-12-07 13:16 . 2009-10-27 13:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
 2009-12-03 15:14 . 2009-10-27 13:22 38224 ----a-w- c:\windows\system32\drivers\mb​amswissarmy.sys
 2009-12-03 15:13 . 2009-10-27 13:22 19160 ----a-w- c:\windows\system32\drivers\mb​am.sys
 2009-11-28 06:03 . 2009-07-25 13:12 10 ----a-w- c:\windows\popcinfo.dat
 2009-11-21 06:40 . 2009-12-09 12:30 916480 ----a-w- c:\windows\system32\wininet.dl​l
 2009-11-21 06:34 . 2009-12-09 12:30 109056 ----a-w- c:\windows\system32\iesysprep.​dll
 2009-11-21 06:34 . 2009-12-09 12:30 71680 ----a-w- c:\windows\system32\iesetup.dl​l
 2009-11-21 04:59 . 2009-12-09 12:30 133632 ----a-w- c:\windows\system32\ieUnatt.ex​e
 2009-11-09 15:26 . 2009-11-09 15:07 102 ----a-w- c:\users\benoit\AppData\Roamin​g\wklnhst.dat
 2009-11-09 15:08 . 2009-11-09 15:08 -------- d-----w- c:\users\benoit\AppData\Roamin​g\Template
 2009-11-06 04:29 . 2009-06-30 11:52 -------- d-----w- c:\program files\Windows Live
 2009-11-06 04:29 . 2009-11-06 04:29 -------- d-----w- c:\program files\Microsoft
 2009-11-04 04:28 . 2009-11-04 04:28 -------- d-----w- c:\program files\Common Files\Adobe
 2009-11-04 04:26 . 2009-10-16 03:47 -------- d-----w- c:\programdata\Google Updater
 2009-11-02 19:42 . 2009-10-02 18:11 195456 ------w- c:\windows\system32\MpSigStub.​exe
 2009-11-01 03:50 . 2008-09-11 14:24 -------- d--h--w- c:\program files\InstallShield Installation Information
 2009-11-01 03:48 . 2009-07-21 16:14 -------- d-----w- c:\program files\Mindscape
 2009-10-27 13:22 . 2009-10-27 13:22 -------- d-----w- c:\users\benoit\AppData\Roamin​g\Malwarebytes
 2009-10-27 13:22 . 2009-10-27 13:22 -------- d-----w- c:\programdata\Malwarebytes
 2009-10-27 13:08 . 2009-10-03 07:53 -------- d-----w- c:\program files\maj
 2009-10-26 12:25 . 2009-10-26 12:25 -------- d-----w- c:\program files\CCleaner
 2009-10-26 11:40 . 2009-10-26 11:40 -------- d-----w- c:\program files\ma-config.com
 2009-10-26 11:40 . 2009-10-26 11:40 -------- d-----w- c:\programdata\ma-config.com
 2009-10-24 13:54 . 2009-07-14 04:51 -------- d-----w- c:\users\benoit\AppData\Roamin​g\dvdcss
 2009-10-23 06:26 . 2009-10-23 06:26 604416 ----a-w- c:\windows\system32\TUProgSt.e​xe
 2009-10-23 06:26 . 2009-10-23 06:26 361216 ----a-w- c:\windows\system32\TuneUpDefr​agService.exe
 2009-10-23 06:26 . 2009-10-23 06:23 -------- d-----w- c:\program files\TuneUp Utilities 2009
 2009-10-23 06:23 . 2009-10-23 06:23 -------- d-----w- c:\users\benoit\AppData\Roamin​g\TuneUp Software
 2009-10-23 06:23 . 2009-10-23 06:23 -------- d-----w- c:\programdata\TuneUp Software
 2009-10-23 06:22 . 2009-10-23 06:22 -------- d-sh--w- c:\programdata\{55A29068-F2CE-​456C-9148-C869879E2357}
 2009-10-21 16:51 . 2009-07-21 16:15 -------- d-----w- c:\programdata\QuickTime
 2009-10-20 17:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
 2009-10-16 17:16 . 2009-10-16 05:10 -------- d-----w- c:\programdata\STOPzilla!
 2009-10-16 17:08 . 2009-10-16 17:08 240 ----a-w- c:\windows\system32\drivers\kg​pcpy.cfg
 2009-10-16 11:32 . 2009-10-16 03:52 -------- d-----w- c:\program files\Spyware Doctor
 2009-10-16 05:16 . 2009-10-16 05:11 -------- d-----w- c:\programdata\SITEguard
 2009-10-16 05:10 . 2009-10-16 05:10 -------- d-----w- c:\program files\Common Files\iS3
 2009-10-16 04:38 . 2009-10-16 04:17 -------- d-----w- c:\users\benoit\AppData\Roamin​g\HouseCall 6.6
 2009-10-16 03:53 . 2009-10-16 03:52 -------- d-----w- c:\program files\Common Files\PC Tools
 2009-10-16 03:52 . 2009-10-16 03:52 -------- d-----w- c:\users\benoit\AppData\Roamin​g\PC Tools
 2009-10-16 03:52 . 2009-10-16 03:52 -------- d-----w- c:\programdata\PC Tools
 2009-10-16 03:47 . 2009-06-30 12:05 -------- d-----w- c:\program files\Google
 2009-10-16 03:37 . 2009-10-16 03:33 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
 2009-10-16 03:33 . 2009-10-16 03:33 -------- d-----w- c:\programdata\WLInstaller
 2009-10-15 17:50 . 2008-09-11 14:26 -------- d-----w- c:\program files\Hewlett-Packard
 2009-10-07 12:41 . 2009-12-09 12:30 244224 ----a-w- c:\windows\system32\rastls.dll
 2009-10-07 12:41 . 2009-12-09 12:30 281600 ----a-w- c:\windows\system32\raschap.dl​l
 2009-09-14 22:38 . 2009-09-14 22:38 79856 ----a-w- c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a8​69-9855de68056c}\uninstaller.e​xe
 2009-09-14 09:44 . 2009-10-13 21:23 144896 ----a-w- c:\windows\system32\drivers\sr​v2.sys
 2003-01-30 04:04 . 2009-10-03 07:53 1500160 ----a-w- c:\program files\cc3260mt.dll
 1999-03-03 19:00 . 2009-10-03 07:53 908800 ----a-w- c:\program files\CP3245MT.DLL
 1999-01-07 19:02 . 2009-10-03 07:53 1888232 ----a-w- c:\program files\VCL40.BPL
 1998-06-18 18:00 . 2009-10-03 07:53 252408 ----a-w- c:\program files\VCLX40.BPL
 1998-02-09 18:00 . 2009-10-03 07:53 29952 ----a-w- c:\program files\BORLNDMM.DLL
 2008-09-12 00:05 . 2008-09-12 00:05 8192 --sha-w- c:\windows\Users\Default\NTUSE​R.DAT
 .

 ((((((((((((((((((((((((((((((​(((   Points de chargement Reg   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 REGEDIT4

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW" [X]
 "ISUSPM Startup"="c:\progra~1\COMMON~1​\INSTAL~1\UPDATE~1\isuspm.exe -startup" [X]
 "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
 "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
 "swg"="c:\program files\Google\GoogleToolbarNoti​fier\GoogleToolbarNotifier.exe​" [2009-06-30 39408]
 "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAn​tiSpyware.exe" [2009-11-11 2001648]
 "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe -hide" [X]
 "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Stat​ic\CLIStart.exe MSRun" [X]
 "ISUSScheduler"="c:\progra~1\C​OMMON~1\INSTAL~1\UPDATE~1\issc​h.exe -start" [X]
 "QuickTime Task"="c:\program files\QuickTime\qttask.exe -atboottime" [X]
 "hpsysdrv"="c:\hp\support\hpsy​sdrv.exe" [2007-04-18 65536]
 "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
 "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-11-03 182808]
 "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
 "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

 c:\programdata\Microsoft\Windo​ws\Start Menu\Programs\Startup\
 ButtonManager.lnk - c:\program files\HP\Button Manager\BM.exe [2009-8-9 266240]
 Magic-i.lnk - c:\program files\ArcSoft\Magic-i 3\Magic-i.exe [2009-8-9 530944]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\policies\system]
 "EnableLUA"= 0 (0x0)
 "EnableUIADesktopToggle"= 0 (0x0)

 [hkey_local_machine\software\mi​crosoft\windows\currentversion​\explorer\ShellExecuteHooks]
 "{5AE067D3-9AFB-48E0-853A-EBB7​F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.​DLL" [2008-05-13 77824]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
 2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINL​O.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "aux2"=wdmaud.drv

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\sdauxservice]
 @=""

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\sdcoreservice]
 @=""

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\WinDefend]
 @="Service"

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​run-]
 "ISUSPM Startup"=c:\progra~1\COMMON~1\​INSTAL~1\UPDATE~1\isuspm.exe -startup

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\run-]
 "HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
 "SunJavaUpdateSched"="c:\progr​am files\Java\jre6\bin\jusched.ex​e"
 "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
 "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateServ​ice\issch.exe" -start
 "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
 "ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring"=dword:0000​0001

 R0 PCTCore;PCTools KDS;c:\windows\System32\driver​s\PCTCore.sys [16/10/2009 04:52 130936]
 R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifs​v.sys [11/11/2009 10:44 9968]
 R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTI​L.SYS [11/11/2009 10:44 74480]
 R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12/11/2009 08:16 1858144]
 R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [05/12/2009 14:24 108289]
 R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\sv​chost.exe -k netsvcs [21/01/2008 03:23 21504]
 R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM​.SYS [11/11/2009 10:44 7408]
 S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfserv​ice.exe [23/09/2009 14:50 238960]
 S3 PCD5SRVC{BD6912E3-AC9D80E8-050​40000};PCD5SRVC{BD6912E3-AC9D8​0E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PC​D5SRVC.pkms [22/05/2008 20:20 20640]
 S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [16/10/2009 04:52 348752]

 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
 UxTuneUp
 ezSharedSvc
 .
 ------- Examen supplémentaire -------
 .
 mStart Page = hxxp://www.ustart.org
 IE: &Recherche AOL Toolbar - c:\programdata\AOL\ieToolbar\r​esources\fr-FR\local\search.ht​ml
 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolba​rDynamic_mui_en_60D6097707281E​79.dll/cmsidewiki.html
 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF​06D9A1B} - hxxp://game.zylom.com/activex/​zylomgamesplayer.cab
 FF - ProfilePath - c:\users\benoit\AppData\Roamin​g\Mozilla\Firefox\Profiles\wgn​t27b1.default\
 FF - prefs.js: browser.search.selectedEngine - uStart
 FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink​/?LinkId=69157
 FF - prefs.js: keyword.URL - hxxp://www.google.com/search?i​e=UTF-8&oe=UTF-8&sourceid=navc​lient&gfns=1&q=
 FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDete​ct13.dll
 FF - plugin: c:\program files\ma-config.com\nphardware​detection.dll
 FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamespl​ayer.dll
 FF - plugin: c:\programdata\Zylom\ZylomGame​sPlayer\npzylomgamesplayer.dll
 FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825​760534b} - c:\windows\Microsoft.NET\Frame​work\v3.5\Windows Presentation Foundation\DotNetAssistantExte​nsion\

 ---- PARAMETRES FIREFOX ----
 FF - user.js: network.http.max-persistent-co​nnections-per-server - 4
 FF - user.js: nglayout.initialpaint.delay - 600
 FF - user.js: content.notify.interval - 600000
 FF - user.js: content.max.tokenizing.time - 1800000
 FF - user.js: content.switch.threshold - 600000
 .
 - - - - ORPHELINS SUPPRIMES - - - -

 Toolbar-SITEguard - (no file)
 AddRemove-HijackThis - c:\users\benoit\AppData\Local\​Microsoft\Windows\Temporary Internet Files\Content.IE5\9S8RFS1J\Hij​ackThis.exe



 ******************************​******************************​**************

 catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2009-12-10 14:58
 Windows 6.0.6001 Service Pack 1 NTFS

 Recherche de processus cachés ...

 Recherche d'éléments en démarrage automatique cachés ...

 Recherche de fichiers cachés ...

 Scan terminé avec succès
 Fichiers cachés: 0

 ******************************​******************************​**************

 [HKEY_LOCAL_MACHINE\system\Cont​rolSet001\Services\PCD5SRVC{BD​6912E3-AC9D80E8-05040000}]
 "ImagePath"="\??\c:\progra~1\P​C-DOC~1\PCD5SRVC.pkms"
 .
 Heure de fin: 2009-12-10  15:00:17
 ComboFix-quarantined-files.txt  2009-12-10 14:00

 Avant-CF: 207 018 708 992 octets libres
 Après-CF: 206 978 269 184 octets libres

 - - End Of File - - AB51F50767A98F23C1164D6F2F065C​AA

ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 10/12/2009 à 16:13:04  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
je viens de m'apercevoir que l'analyse combofix m'a supprimer windows live messenger et comme ce virus je l'ai attrapé par msn, ca ressemblait à une adresse http donc je l'ai bètement recopié sur google j'ai bien eu un message d'un logiciel malveillant mais j'ai téléchargé quand meme car ca venait d'un de mes contacts donc je me suis pas méfié. serait il possible que le trojan se trouvait dans msn et que mon pc serait finalement nettoyé ?

ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 10/12/2009 à 16:19:16  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
J'ai aussi un message d'erreur lorsque je veux lancer avira : ondblclick()failed

grosbebe
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 10/12/2009 à 21:47:28  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir Ben


 ça m'étonnerait que Combofix ait supprimé WLM. Est ce que tu pourrais me poster ce rapport svp :

 C:\qoobox\Combofix-quarantined​-files.txt


 Bonne soirée  :hello:

ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 11/12/2009 à 13:37:54  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re grobébé, en ce qui concerne msn je l'ai retélécharger car introuvable après l'analyse de combofix, donc je ne sais pas si c'est due à combofix enfin bref je n'y connais pas grand chose comparé à toi donc voici le rapport de quarantaine combofix
 2009-12-10 13:59:56 . 2009-12-10 13:59:56            1,010 ----a-w-  C:\Qoobox\Quarantine\Registry_​backups\AddRemove-HijackThis.r​eg.dat
 2009-12-10 13:59:42 . 2009-12-10 13:59:42              121 ----a-w-  C:\Qoobox\Quarantine\Registry_​backups\Toolbar-SITEguard.reg.​dat
 2009-12-10 13:56:17 . 2009-12-10 13:56:17            7,431 ----a-w-  C:\Qoobox\Quarantine\Registry_​backups\tcpip.reg
 2009-11-12 22:38:13 . 2009-12-10 13:52:24              113 ----a-w-  C:\Qoobox\Quarantine\catchme.l​og
 a bientot grosbébé

grosbebe
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 11/12/2009 à 21:34:32  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re


 Je ne sais pas ce qui s'est passé avec MSN, il n'apparait pas dans la liste des éléments supprimés par Combofix.


 Est ce que tu as encore des alertes d'antivir ? si oui, il devrait te dire où se situe l'infection (une capture d'écran m'aiderait peut être).


 Bonne soirée

ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 12/12/2009 à 13:26:01  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re grosbébé et bien je n'ai plus d'alerte de virus mais il y a une dizaine de jours je suis resté 6 jours sans avoir d'alerte je le croyais parti ou supprimer mais un matin tout étais figé. J'ai donc éteint l'ordi avec l'interupteur mais au redémarrage windows ne se lancait plus du tout, obligé de démarrer en mode sans échec et de faire un point de restauration. Mais n'y aurait t'il pas un moyen de savoir s'il est toujours contaminé, car avira me détecte aucun virus à l'analyse mais je suis sceptique ?

grosbebe
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 12/12/2009 à 16:08:16  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut

 Généralement, quand je ne vois plus rien et que l'internaute n'a plus d'alerte, je lance 2 scans supplémentaires. Voici ce que je te propose : on lance ces 2 scans, puis si Antivir ne te détecte toujours rien dans les 3 ou 4 jours qui viennent, et bien on pourra supposer que c'est bon.



 Etape 1

 Relance TFC et laisse le pc redémarrer.



 Etape 2

 
  • Lance Malwarebyte et mets à jour la base de définition en allant dans l'onglet "Mise à jour" puis "recherche de mise à jour".
  • Choisi Exécuter un examen rapide puis Rechercher
  • Laisse l'analyse se faire (cela peut durer longtemps).
  • A la fin, vérifie que les éléments trouvés soient cochés (dans "Résultat de l'examen" ).
  • Puis clique sur Supprimer la sélection en bas.
  • Un redémarrage peut être nécessaire.

 Un rapport va s'afficher, enregistre-le sur ton bureau. Sinon, après le démarrage, il se trouvera dans l'onglet Rapports/logs

 Et poste le rapport svp

 Une aide à l'utilisation ici



 Etape 3

 La version de Java qui est installée n'est pas à jour :
 Télécharge JavaRa.zip sur ton bureau.

* Décompresse le fichier sur ton bureau (clic droit > Extraire tout)

* Double-clique sur le répertoire JavaRa obtenu

* Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher)

* Choisis dans le menu déroulante : French

* Clique sur Recherche de mise à jour s

* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher

* Autorise le processus à se connecter s'il te le demande, clique sur Installer et suis les instructions d'installation. Cela prendra quelques minutes.

* Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Effacer les anciennes versions

* Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.

* Ferme l'application



 Etape 4

 Rends toi sur kaspersky online scanner (clique ici)

 
  • Clique sur Accept en bas pour installer le programme.
  • Ferme toutes tes fenêtres et désactive tes logiciels de sécurité.
  • Clique sur exécuter pour lancer le programme.
Patiente le temps de la mise à jour ...
 
  • Clique sur my computer sous scan (à gauche)
Patiente le temps du scan.
 
  • Dès que c'est fini, clique sur Report... à gauche, puis clique sur save report...

 Sauvegarde le rapport sous le nom kaspersky.txt et copie/colle son contenu ici svp.
 Réactive ton antivirus.

 ps : n'utilise pas ton pc le temps du scan.

 Une aide en image ici


 Bonne journée

ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 13/12/2009 à 07:30:48  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
voici le rapport malwarebytes
 Malwarebytes' Anti-Malware 1.42
 Version de la base de données: 3351
 Windows 6.0.6001 Service Pack 1
 Internet Explorer 8.0.6001.18865

 13/12/2009 07:25:33
 mbam-log-2009-12-13 (07-25-33).txt

 Type de recherche: Examen rapide
 Eléments examinés: 94240
 Temps écoulé: 3 minute(s), 24 second(s)

 Processus mémoire infecté(s): 0
 Module(s) mémoire infecté(s): 0
 Clé(s) du Registre infectée(s): 0
 Valeur(s) du Registre infectée(s): 0
 Elément(s) de données du Registre infecté(s): 0
 Dossier(s) infecté(s): 0
 Fichier(s) infecté(s): 0

 Processus mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Module(s) mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Clé(s) du Registre infectée(s):
 (Aucun élément nuisible détecté)

 Valeur(s) du Registre infectée(s):
 (Aucun élément nuisible détecté)

 Elément(s) de données du Registre infecté(s):
 (Aucun élément nuisible détecté)

 Dossier(s) infecté(s):
 (Aucun élément nuisible détecté)

 Fichier(s) infecté(s):
 (Aucun élément nuisible détecté)

grosbebe
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 15/12/2009 à 21:37:01  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Ok, des soucis avec Kaspersky ?

grosbebe
Sur la bonne voie (de 100 à 499 messages postés)
  1. Posté le 16/12/2009 à 19:04:22  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir

 Des soucis avec Kaspersky ?

 :hello:

ben1748
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 20/12/2009 à 06:42:24  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour grosbébé, et bien voici une semaine que je n'ai plus du tout de nouvelle du trojan, donc je tenais à te remercier sincèrement pour ton aide, car je n'y serais jamais arrivé sans toi, encore MERCI

 Page :
1

Aller à :
 

Sujets relatifs
trojan ... Avast.exe n'est une application Win32 valide... trojan horse!!!!
[résolu]trojan dans win32 album photo 2007 besoin d'aide pour supprimer Trojan Win32
encor ce trojan Impossible de supprimer "the best offers"
Plus de sujets relatifs à : trojan impossible à supprimer

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
problème avec avira bloqué sur fichiers(résolu) 3
win7upd.exe Quoi qu'est-ce ? ? ? 3
Accès Clé USB 1
mon ordi emet des voix d'animaux lorsque je vais sur le net 1
Windows security center impossible à supprimer 11