Se connecter / S'enregistrer
Votre question

besoin d'aide contre virus de gendarmerie svp

Tags :
  • Système d'exploitation
  • locked
  • Virus
  • Windows 7
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Juin 2012 18:47:19

Bonjour, mon pc est infecté par le virus de la gendarmerie, mes fichiers sont locked.. j'aurai besoin d'aide svp
J'ai ci dessous le srapports d'erreur:
Rapport RK 1:
RogueKiller V7.5.3 [05/06/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: Clément [Droits d'admin]
Mode: Recherche -- Date: 05/06/2012 22:56:33

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 4 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : AC90A45A (C:\Users\Clément\AppData\Roaming\Reua\5BE216C8AC90A45A6BF1.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-4131545949-3960640990-928011974-1001[...]\Run : AC90A45A (C:\Users\Clément\AppData\Roaming\Reua\5BE216C8AC90A45A6BF1.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NON CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-22A0RT0 +++++
--- User ---
[MBR] 11babb25e48b002f37280f886a4c7b5d
[BSP] 599d65a574b221104a0fc2815fe6aaa4 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26830848 | Size: 597378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1].txt >>
RKreport[1].txt

Je copie colle la suite des rapports ci dessous...Merci de votre aide

Autres pages sur : besoin aide contre virus gendarmerie svp

6 Juin 2012 18:48:06

Rapport RK 2:

RogueKiller V7.5.3 [05/06/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueK...
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: Clément [Droits d'admin]
Mode: Suppression -- Date: 05/06/2012 22:57:00

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 3 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : AC90A45A (C:\Users\Clément\AppData\Roaming\Reua\5BE216C8AC90A45A6BF1.exe) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NON CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-22A0RT0 +++++
--- User ---
[MBR] 11babb25e48b002f37280f886a4c7b5d
[BSP] 599d65a574b221104a0fc2815fe6aaa4 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26830848 | Size: 597378 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



m
0
l
6 Juin 2012 18:49:31

Rapport OTL

OTL logfile created on: 05/06/2012 23:19:33 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Clément\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,93 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 58,09% Memory free
5,86 Gb Paging File | 4,49 Gb Available in Paging File | 76,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583,38 Gb Total Space | 185,22 Gb Free Space | 31,75% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CLÉMENT-PC | User Name: Clément | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/05 22:57:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Clément\Desktop\OTL.exe
PRC - [2012/05/08 14:50:06 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2011/12/01 18:55:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/01 18:55:07 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/12/01 18:55:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/07 12:21:00 | 000,107,008 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
PRC - [2010/04/07 20:14:12 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2010/04/01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/02/26 23:39:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/06/05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/26 23:39:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/04/23 10:46:22 | 000,867,360 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009/07/14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV - [2012/05/08 14:50:06 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/12/01 18:55:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/01 18:55:07 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2011/12/01 18:55:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/27 09:41:17 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/04 20:15:16 | 000,018,272 | ---- | M] (SFR) [Auto | Stopped] -- C:\Program Files (x86)\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe -- (SFR.DashBoard.Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/06/05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 01:03:01 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/01 18:55:27 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/12/01 18:55:27 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/07/27 00:19:30 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/04/07 20:04:22 | 002,216,960 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/03/30 14:09:48 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2010/03/30 14:09:48 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/03/30 14:09:48 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/03/30 14:09:48 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/09/18 06:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/02 21:54:18 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/11 22:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/10 16:45:10 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/06/20 14:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/06/20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&...
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&...
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&...
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&...
IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.ask.com/?l=dis&o=APN10023&gct=hp
IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111789&babsrc=SP_ss&mntrId=ac90a45a00000000000070f1a1e7d857
IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_frFR407FR407
IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://proxy.kodak.com:81/proxy.pac


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/12 18:39:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/12 18:39:52 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UVS12 Preload] C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe (Ulead Systems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4131545949-3960640990-928011974-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4131545949-3960640990-928011974-1001..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4131545949-3960640990-928011974-1001..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Clément\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Afficher ou masquer l'HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.... (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/Gam... (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-wind... (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPACl... (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-wind... (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-wind... (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94BC9B55-6774-49FF-AB4E-7ECB9A05055C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e7198d80-bbab-11e0-8873-206a8a13a59c}\Shell - "" = AutoRun
O33 - MountPoints2\{e7198d80-bbab-11e0-8873-206a8a13a59c}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {DEFD3101-6F46-CA01-2438-80343DC377D6} - Microsoft Windows Media Player
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

(suite après)
m
0
l
Contenus similaires
6 Juin 2012 18:50:11

Rapport OTL suite

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/05 22:57:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Clément\Desktop\OTL.exe
[2012/06/05 22:55:09 | 000,000,000 | ---D | C] -- C:\Users\Clément\Desktop\RK_Quarantine
[2012/06/05 22:31:55 | 000,000,000 | ---D | C] -- C:\Users\Clément\Desktop\Nouveau dossier (3)
[2012/06/05 22:19:38 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Roaming\Reua
[2012/06/05 19:54:14 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{6586CF97-3E9F-4381-8221-ACE01BF87E50}
[2012/06/05 19:53:43 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{5698497A-F345-402B-8FA5-1564DD4FFA01}
[2012/06/04 20:26:29 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{79514C06-F339-47E3-8C98-4E198E3F2C15}
[2012/06/04 20:25:56 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{17528A4E-B5E7-4BBB-BA48-8EC63D6AC1B9}
[2012/06/03 19:22:14 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{F22E8267-EDE2-4FCB-B893-80CB9CD36D79}
[2012/06/03 19:21:43 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{1C495023-03E4-4183-8A7B-9FC974F586F1}
[2012/06/02 23:29:55 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{0EB6018B-8E94-41D1-A8E0-773DAB748E2B}
[2012/06/02 23:29:24 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{FCCAF303-5E01-4418-8E68-58439F00E07D}
[2012/06/01 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{19FFF108-51C5-44B6-871E-AB49F25FB5E8}
[2012/06/01 17:35:26 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{C0EB05E3-02CE-46EE-BCA9-0D0314D2E4D4}
[2012/05/31 19:14:19 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{FEE18931-D571-4098-8813-12466B206717}
[2012/05/31 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{46E48CA3-699B-47C2-800A-4A3741EDF60F}
[2012/05/31 10:57:18 | 000,000,000 | ---D | C] -- C:\Users\Clément\Desktop\fac
[2012/05/31 00:16:58 | 000,000,000 | ---D | C] -- C:\Users\Clément\Desktop\lisa
[2012/05/30 18:15:37 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{99B5FD85-4434-453A-ACA1-89C48E1D2B68}
[2012/05/30 18:15:06 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{FCA41BF7-8794-444E-A1E9-04E3972CC1E3}
[2012/05/29 23:59:31 | 000,000,000 | ---D | C] -- C:\Users\Clément\Desktop\Nouveau dossier (2)
[2012/05/29 20:41:22 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{B31AD043-B317-47C6-B81F-317A455231A6}
[2012/05/29 20:40:51 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{E046F6A6-D7B8-4266-981E-8BA6EB3F9BBA}
[2012/05/28 22:38:05 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{A835FD19-F72B-44B4-9276-180018ED8DE8}
[2012/05/28 22:37:34 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{51BA0376-AA6F-4D18-A8FF-2FDC80C4C907}
[2012/05/28 10:36:49 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{331867DC-AAB2-43EE-88C1-AD23DA143AF8}
[2012/05/28 10:36:18 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{3B1DB19E-07D2-4BE2-8322-DECF2ACA3816}
[2012/05/27 17:12:53 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{077F2D11-AD66-4362-8C9D-7623F84EE785}
[2012/05/27 17:12:22 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{2C97694A-14E9-479F-88A7-76B638E4931E}
[2012/05/26 17:14:59 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{611D7257-EA77-478A-B7DD-FFCAC699FBFE}
[2012/05/26 17:14:27 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{7AC46CBF-9C07-426D-AACE-0C288A7CD63E}
[2012/05/25 18:42:42 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{38F3F96B-8B1B-4D27-B7AD-80D02CA7368F}
[2012/05/25 18:42:11 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{5BD5D37B-33CC-4269-9ABE-8860D50D17D6}
[2012/05/23 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{B0B55413-5AF4-42A5-A0DE-CBEA8B70BE99}
[2012/05/23 19:40:21 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{C9A88340-5819-4584-A331-3ED8C51230DB}
[2012/05/22 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{D3262044-3358-464F-BFCF-402BC81AB7B6}
[2012/05/22 21:00:41 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{012DE1FC-8E12-4E9F-B681-8A63544CAB2B}
[2012/05/21 18:38:56 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{71ABE0AA-04D8-4631-B395-A7FFF08C3598}
[2012/05/21 18:38:25 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{E5F3D6BA-D274-489B-B2CF-899FEC628819}
[2012/05/20 22:53:23 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{F2795F8C-B58C-400E-82DF-837451B3E7D1}
[2012/05/20 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{4C094102-792B-4D23-A5E2-9B4712AD9CBF}
[2012/05/20 12:16:22 | 000,000,000 | ---D | C] -- C:\Users\Clément\Desktop\Nouveau dossier
[2012/05/20 10:52:07 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{07D5AA9B-433A-4160-AF23-886E639BCADB}
[2012/05/20 10:51:36 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{167EC9EC-E010-4D9E-8AE2-4FC4D0645B96}
[2012/05/19 18:00:32 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{E598AFA9-FB48-4545-BBD3-35294299C408}
[2012/05/19 18:00:02 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{6BB5799C-2B99-4B63-A1BF-58E9187659DE}
[2012/05/18 18:11:51 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{2F8FA667-1A28-4384-8F6B-8E2FA775C497}
[2012/05/17 18:18:58 | 000,000,000 | ---D | C] -- C:\Users\Clément\Desktop\trad
[2012/05/16 21:38:37 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{8D831DF4-782A-470C-BC2D-1E2FB274B468}
[2012/05/16 21:38:06 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{D3886A59-4490-4CEF-BB7C-5C93779AD41E}
[2012/05/14 19:57:48 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{C6511E51-96A8-419D-A7E5-96896D581C3F}
[2012/05/14 19:57:17 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{63B33771-F99C-4AE3-8A36-FD12E138456F}
[2012/05/13 17:25:56 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{D80AC46C-A808-41C5-8692-142E26C15782}
[2012/05/13 17:25:25 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{147AD449-AB99-4141-8BE5-FF01EBED585C}
[2012/05/12 20:26:51 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{FE47ACF9-1CC2-4F06-847B-2C89E6165A68}
[2012/05/12 20:26:20 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{3F5FE85E-162D-420A-82BC-05CB624D7E41}
[2012/05/12 08:25:16 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{EC93D761-E967-4B8F-B97C-10E40C9545AF}
[2012/05/12 08:24:45 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{AF4990D7-417D-40BE-8B6F-97F46738E8E9}
[2012/05/11 19:33:46 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{FBF88C25-E6C6-4086-9DB1-61CFBF0973C1}
[2012/05/11 19:33:13 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{6F5B91BC-5F03-47D7-9CF5-45275D387AE6}
[2012/05/10 22:41:19 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/10 22:41:17 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/10 22:41:17 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/10 22:41:17 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/10 18:54:34 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{BA0A44A0-18DE-484C-9681-F99C247A1C00}
[2012/05/10 18:54:03 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{F415A629-1830-4CB0-9CE9-27D969A758A5}
[2012/05/08 22:44:16 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{581E15FA-4095-472D-961D-F4DDAA94CE7C}
[2012/05/08 22:43:45 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{A6ED9EB6-8A7F-4255-BDE7-58DC4430896A}
[2012/05/08 14:50:06 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/08 14:27:19 | 000,000,000 | ---D | C] -- C:\Users\Clément\Documents\Siteweb
[2012/05/07 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{2ED8B93A-F734-42ED-BD95-C4EAF20D0DCD}
[2012/05/07 19:47:27 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{AC10E941-35D5-485A-8C75-7E8A14DFB3A4}

========== Files - Modified Within 30 Days ==========

[2012/06/05 23:16:05 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/05 22:57:33 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Clément\Desktop\OTL.exe
[2012/06/05 22:54:03 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 22:54:03 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/05 22:49:00 | 000,002,770 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml
[2012/06/05 22:49:00 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job
[2012/06/05 22:47:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/05 22:46:22 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/05 22:46:03 | 2360,025,088 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/05 22:37:00 | 000,048,113 | ---- | M] () -- C:\Users\Clément\Desktop\locked-Troupe mois d'aout.odt.lvpr
[2012/06/05 22:35:32 | 000,115,200 | ---- | M] () -- C:\Users\Clément\Desktop\locked-Textes bac (1).VSP.pnbl
[2012/06/05 22:35:32 | 000,019,193 | ---- | M] () -- C:\Users\Clément\Desktop\locked-Sans nom 1.odt.rish
[2012/06/05 22:35:30 | 000,716,808 | ---- | M] () -- C:\Users\Clément\Desktop\locked-S73F1742.JPG.odjx
[2012/06/05 22:35:29 | 001,505,520 | ---- | M] () -- C:\Users\Clément\Desktop\locked-passeport.pdf.rish
[2012/06/05 22:34:43 | 000,152,925 | ---- | M] () -- C:\Users\Clément\Desktop\locked-numérisation0003.jpg.ndjt
[2012/06/05 22:34:42 | 000,054,289 | ---- | M] () -- C:\Users\Clément\Desktop\numérisation0001.jpg
[2012/06/05 22:34:29 | 008,544,789 | ---- | M] () -- C:\Users\Clément\Desktop\locked-Mozart - Requiem.mp3.ywyp
[2012/06/05 22:34:29 | 006,220,100 | ---- | M] () -- C:\Users\Clément\Desktop\locked-Metallica - Nothing Else Matters.mp3.fkcm
[2012/06/05 22:34:29 | 000,022,884 | ---- | M] () -- C:\Users\Clément\Desktop\locked-noir.jpg.hzbl
[2012/06/05 22:34:28 | 735,453,184 | ---- | M] () -- C:\Users\Clément\Desktop\locked-La.Ligne.Verte.avi.mlvp
[2012/06/05 22:34:28 | 000,291,706 | ---- | M] () -- C:\Users\Clément\Desktop\locked-Le vote 2.jpg.reua
[2012/06/05 22:34:28 | 000,173,480 | ---- | M] () -- C:\Users\Clément\Desktop\libredetre copie.jpg
[2012/06/05 22:34:28 | 000,025,879 | ---- | M] () -- C:\Users\Clément\Desktop\locked-Le curé de Cucugnand.odt.lnri
[2012/06/05 22:34:28 | 000,024,197 | ---- | M] () -- C:\Users\Clément\Desktop\locked-la morale, le devoir, le bonheur.odt.xnfq
[2012/06/05 22:34:24 | 000,018,261 | ---- | M] () -- C:\Users\Clément\Desktop\locked-hamlet.odt.rnlb
[2012/06/05 22:32:56 | 011,710,788 | ---- | M] () -- C:\Users\Clément\Desktop\locked-Explosions in the Sky - With tired eyes, tired minds, tired .mp3.otqf
[2012/06/05 22:32:13 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/05 22:32:00 | 000,582,822 | ---- | M] () -- C:\Users\Clément\Desktop\locked-DSCN0259.JPG.ishz
[2012/06/05 22:29:03 | 000,004,836 | ---- | M] () -- C:\Users\Clément\Desktop\locked-CV1.odt.vpre
[2012/05/20 16:58:17 | 001,662,566 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/20 16:58:17 | 000,747,220 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/05/20 16:58:17 | 000,653,060 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/20 16:58:17 | 000,149,746 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/05/20 16:58:17 | 000,121,992 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/12 17:01:13 | 000,354,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/08 14:50:06 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/08 14:50:06 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/06/05 20:45:47 | 000,173,480 | ---- | C] () -- C:\Users\Clément\Desktop\libredetre copie.jpg
[2012/06/04 21:55:02 | 000,152,925 | ---- | C] () -- C:\Users\Clément\Desktop\locked-numérisation0003.jpg.ndjt
[2012/06/04 20:14:43 | 735,453,184 | ---- | C] () -- C:\Users\Clément\Desktop\locked-La.Ligne.Verte.avi.mlvp
[2012/06/02 14:09:19 | 000,054,289 | ---- | C] () -- C:\Users\Clément\Desktop\numérisation0001.jpg
[2012/05/31 23:02:49 | 000,025,879 | ---- | C] () -- C:\Users\Clément\Desktop\locked-Le curé de Cucugnand.odt.lnri
[2012/05/27 19:04:17 | 000,004,836 | ---- | C] () -- C:\Users\Clément\Desktop\locked-CV1.odt.vpre
[2012/05/23 17:45:10 | 011,710,788 | ---- | C] () -- C:\Users\Clément\Desktop\locked-Explosions in the Sky - With tired eyes, tired minds, tired .mp3.otqf
[2012/05/20 22:57:38 | 001,505,520 | ---- | C] () -- C:\Users\Clément\Desktop\locked-passeport.pdf.rish
[2012/05/20 15:36:05 | 000,019,193 | ---- | C] () -- C:\Users\Clément\Desktop\locked-Sans nom 1.odt.rish
[2012/05/20 02:41:28 | 008,544,789 | ---- | C] () -- C:\Users\Clément\Desktop\locked-Mozart - Requiem.mp3.ywyp
[2012/05/17 18:07:41 | 006,220,100 | ---- | C] () -- C:\Users\Clément\Desktop\locked-Metallica - Nothing Else Matters.mp3.fkcm
[2012/05/17 17:39:35 | 000,024,197 | ---- | C] () -- C:\Users\Clément\Desktop\locked-la morale, le devoir, le bonheur.odt.xnfq
[2012/05/14 22:55:26 | 000,291,706 | ---- | C] () -- C:\Users\Clément\Desktop\locked-Le vote 2.jpg.reua
[2012/05/09 23:50:09 | 000,018,261 | ---- | C] () -- C:\Users\Clément\Desktop\locked-hamlet.odt.rnlb
[2012/05/08 14:50:07 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/10/24 22:38:30 | 000,372,736 | ---- | C] () -- C:\Windows\Mss32.dll
[2011/10/24 21:44:37 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/09/18 13:57:40 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2011/09/18 13:57:40 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2011/09/18 13:57:40 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2011/09/18 13:57:40 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2011/09/18 13:57:40 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2011/09/18 13:57:40 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2011/07/28 22:21:43 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/07/04 18:52:18 | 001,645,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/18 07:24:32 | 000,000,000 | ---- | C] () -- C:\Users\Clément\AppData\Local\{07F1D542-00F8-4026-BAE7-A0B6FB51A0EE}
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/25 14:29:19 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/12/12 18:34:14 | 000,220,478 | ---- | C] () -- C:\Windows\hpoins40.dat.temp
[2010/12/01 23:12:39 | 000,000,992 | ---- | C] () -- C:\Windows\hpomdl40.dat.temp
[2010/12/01 22:14:52 | 000,220,240 | ---- | C] () -- C:\Windows\hpoins40.dat
[2010/08/27 18:57:22 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/27 18:57:22 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/27 18:57:22 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2010/08/27 18:57:22 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/27 18:57:01 | 000,001,549 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/08/27 09:41:51 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/08/27 09:26:42 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/08/27 09:26:42 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini

========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/11/28 02:43:46 | 000,000,000 | -HSD | M] -- C:\Users\Clément\AppData\Roaming\.#
[2012/06/05 22:27:27 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Adobe
[2011/12/15 19:37:17 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Avira
[2012/06/05 22:27:28 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Babylon
[2012/06/05 22:27:28 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\DAEMON Tools Lite
[2011/12/09 23:28:06 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\GetRightToGo
[2010/11/26 20:48:57 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Google
[2010/12/12 18:49:16 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\HP
[2011/08/01 03:04:44 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\HP SimpleSave Application
[2010/11/26 20:38:43 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Identities
[2011/09/18 13:53:10 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\InstallShield
[2011/01/10 22:02:22 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Kodak
[2010/11/26 20:50:04 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Macromedia
[2010/05/11 07:21:55 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Media Center Programs
[2011/11/29 20:02:08 | 000,000,000 | --SD | M] -- C:\Users\Clément\AppData\Roaming\Microsoft
[2012/04/25 22:01:51 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\NCH Software
[2012/06/05 22:27:46 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Nero
[2012/06/05 22:27:47 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\OfferBox
[2010/11/27 23:30:58 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\OpenOffice.org
[2012/06/05 22:19:38 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Reua
[2011/07/28 22:25:33 | 000,000,000 | RH-D | M] -- C:\Users\Clément\AppData\Roaming\SecuROM
[2012/06/05 22:27:57 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Skype
[2011/06/25 16:18:41 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Sony
[2011/08/02 06:21:36 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\The Creative Assembly
[2012/06/05 22:28:00 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Tific
[2011/09/19 11:15:16 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Ulead Systems
[2011/07/10 18:36:58 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\Windows Live Writer
[2011/07/03 23:35:50 | 000,000,000 | ---D | M] -- C:\Users\Clément\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2012/06/05 22:19:38 | 000,054,272 | -H-- | M] () -- C:\Users\Clément\AppData\Roaming\Reua\5BE216C8AC90A45A6BF1.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\syswow64\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\syswow64\drivers\*.sys /lockedfiles >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >
"Debug" =
"" = mnmsrvc
"Kmode" = \SystemRoot\System32\win32k.sys
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/31 19:19:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/31 19:19:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/31 19:19:58 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/05/31 19:19:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/05/31 19:19:59 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/31 19:19:55 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/31 19:19:55 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/31 19:19:55 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/05/31 19:19:59 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/05/31 19:19:59 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >
m
0
l
6 Juin 2012 18:50:57

Rapport Extras:

OTL Extras logfile created on: 05/06/2012 23:19:33 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Users\Clément\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,93 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 58,09% Memory free
5,86 Gb Paging File | 4,49 Gb Available in Paging File | 76,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 583,38 Gb Total Space | 185,22 Gb Free Space | 31,75% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CLÉMENT-PC | User Name: Clément | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0065F4F4-63F0-4BDC-80D8-6F709158ED63}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A5A986F-B156-4956-876B-F8E236018FE7}" = lport=139 | protocol=6 | dir=in | app=system |
"{1D4FC979-ACCE-4995-B3FD-2DCE2D795E5A}" = rport=137 | protocol=17 | dir=out | app=system |
"{22D12907-A75C-4304-9DCC-414DF1B30FA2}" = lport=138 | protocol=17 | dir=in | app=system |
"{2F388253-E643-4275-AC5D-6E880174297F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D36C7A1-208C-49ED-A80E-1EEEEB7497D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4DF14079-0EF8-4F25-B2D8-FEE75A364134}" = lport=137 | protocol=17 | dir=in | app=system |
"{5180BABA-E330-4A5D-9B6F-F49D5A2B720E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{599D5CDC-D81A-4456-A77A-F1D922003D21}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6AFBE9E6-44C6-4B8E-9A16-D2F54844C692}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BB40576-DD38-4A99-84CE-C5F911E5AC7C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{886C3565-61AD-448C-8B39-C017DFA9727C}" = rport=139 | protocol=6 | dir=out | app=system |
"{94F46C70-C3B3-4125-BF38-3CEF097B5B2B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{98123E44-3749-4F32-A9BA-3F373C7FF711}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A2901AB3-F476-435F-BD0D-2DEFE77A6293}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B31B70F3-58C2-4CA0-A110-6EBB3A3F30D3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B3ADCD00-805B-4A58-BC93-C99E98525F7D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C91DDFA1-53E7-4A82-A19A-5DF0F9B9134E}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{CB198ECC-7A15-4A8A-AAB3-34C19E9A9F94}" = rport=138 | protocol=17 | dir=out | app=system |
"{CC8B5C93-F960-4789-A3B0-21C7A3751637}" = rport=445 | protocol=6 | dir=out | app=system |
"{CE894069-88DB-44A1-921A-4FC176781B92}" = lport=445 | protocol=6 | dir=in | app=system |
"{CEE768FD-9D9F-4B33-8D7B-3707B7BF8B2F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D55C2BC4-4860-48D1-B721-D965A573578D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E563B776-B968-446E-8FD7-BD899B43B84C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E8393F1C-45ED-4C54-87D7-FF02DEADF7F9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EEC15FE8-E69F-4DF9-AA0F-BDD3A9851ED8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{EED2EE1C-CB38-44D3-8632-7CB0122F24E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8261543-CBD7-43E5-AB76-7BEE3A213771}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FA96A310-33C1-4413-8A2C-E3980639C372}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03EC2F5D-F72C-4CFE-B1DD-7845B2E78DD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0928C40E-D8F6-4805-AB85-417A5EC442D3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{0BDA02A1-E96E-4DEB-8485-C0671085FEE2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{145D4291-975C-4119-862C-79E9D58C691F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{198E66F2-EC8A-476B-BB08-472654013BF6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{1A84637C-59BB-42C6-A68A-42040AEA500B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2327569D-64B6-4BD6-B200-1949C8DC25AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2440F637-48C0-4124-B7D7-063AE8A6C82B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{282EB982-6BB6-454F-B11A-88D28CE441A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2C27BAF3-2D1D-4E62-B01B-70D55983F894}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{316DE7E4-7C48-4CC9-9CD6-BD3CAA16E732}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{44901203-8BEE-46E3-8DA8-4CFD0FAA78EB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{46009B66-C108-416E-9F8B-CE982DE7ACD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{46203501-D44B-4D88-8B92-B713E1C31303}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{57D6B537-FA5D-4378-8857-3D9305147473}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{58F916BE-B0AE-4158-9CF3-DB992EA25F92}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5C8F85DB-A271-4CE1-A51A-E11285177126}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\la bataille pour la terre du milieu ii\game.dat |
"{5DFA94AA-DA9E-4627-859C-D8D9BD346338}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5F158457-AE97-423D-BE65-ADFC59B61727}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{666C4802-19BE-4054-9F75-0156CDA3783A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{766B3F52-8BD9-4E1B-9B38-DAAE83644A03}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{8257A782-9195-403E-9577-333EF0C87247}" = protocol=6 | dir=out | app=system |
"{838AFB40-3D92-4EEC-9819-A059D251EE09}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{87103269-F9AB-41C6-B354-33785AEAF78E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{87F93EA0-93CF-465C-A8C3-E72A4FD926C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89042255-5921-4F86-8A60-77702E69D987}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{8A86269D-7949-490F-9D27-2BD4D672B1E6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{8F7522A4-8FDE-48AF-92E9-44C67ACD830C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\la bataille pour la terre du milieu ii\game.dat |
"{950FBB0B-9101-49B2-93C3-CE00369649E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B7C7CBF-C4BD-4582-B00D-C24EED1AE15C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{9BEA0716-CDDA-4C25-9DAC-8AA875AA55A5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B4821007-5337-49EA-8C39-005EEF6884C3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{B6A4287B-2645-478D-AC52-717A5C3108E2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{9fef1a18-8f26-4f49-a5a4-956c12210624}\setup\hpznui40.exe |
"{BA0AC7C0-7AE2-445A-A66D-87A26419C08C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{BBFE0A5F-8FF9-4E5A-B995-EC7C19C4A03B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{C0F15C9B-041A-434D-97D4-2A99DA9D56AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C1344DA4-D3B8-4984-9641-E916CED4A14F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{CF6C5EC8-B218-4374-8C93-31ECF062DC76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D05C84B2-F07E-4771-9370-6FDEF66EDADA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{D6167EA1-2881-4E57-A788-D24FBDC86102}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB53C237-B044-44BA-AAE1-DFE98008AB15}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{EA6A39BE-9ECE-4688-AE46-D42023559CA9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{F64ED3E0-8F23-4D59-A0A3-5668E5AFE886}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{461969D7-97E1-40AD-A444-79D94692C383}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"TCP Query User{7D5B15FB-238E-4DE5-87C8-879CEE122313}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{91FA57E8-4703-40A4-B793-00BE8B86DF54}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"TCP Query User{9DB1E4D9-ED3A-4B66-BF01-2DC6FE8D9F6B}C:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aom.exe |
"TCP Query User{B3AFF8AE-E7A9-4104-A29E-FB7F95BEB687}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"TCP Query User{F5477056-FA29-4673-B1D2-9253E199E68D}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"TCP Query User{FF75BC88-9836-416D-949B-5BFFF952C4CF}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"UDP Query User{3910D415-5306-466C-BCF9-13959598BAD9}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"UDP Query User{3C1C854F-182F-4BD8-BF95-065FC2D6942F}C:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aom.exe |
"UDP Query User{4EF7AC3A-7DE9-41B7-9F5B-AC380E8BC9CD}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"UDP Query User{AA148020-E924-43C6-88CD-9D03F2952337}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"UDP Query User{B4307267-80D7-48CA-B756-4A01DBD7BF87}C:\program files (x86)\microsoft games\age of empires iii\age3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |
"UDP Query User{CE1FB88B-384E-4A5A-A9A6-4F0FEB3A6569}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\betatest\retailclient\swtor.exe |
"UDP Query User{E3C86A6E-22D9-4883-9FF9-8392CEE8A151}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{307C0B73-3CCD-37A7-AE65-AD296CC28ECB}" = Microsoft Help Viewer 1.0 Language Pack - FRA
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A39AE3AE-9808-39D2-AB7B-FF5F0335095E}" = Microsoft .NET Framework 4 Extended FRA Language Pack
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F48F43AA-721D-335F-9CA2-01D910104560}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - FRA
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Package de pilotes Windows - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Extended FRA
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - FRA" = Module linguistique de la visionneuse d'aide Microsoft 1.0 - FRA
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{110B005F-DB64-46B2-B0C9-4B6D3AB57B10}" = Microsoft Silverlight 4 SDK - Français
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{266517E6-D866-439D-919C-B8B1A52E6080}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{558358E5-E4F3-4374-BA1D-26FF39EF87D9}" = Microsoft Silverlight Tools for Visual Studio 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6da4586a-ab6f-444c-857a-981cb088e42e}" = Nero 9 Essentials
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76810709-A7D3-468D-9167-A1780C1E766C}" = Windows Live FolderShare
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A5909B3-8CF3-4E06-92A8-F3CB7C97EF20}" = Application du bouton Share KODAK
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC48747D-095F-4CF6-B54E-37D4F4738A15}_is1" = Gestionnaire de Connexion SFR 3.1
"Adobe AIR" = Adobe AIR
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cossacks 2 - Battle for Europe" = Cossacks 2 - Battle for Europe
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"LManager" = Launch Manager
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Welcome Center" = Welcome Center
"PackardBell Screensaver" = PackardBell ScreenSaver
"Prism" = Prism - Convertisseur de fichiers vidéo
"SFR_Kit" = SFR - Kit de connexion
"WinLiveSuite" = Windows Live

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4131545949-3960640990-928011974-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-Aion" = Aion (North America)

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

m
0
l
a b 8 Sécurité
7 Juin 2012 13:22:54

Re,

Désinstalle si possible :
Ask Toolbar

  • Relance OTL.exe
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
    /!\ Attention, utilisateur d'Avast!, ne lancez pas OTL en mode sandbox /!\
  • Copie-colle l'ensemble du texte ci-dessous dans le cadre Personnalisation d'OTL en bas à gauche :

    :OTL
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111789&babsrc=SP_ss&mntrId=ac90a45a00000000000070f1a1e7d857
    O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-4131545949-3960640990-928011974-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-4131545949-3960640990-928011974-1001..\Run: [PlayNC Launcher] File not found
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O33 - MountPoints2\{e7198d80-bbab-11e0-8873-206a8a13a59c}\Shell - "" = AutoRun
    O33 - MountPoints2\{e7198d80-bbab-11e0-8873-206a8a13a59c}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
    [2012/06/05 19:54:14 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{6586CF97-3E9F-4381-8221-ACE01BF87E50}
    [2012/06/05 19:53:43 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{5698497A-F345-402B-8FA5-1564DD4FFA01}
    [2012/06/04 20:26:29 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{79514C06-F339-47E3-8C98-4E198E3F2C15}
    [2012/06/04 20:25:56 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{17528A4E-B5E7-4BBB-BA48-8EC63D6AC1B9}
    [2012/06/03 19:22:14 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{F22E8267-EDE2-4FCB-B893-80CB9CD36D79}
    [2012/06/03 19:21:43 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{1C495023-03E4-4183-8A7B-9FC974F586F1}
    [2012/06/02 23:29:55 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{0EB6018B-8E94-41D1-A8E0-773DAB748E2B}
    [2012/06/02 23:29:24 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{FCCAF303-5E01-4418-8E68-58439F00E07D}
    [2012/06/01 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{19FFF108-51C5-44B6-871E-AB49F25FB5E8}
    [2012/06/01 17:35:26 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{C0EB05E3-02CE-46EE-BCA9-0D0314D2E4D4}
    [2012/05/31 19:14:19 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{FEE18931-D571-4098-8813-12466B206717}
    [2012/05/31 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{46E48CA3-699B-47C2-800A-4A3741EDF60F}
    [2012/05/30 18:15:37 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{99B5FD85-4434-453A-ACA1-89C48E1D2B68}
    [2012/05/30 18:15:06 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{FCA41BF7-8794-444E-A1E9-04E3972CC1E3}
    [2012/05/29 20:41:22 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{B31AD043-B317-47C6-B81F-317A455231A6}
    [2012/05/29 20:40:51 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{E046F6A6-D7B8-4266-981E-8BA6EB3F9BBA}
    [2012/05/28 22:38:05 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{A835FD19-F72B-44B4-9276-180018ED8DE8}
    [2012/05/28 22:37:34 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{51BA0376-AA6F-4D18-A8FF-2FDC80C4C907}
    [2012/05/28 10:36:49 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{331867DC-AAB2-43EE-88C1-AD23DA143AF8}
    [2012/05/28 10:36:18 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{3B1DB19E-07D2-4BE2-8322-DECF2ACA3816}
    [2012/05/27 17:12:53 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{077F2D11-AD66-4362-8C9D-7623F84EE785}
    [2012/05/27 17:12:22 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{2C97694A-14E9-479F-88A7-76B638E4931E}
    [2012/05/26 17:14:59 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{611D7257-EA77-478A-B7DD-FFCAC699FBFE}
    [2012/05/26 17:14:27 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{7AC46CBF-9C07-426D-AACE-0C288A7CD63E}
    [2012/05/25 18:42:42 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{38F3F96B-8B1B-4D27-B7AD-80D02CA7368F}
    [2012/05/25 18:42:11 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{5BD5D37B-33CC-4269-9ABE-8860D50D17D6}
    [2012/05/23 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{B0B55413-5AF4-42A5-A0DE-CBEA8B70BE99}
    [2012/05/23 19:40:21 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{C9A88340-5819-4584-A331-3ED8C51230DB}
    [2012/05/22 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{D3262044-3358-464F-BFCF-402BC81AB7B6}
    [2012/05/22 21:00:41 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{012DE1FC-8E12-4E9F-B681-8A63544CAB2B}
    [2012/05/21 18:38:56 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{71ABE0AA-04D8-4631-B395-A7FFF08C3598}
    [2012/05/21 18:38:25 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{E5F3D6BA-D274-489B-B2CF-899FEC628819}
    [2012/05/20 22:53:23 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{F2795F8C-B58C-400E-82DF-837451B3E7D1}
    [2012/05/20 22:52:52 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{4C094102-792B-4D23-A5E2-9B4712AD9CBF}
    [2012/05/20 10:52:07 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{07D5AA9B-433A-4160-AF23-886E639BCADB}
    [2012/05/20 10:51:36 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{167EC9EC-E010-4D9E-8AE2-4FC4D0645B96}
    [2012/05/19 18:00:32 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{E598AFA9-FB48-4545-BBD3-35294299C408}
    [2012/05/19 18:00:02 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{6BB5799C-2B99-4B63-A1BF-58E9187659DE}
    [2012/05/18 18:11:51 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{2F8FA667-1A28-4384-8F6B-8E2FA775C497}
    [2012/05/16 21:38:37 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{8D831DF4-782A-470C-BC2D-1E2FB274B468}
    [2012/05/16 21:38:06 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{D3886A59-4490-4CEF-BB7C-5C93779AD41E}
    [2012/05/14 19:57:48 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{C6511E51-96A8-419D-A7E5-96896D581C3F}
    [2012/05/14 19:57:17 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{63B33771-F99C-4AE3-8A36-FD12E138456F}
    [2012/05/13 17:25:56 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{D80AC46C-A808-41C5-8692-142E26C15782}
    [2012/05/13 17:25:25 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{147AD449-AB99-4141-8BE5-FF01EBED585C}
    [2012/05/12 20:26:51 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{FE47ACF9-1CC2-4F06-847B-2C89E6165A68}
    [2012/05/12 20:26:20 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{3F5FE85E-162D-420A-82BC-05CB624D7E41}
    [2012/05/12 08:25:16 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{EC93D761-E967-4B8F-B97C-10E40C9545AF}
    [2012/05/12 08:24:45 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{AF4990D7-417D-40BE-8B6F-97F46738E8E9}
    [2012/05/11 19:33:46 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{FBF88C25-E6C6-4086-9DB1-61CFBF0973C1}
    [2012/05/11 19:33:13 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{6F5B91BC-5F03-47D7-9CF5-45275D387AE6}
    [2012/05/10 18:54:34 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{BA0A44A0-18DE-484C-9681-F99C247A1C00}
    [2012/05/10 18:54:03 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{F415A629-1830-4CB0-9CE9-27D969A758A5}
    [2012/05/08 22:44:16 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{581E15FA-4095-472D-961D-F4DDAA94CE7C}
    [2012/05/08 22:43:45 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{A6ED9EB6-8A7F-4255-BDE7-58DC4430896A}
    [2012/05/07 19:47:58 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{2ED8B93A-F734-42ED-BD95-C4EAF20D0DCD}
    [2012/05/07 19:47:27 | 000,000,000 | ---D | C] -- C:\Users\Clément\AppData\Local\{AC10E941-35D5-485A-8C75-7E8A14DFB3A4}
    [2012/06/05 22:54:03 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/05 22:54:03 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" =-

    :Files
    C:\Program Files (x86)\Ask.com

    :Commands
    [emptytemp]

  • Puis clique sur le bouton Correction en haut à gauche.
  • Le pc va redémarrer (si ce n'est pas le cas, fais-le manuellement).
  • Poste le rapport de suppression s'il apparait.

  • Note : le rapport est enregistré sous format .log, il convient de changer cette extension en .txt si tu veux le déposer sur des sites en ligne. S'il n'apparait pas, il se trouve ici : C:\_OTL, sous la forme xxxxxxxx_xxxx.log où x sont la date et l'heure.
    /!\ Ce script est exclusivement réservé à l'utilisateur actuel du sujet, vous ne devez en aucun cas l'utiliser de votre propre chef sur un autre pc, sous risque d'endommager le système /!\

    &

    • Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
      Une fois l'installation et la mise à jour effectuées :
    • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
    • Afin de lancer la recherche, clic sur"Rechercher".
    • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
      - Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
      -- Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection".
    • Enregistre le rapport sur ton Bureau.
    • Poste ce rapport.

  • REMARQUE: Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
    m
    0
    l
    7 Juin 2012 18:38:28

    Je n'arrive pas à télécharger mbam-setup... Avez-vous un autre lien??
    m
    0
    l
    a b 8 Sécurité
    9 Juin 2012 16:40:43

    Désolé du retard, ton topic n'est pas remonté :/  tu es encore là ?
    m
    0
    l
    9 Juin 2012 17:13:05

    Oui j'attendais ta réponse :) 
    m
    0
    l
    a b 8 Sécurité
    10 Juin 2012 13:31:29

    Tu as un fichier locked dans sa version saine ? afin de procéder au décryptage comme suit :

    • Télécharge RannohDecryptor.exe (de Kaspersky) et enregistre-le sur ton Bureau.
    • Exécute RannohDecryptor.exe par clic-droit -> Exécuter en tant qu'administrateur.
    • Sélectionne tous les lecteurs à analyser dans Change parameters et valide par OK.
    • Clique sur Start scan.

    • L'utilitaire va chercher les fichiers cryptés, il faudra lui indiquer le chemin d'un fichier non crypté quand demandé.
    • L'outil va, par comparaison entre les 2 fichiers, identifier le mode de cryptage et pouvoir ainsi appliquer le décryptage correspondant à tous tes fichiers locked.
    • Un rapport RannohDecryptor.Version_Date_Time_log.txt est enregistré sous C:\.
    • Poste le rapport dans ta prochaine réponse ou héberge-le sur pjjoint.fr s'il est trop long et indique le lien.

    • Après vérification des fichiers, tu peux supprimer les copies de fichiers cryptés avec le nom locked si le décryptage a réussi, avec l'option Delete crypted files after decryption dans Change parameters -> Additional options
    m
    0
    l
    10 Juin 2012 15:43:56

    Je suis en train de scanner avec 2 fichiers comme tu m'as dit.
    Si je supprime les copies de fichiers cryptés, ça ne va pas supprimer mes fichiers d'origine?
    m
    0
    l
    a b 8 Sécurité
    10 Juin 2012 16:20:50

    Non juste les fichiers locked, mais je te conseille de vérifier que le décryptage ait bien fonctionné avant de faire ça.
    Car après plus de retour arrière possible.
    m
    0
    l
    10 Juin 2012 16:41:03

    Je ne saisis pas bien: si je supprime les fichiers "locked" ça ne supprimera pas le fichier d'origine que le virus bloque en ce moment?
    Le scan que je suis en train de faire, quel est son rôle précisémment...?
    m
    0
    l
    a b 8 Sécurité
    11 Juin 2012 00:25:58

    Le virus n'est plus là, donc il ne relockera plus les fichiers.
    RannohDecryptor.exe permet en comparant un fichier sain et sa version locked de décrypter un maximum de fichiers.
    Une fois le décryptage terminé, vérifie que les fichiers fonctionne. Tu peux ensuite supprimer les locked.
    m
    0
    l
    11 Juin 2012 11:28:01

    Merci c'est àmoitié efficace mais ça l'est quand même! Je vois une partie de mes fichiers décryptés, l'autre moitié reste bloquée... tu crois que si je refais un décryptage ça me dévérouillera la suite?
    Comment t'envoyer le rapport?
    Merci :) 
    m
    0
    l
    11 Juin 2012 11:32:42

    Je t'ai dit des bêties, je viens de m'aperçevoir que les fichiers sont décryptés et que les locked restent quand même ! C'est super merci BEAUCOUP pour ton aide...! comment je fais pour supprimer les locked sans relancer un scan? :) 
    MERCI encore de ton aide
    m
    0
    l
    a b 8 Sécurité
    11 Juin 2012 12:30:40

    Citation :
    Après vérification des fichiers, tu peux supprimer les copies de fichiers cryptés avec le nom locked si le décryptage a réussi, avec l'option Delete crypted files after decryption dans Change parameters -> Additional options

    On n'a pas terminé, si tu ne veux pas que ça revienne demain.

    • Télécharge SX Check&Update (de igor 51) sur ton Bureau.
      /!\ Désactive ton anti-virus et ferme toutes applications en cours /!\
      (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

    • Double-clique sur SXC&U.exe situé sur ton Bureau pour le lancer.
    • Au menu principal, clique sur le bouton Update Flash et installe la nouvelle version Flash Player pour tous les navigateurs.
    • Ensuite, clique sur le bouton Update Java et Adobe Reader pour installer la dernière version proposée.
      /!\ Lors des installations, pense à décocher les cases d'installation pour des toolbars et autres /!\
    • Au menu principal, choisis l'option Rapport.
    • Poste le rapport qui s'affiche à ton écran.


  • &

    On va s'occuper de supprimer les logiciels de désinfection maintenant :
    • Sur cette page DelFix (de Xplode) , clique sur bouton de téléchargement et enregistre le fichier sur ton Bureau.
    • Lance le programme puis clique sur Suppression puis poste le rapport.

  • Pour ne plus avoir ce genre de problème, il est capital de respecter les règles du dossier Prévention & Protection.
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS