A virus is blocking my access to everything...

toxic512008 Posted messages 158 Status Member -  
toxic512008 Posted messages 158 Status Member -
Hello, (Comeback on how it works after a few years of being inactive)

Here I am because I caught a big PC virus.. The symptoms:

- Control panel inaccessible (Blank page with no options)
- Right-click is blocked
- Everything has turned into English, and options are missing, such as the recycle bin is now called Recycle Bin
- The hard drive has no name
- Folders are in English
- Unable to: Move, delete, extract a file
- Internet has nothing on that side
- I can open programs, view them but nothing else
- The search bar in start is blocked (Oh yes, otherwise I would have fixed the problem..)
- In start / accessories => everything is in English (calculator, etc)
- In start HELP AND SUPPORT has been blocked
- Unable to restore the PC to a previous version, I did it once, everything returned to normal then 1-2 days later it came back with the same symptoms....
- Formatting blocked
- Right-click as well as properties have been blocked
- Games, installed programs have no problem opening.

=> The PC starts up fine.
=> I can boot in safe mode + network support if needed

I am on Internet Explorer, Win7. Thank you for your future responses which could help me to remove this virus that I have been searching for a solution for 2-3 months.

16 answers

  1. g3n-h@ckm@n
     
    Hello

    If your antivirus has a sandbox, disable it

    Disable your antivirus
    Disable Windows Defender if present
    Disable your firewall

    Close all your running applications

    Download and save this on your desktop:

    Pre_Scan

    If the link doesn't work:

    http://www.archive-host.com

    If it’s not on your desktop, cut it from your downloads folder and paste it on your desktop

    Warning: The desktop will be shut down during the scan --> don’t panic.

    Once downloaded, run it, let the scan proceed until you see "Pre_scan.txt" on the desktop.

    If the tool is blocked by the infection, use this version: Version .pif

    If the tool detects a proxy and you haven't installed one, click on "remove the proxy"

    If the tool seems not to have worked, rename it to winlogon, or change its extension to .com or .scr

    It may cause a multitude of black windows to flash, let it work

    Post Pre_Scan_the_date_and_time.txt that will appear on the desktop at the end of the scan

    ▶▶▶ DO NOT POST IT ON THE FORUM (it is too long)

    Click on this link: http://www.cijoint.fr/

    ▶ Click on Browse and find the file above.

    ▶ Click Open.

    ▶ Click on "Click here to upload the file".

    A link of this form:

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    will be added to the page.

    ▶ Copy this link in your reply.

    If your desktop doesn't reappear => ctrl+alt+del, task manager => file tab => new task then type explorer
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      Aie aie aie !! I did everything by the book but I forgot to mention that everything related to: Save As, Browse, etc. is formally blocked for me..... But otherwise I have the text document.
      0
  2. g3n-h@ckm@n
     
    ok well join it as requested
    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      I just said that it's impossible for me to reach him because of the virus itself....
      0
  3. g3n-h@ckm@n
     
    ▶ Download Reload_TDSSKiller

    ▶ Run the

    choose: start the cleaning

    the tool will automatically download the latest version and then

    TDSSKiller will open, click on "Start Scan"

    If TDSS.tdl2 is detected, the delete option will be checked by default.
    If TDSS.tdl3 is detected, make sure that Cure is checked.
    If TDSS.tdl4 (\HardDisk0\MBR) is detected, make sure that Cure is checked.
    If Suspicious file is indicated, leave the option checked on Skip
    If Rootkit.Win32.ZAccess.* is detected, set to "cure" at the top, and "delete" at the bottom

    once it has finished, restart if prompted to complete the cleaning

    otherwise, close tdssKiller and the report will appear on the desktop

    ▶ Copy/Paste its content into your next reply.

    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_development_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      ```html 18:36:39.0203 6020 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
      18:36:39.0383 6020 ============================================================
      18:36:39.0383 6020 Current date / time: 2011/10/09 18:36:39.0383
      18:36:39.0383 6020 SystemInfo:
      18:36:39.0383 6020
      18:36:39.0383 6020 OS Version: 6.1.7601 ServicePack: 1.0
      18:36:39.0383 6020 Product type: Workstation
      18:36:39.0383 6020 ComputerName: RORO-PC
      18:36:39.0383 6020 UserName: roro
      18:36:39.0383 6020 Windows directory: C:\Windows
      18:36:39.0383 6020 System windows directory: C:\Windows
      18:36:39.0383 6020 Processor architecture: Intel x86
      18:36:39.0383 6020 Number of processors: 2
      18:36:39.0383 6020 Page size: 0x1000
      18:36:39.0383 6020 Boot type: Normal boot
      18:36:39.0383 6020 ============================================================
      18:36:40.0815 6020 Initialize success
      18:36:45.0977 0196 ============================================================
      18:36:45.0977 0196 Scan started
      18:36:45.0977 0196 Mode: Manual;
      18:36:45.0977 0196 ============================================================
      18:36:46.0307 0196 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
      18:36:46.0307 0196 1394ohci - ok
      18:36:46.0337 0196 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
      18:36:46.0347 0196 ACPI - ok
      18:36:46.0377 0196 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
      18:36:46.0377 0196 AcpiPmi - ok
      18:36:46.0457 0196 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
      18:36:46.0457 0196 adp94xx - ok
      18:36:46.0487 0196 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
      18:36:46.0487 0196 adpahci - ok
      18:36:46.0507 0196 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
      18:36:46.0507 0196 adpu320 - ok
      18:36:46.0567 0196 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
      18:36:46.0577 0196 AFD - ok
      18:36:46.0597 0196 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
      18:36:46.0607 0196 agp440 - ok
      18:36:46.0627 0196 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
      18:36:46.0627 0196 aic78xx - ok
      18:36:46.0687 0196 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
      18:36:46.0687 0196 aliide - ok
      18:36:46.0717 0196 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
      18:36:46.0727 0196 amdagp - ok
      18:36:46.0747 0196 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
      18:36:46.0757 0196 amdide - ok
      18:36:46.0797 0196 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
      18:36:46.0797 0196 AmdK8 - ok
      18:36:46.0807 0196 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
      18:36:46.0817 0196 AmdPPM - ok
      18:36:46.0847 0196 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
      18:36:46.0847 0196 amdsata - ok
      18:36:46.0857 0196 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
      18:36:46.0867 0196 amdsbs - ok
      18:36:46.0877 0196 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
      18:36:46.0887 0196 amdxata - ok
      18:36:46.0937 0196 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
      18:36:46.0937 0196 AppID - ok
      18:36:46.0977 0196 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
      18:36:46.0977 0196 arc - ok
      18:36:46.0987 0196 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
      18:36:46.0987 0196 arcsas - ok
      18:36:47.0077 0196 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
      18:36:47.0087 0196 AsyncMac - ok
      18:36:47.0097 0196 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
      18:36:47.0097 0196 atapi - ok
      18:36:47.0137 0196 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
      18:36:47.0147 0196 b06bdrv - ok
      18:36:47.0187 0196 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
      18:36:47.0197 0196 b57nd60x - ok
      18:36:47.0217 0196 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
      18:36:47.0217 0196 Beep - ok
      18:36:47.0247 0196 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
      18:36:47.0247 0196 blbdrive - ok
      18:36:47.0307 0196 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
      18:36:47.0307 0196 bowser - ok
      18:36:47.0317 0196 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
      18:36:47.0317 0196 BrFiltLo - ok
      18:36:47.0327 0196 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
      18:36:47.0327 0196 BrFiltUp - ok
      18:36:47.0367 0196 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
      18:36:47.0367 0196 Brserid - ok
      18:36:47.0377 0196 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
      18:36:47.0377 0196 BrSerWdm - ok
      18:36:47.0387 0196 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
      18:36:47.0387 0196 BrUsbMdm - ok
      18:36:47.0397 0196 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
      18:36:47.0407 0196 BrUsbSer - ok
      18:36:47.0447 0196 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
      18:36:47.0447 0196 BthEnum - ok
      18:36:47.0457 0196 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
      18:36:47.0457 0196 BTHMODEM - ok
      18:36:47.0487 0196 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
      18:36:47.0487 0196 BthPan - ok
      18:36:47.0507 0196 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
      18:36:47.0517 0196 BTHPORT - ok
      18:36:47.0557 0196 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
      18:36:47.0567 0196 BTHUSB - ok
      18:36:47.0587 0196 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
      18:36:47.0587 0196 cdfs - ok
      18:36:47.0617 0196 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
      18:36:47.0617 0196 cdrom - ok
      18:36:47.0647 0196 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
      18:36:47.0647 0196 circlass - ok
      18:36:47.0697 0196 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
      18:36:47.0707 0196 CLFS - ok
      18:36:47.0737 0196 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
      18:36:47.0737 0196 CmBatt - ok
      18:36:47.0757 0196 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
      18:36:47.0757 0196 cmdide - ok
      18:36:47.0807 0196 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
      18:36:47.0807 0196 CNG - ok
      18:36:47.0827 0196 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
      18:36:47.0827 0196 Compbatt - ok
      18:36:47.0857 0196 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
      18:36:47.0857 0196 CompositeBus - ok
      18:36:47.0917 0196 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
      18:36:47.0917 0196 crcdisk - ok
      18:36:47.0977 0196 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
      18:36:47.0977 0196 DfsC - ok
      18:36:48.0007 0196 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
      18:36:48.0007 0196 discache - ok
      18:36:48.0037 0196 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
      18:36:48.0047 0196 Disk - ok
      18:36:48.0087 0196 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
      18:36:48.0087 0196 drmkaud - ok
      18:36:48.0127 0196 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
      18:36:48.0137 0196 DXGKrnl - ok
      18:36:48.0197 0196 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
      18:36:48.0237 0196 ebdrv - ok
      18:36:48.0277 0196 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
      18:36:48.0287 0196 elxstor - ok
      18:36:48.0317 0196 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
      18:36:48.0317 0196 ErrDev - ok
      18:36:48.0347 0196 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
      18:36:48.0347 0196 exfat - ok
      18:36:48.0367 0196 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
      18:36:48.0367 0196 fastfat - ok
      18:36:48.0397 0196 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
      18:36:48.0397 0196 fdc - ok
      18:36:48.0427 0196 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
      18:36:48.0427 0196 FileInfo - ok
      18:36:48.0447 0196 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
      18:36:48.0447 0196 Filetrace - ok
      18:36:48.0457 0196 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
      18:36:48.0467 0196 flpydisk - ok
      18:36:48.0487 0196 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
      18:36:48.0497 0196 FltMgr - ok
      18:36:48.0527 0196 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
      18:36:48.0527 0196 FsDepends - ok
      18:36:48.0537 0196 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
      18:36:48.0537 0196 Fs_Rec - ok
      18:36:48.0577 0196 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
      18:36:48.0577 0196 fvevol - ok
      18:36:48.0607 0196 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
      18:36:48.0607 0196 gagp30kx - ok
      18:36:48.0707 0196 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
      18:36:48.0707 0196 hamachi - ok
      18:36:48.0727 0196 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
      18:36:48.0727 0196 hcw85cir - ok
      18:36:48.0797 0196 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
      18:36:48.0807 0196 HdAudAddService - ok
      18:36:48.0837 0196 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
      18:36:48.0837 0196 HDAudBus - ok
      18:36:48.0847 0196 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
      18:36:48.0857 0196 HidBatt - ok
      18:36:48.0877 0196 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
      18:36:48.0877 0196 HidBth - ok
      18:36:48.0887 0196 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
      18:36:48.0897 0196 HidIr - ok
      18:36:48.0927 0196 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
      18:36:48.0927 0196 HidUsb - ok
      18:36:49.0167 0196 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
      18:36:49.0177 0196 HpSAMD - ok
      18:36:49.0207 0196 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
      18:36:49.0217 0196 HTTP - ok
      18:36:49.0247 0196 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
      18:36:49.0247 0196 hwpolicy - ok
      18:36:49.0277 0196 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
      18:36:49.0277 0196 i8042prt - ok
      18:36:49.0307 0196 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
      18:36:49.0307 0196 iaStorV - ok
      18:36:49.0357 0196 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
      18:36:49.0357 0196 iirsp - ok
      18:36:49.0457 0196 IntcAzAudAddService (354ba9b040908f5ae680087da76d730e) C:\Windows\system32\drivers\RTKVHDA.sys
      18:36:49.0507 0196 IntcAzAudAddService - ok
      18:36:49.0527 0196 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
      18:36:49.0527 0196 intelide - ok
      18:36:49.0557 0196 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
      18:36:49.0557 0196 intelppm - ok
      18:36:49.0577 0196 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
      18:36:49.0577 0196 IpFilterDriver - ok
      18:36:49.0607 0196 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
      18:36:49.0607 0196 IPMIDRV - ok
      18:36:49.0617 0196 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
      18:36:49.0627 0196 IPNAT - ok
      18:36:49.0647 0196 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
      18:36:49.0647 0196 IRENUM - ok
      18:36:49.0667 0196 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
      18:36:49.0667 0196 isapnp - ok
      18:36:49.0717 0196 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
      18:36:49.0717 0196 iScsiPrt - ok
      18:36:49.0747 0196 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
      18:36:49.0747 0196 kbdclass - ok
      18:36:49.0777 0196 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
      18:36:49.0777 0196 kbdhid - ok
      18:36:49.0807 0196 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
      18:36:49.0817 0196 KSecDD - ok
      18:36:49.0837 0196 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
      18:36:49.0847 0196 KSecPkg - ok
      18:36:49.0887 0196 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
      18:36:49.0887 0196 lltdio - ok
      18:36:49.0937 0196 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
      18:36:49.0937 0196 LSI_FC - ok
      18:36:49.0967 0196 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
      18:36:49.0967 0196 LSI_SAS - ok
      18:36:50.0007 0196 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
      18:36:50.0007 0196 LSI_SAS2 - ok
      18:36:50.0047 0196 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
      18:36:50.0057 0196 LSI_SCSI - ok
      18:36:50.0077 0196 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
      18:36:50.0077 0196 luafv - ok
      18:36:50.0087 0196 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
      18:36:50.0097 0196 megasas - ok
      18:36:50.0117 0196 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
      18:36:50.0127 0196 MegaSR - ok
      18:36:50.0167 0196 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
      18:36:50.0167 0196 Modem - ok
      18:36:50.0197 0196 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
      18:36:50.0197 0196 monitor - ok
      18:36:50.0227 0196 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
      18:36:50.0237 0196 mouclass - ok
      18:36:50.0257 0196 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
      18:36:50.0277 0196 mouhid - ok
      18:36:50.0297 0196 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
      18:36:50.0307 0196 mountmgr - ok
      18:36:50.0337 0196 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
      18:36:50.0337 0196 MpFilter - ok
      18:36:50.0387 0196 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
      18:36:50.0387 0196 mpio - ok
      18:36:50.0477 0196 MpKsl02f0b933 - ok
      18:36:50.0497 0196 MpKsl115ae623 - ok
      18:36:50.0497 0196 MpKsl22381659 - ok
      18:36:50.0557 0196 MpKsl2f9ad92b (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0F2C2487-9D6C-4271-8883-A467C85EA9E1}\MpKsl2f9ad92b.sys
      18:36:50.0557 0196 MpKsl2f9ad92b - ok
      18:36:50.0577 0196 MpKsl3c5a92fd - ok
      18:36:50.0587 0196 MpKsl47eed964 - ok
      18:36:50.0607 0196 MpKsl4f0a44f1 - ok
      18:36:50.0637 0196 MpKsl663bc230 - ok
      18:36:50.0647 0196 MpKsl6e906669 - ok
      18:36:50.0657 0196 MpKsl741cffd2 - ok
      18:36:50.0677 0196 MpKsl9109de62 - ok
      18:36:50.0687 0196 MpKsl9cc68799 - ok
      18:36:50.0697 0196 MpKsla2539cdc - ok
      18:36:50.0717 0196 MpKslc0780576 - ok
      18:36:50.0717 0196 MpKslc7c87ccb - ok
      18:36:50.0727 0196 MpKslc8db9c9f - ok
      18:36:50.0737 0196 MpKslcd1a7f4e - ok
      18:36:50.0757 0196 MpKsld5f77580 - ok
      18:36:50.0757 0196 MpKslede6597c - ok
      18:36:50.0767 0196 MpKsledff8fe5 - ok
      18:36:50.0787 0196 MpKslefb4a477 - ok
      18:36:50.0807 0196 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
      18:36:50.0807 0196 MpNWMon - ok
      18:36:50.0857 0196 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
      18:36:50.0857 0196 mpsdrv - ok
      18:36:50.0897 0196 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
      18:36:50.0897 0196 MRxDAV - ok
      18:36:50.0927 0196 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
      18:36:50.0937 0196 mrxsmb - ok
      18:36:50.0967 0196 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
      18:36:50.0977 0196 mrxsmb10 - ok
      18:36:50.0987 0196 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
      18:36:50.0997 0196 mrxsmb20 - ok
      18:36:51.0027 0196 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
      18:36:51.0027 0196 msahci - ok
      18:36:51.0087 0196 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
      18:36:51.0087 0196 msdsm - ok
      18:36:51.0117 0196 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
      18:36:51.0117 0196 Msfs - ok
      18:36:51.0137 0196 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
      18:36:51.0137 0196 mshidkmdf - ok
      18:36:51.0147 0196 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
      18:36:51.0147 0196 msisadrv - ok
      18:36:51.0207 0196 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
      18:36:51.0207 0196 MSKSSRV - ok
      18:36:51.0267 0196 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
      18:36:51.0267 0196 MSPCLOCK - ok
      18:36:51.0277 0196 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
      18:36:51.0277 0196 MSPQM - ok
      18:36:51.0297 0196 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
      18:36:51.0297 0196 MsRPC - ok
      18:36:51.0317 0196 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
      18:36:51.0317 0196 mssmbios - ok
      18:36:51.0327 0196 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
      18:36:51.0337 0196 MSTEE - ok
      18:36:51.0367 0196 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
      18:36:51.0367 0196 MTConfig - ok
      18:36:51.0397 0196 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
      18:36:51.0397 0196 Mup - ok
      18:36:51.0467 0196 musbehco (22fabdc07b4de09773a92d49201c9f94) C:\Users\roro\AppData\Local\Temp\musbehco.sys
      18:36:51.0507 0196 musbehco - ok
      18:36:51.0557 0196 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
      18:36:51.0567 0196 NativeWifiP - ok
      18:36:51.0607 0196 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
      18:36:51.0617 0196 NDIS - ok
      18:36:51.0647 0196 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
      18:36:51.0647 0196 NdisCap - ok
      18:36:51.0687 0196 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
      18:36:51.0697 0196 NdisTapi - ok
      18:36:51.0727 0196 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
      18:36:51.0727 0196 Ndisuio - ok
      18:36:51.0757 0196 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
      18:36:51.0767 0196 NdisWan - ok
      ```
      0
  4. g3n-h@ckm@n
     
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      [30/05/2011|17:33:17] | C:\Users\roro\AppData
      [30/05/2011|17:33:17] | C:\Users\roro\Application Data
      [30/05/2011|17:33:22] | C:\Users\roro\Contacts
      [30/05/2011|17:33:17] | C:\Users\roro\Cookies
      [30/05/2011|17:33:17] | C:\Users\roro\Desktop
      [30/05/2011|17:33:17] | C:\Users\roro\Documents
      [30/05/2011|17:33:17] | C:\Users\roro\Downloads
      [30/05/2011|17:33:17] | C:\Users\roro\Favorites
      [30/05/2011|17:33:17] | C:\Users\roro\Links
      [30/05/2011|17:33:17] | C:\Users\roro\Local Settings
      [30/05/2011|17:33:17] | C:\Users\roro\Start Menu
      [30/05/2011|17:33:17] | C:\Users\roro\My Documents
      [30/05/2011|17:33:17] | C:\Users\roro\Templates
      [30/05/2011|17:33:17] | C:\Users\roro\Music
      [30/05/2011|17:33:17] | C:\Users\roro\ntuser.dat
      [30/05/2011|17:33:17] | C:\Users\roro\ntuser.dat.LOG1
      [30/05/2011|17:33:17] | C:\Users\roro\ntuser.dat.LOG2
      [09/09/2011|09:17:58] | C:\Users\roro\ntuser.dat{1f226844-daae-11e0-af85-001d92292217}.TM.blf
      [09/09/2011|09:17:58] | C:\Users\roro\ntuser.dat{1f226844-daae-11e0-af85-001d92292217}.TMContainer00000000000000000001.regtrans-ms
      [09/09/2011|09:17:58] | C:\Users\roro\ntuser.dat{1f226844-daae-11e0-af85-001d92292217}.TMContainer00000000000000000002.regtrans-ms
      [11/08/2011|13:33:47] | C:\Users\roro\ntuser.dat{3a74544e-c40d-11e0-a23a-b3bd523ef58b}.TM.blf
      [11/08/2011|13:33:47] | C:\Users\roro\ntuser.dat{3a74544e-c40d-11e0-a23a-b3bd523ef58b}.TMContainer00000000000000000001.regtrans-ms
      [11/08/2011|13:33:47] | C:\Users\roro\ntuser.dat{3a74544e-c40d-11e0-a23a-b3bd523ef58b}.TMContainer00000000000000000002.regtrans-ms
      [30/05/2011|17:33:17] | C:\Users\roro\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
      [30/05/2011|17:33:17] | C:\Users\roro\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
      [30/05/2011|17:33:17] | C:\Users\roro\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
      [30/08/2011|12:57:20] | C:\Users\roro\ntuser.dat{7626e3a3-d2e3-11e0-90f0-001d92292217}.TM.blf
      [30/08/2011|12:57:20] | C:\Users\roro\ntuser.dat{7626e3a3-d2e3-11e0-90f0-001d92292217}.TMContainer00000000000000000001.regtrans-ms
      [30/08/2011|12:57:20] | C:\Users\roro\ntuser.dat{7626e3a3-d2e3-11e0-90f0-001d92292217}.TMContainer00000000000000000002.regtrans-ms
      [05/10/2011|14:10:41] | C:\Users\roro\ntuser.dat{ddbc5b47-ef47-11e0-b7e6-001d92292217}.TM.blf
      [05/10/2011|14:10:42] | C:\Users\roro\ntuser.dat{ddbc5b47-ef47-11e0-b7e6-001d92292217}.TMContainer00000000000000000001.regtrans-ms
      [05/10/2011|14:10:42] | C:\Users\roro\ntuser.dat{ddbc5b47-ef47-11e0-b7e6-001d92292217}.TMContainer00000000000000000002.regtrans-ms
      [25/08/2011|13:01:18] | C:\Users\roro\ntuser.dat{e8ee82df-cf08-11e0-8ab5-f3355ddd880d}.TM.blf
      [25/08/2011|13:01:18] | C:\Users\roro\ntuser.dat{e8ee82df-cf08-11e0-8ab5-f3355ddd880d}.TMContainer00000000000000000001.regtrans-ms
      [25/08/2011|13:01:18] | C:\Users\roro\ntuser.dat{e8ee82df-cf08-11e0-8ab5-f3355ddd880d}.TMContainer00000000000000000002.regtrans-ms
      [30/05/2011|17:33:17] | C:\Users\roro\ntuser.ini
      [30/05/2011|17:33:17] | C:\Users\roro\Pictures
      [30/05/2011|17:33:17] | C:\Users\roro\Recent
      [30/05/2011|17:33:17] | C:\Users\roro\Saved Games
      [30/05/2011|17:33:31] | C:\Users\roro\Searches
      [30/05/2011|17:33:17] | C:\Users\roro\SendTo
      [07/09/2011|13:50:46] | C:\Users\roro\Tracing
      [30/05/2011|17:33:17] | C:\Users\roro\Videos
      [30/05/2011|17:33:17] | C:\Users\roro\Print Neighborhood
      [30/05/2011|17:33:17] | C:\Users\roro\Network Neighborhood

      ¤¤¤¤¤¤¤¤¤¤ %StartMenu%

      [14/07/2009|06:46:35] | C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
      [14/07/2009|06:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
      [30/05/2011|17:33:04] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
      [14/07/2009|04:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
      [14/07/2009|06:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

      ¤¤¤¤¤¤¤¤¤¤ %StartMenu%\Programs

      [14/07/2009|04:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
      [14/07/2009|06:52:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
      [06/08/2011|15:39:55] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
      [31/07/2011|18:02:26] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
      [06/08/2011|13:57:13] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
      [28/07/2011|19:38:03] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Call of Duty Game of the Year Edition
      [25/08/2011|12:46:29] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
      [22/07/2011|21:07:38] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CreeperTools
      [14/07/2009|06:41:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
      [22/06/2011|18:18:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
      [14/07/2009|06:52:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
      [22/06/2011|18:17:59] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
      [02/10/2011|14:46:24] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gamigo
      [20/06/2011|19:20:48] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
      [20/06/2011|19:20:49] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk
      [14/07/2009|04:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
      [30/05/2011|17:26:03] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
      [30/05/2011|17:46:20] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
      [20/06/2011|18:43:56] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
      [25/06/2011|19:16:07] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
      [30/05/2011|18:05:53] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
      [06/08/2011|15:23:47] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
      [03/08/2011|14:58:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer 2
      [14/07/2009|06:42:29] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
      [14/07/2009|04:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
      [20/06/2011|19:09:24] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
      [14/07/2009|11:00:22] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
      [24/07/2011|11:52:41] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Game Creators
      [05/08/2011|12:11:16] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
      [24/06/2011|15:15:31] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
      [14/07/2009|06:42:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
      [30/05/2011|17:25:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
      [14/07/2009|06:42:24] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
      [14/07/2009|06:46:36] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
      [20/06/2011|21:03:07] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
      [14/07/2009|06:42:30] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

      ¤¤¤¤¤¤¤¤¤¤ %StartMenu%\Programs\Startup

      [14/07/2009|06:41:57] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

      ¤¤¤¤¤¤¤¤¤¤ %AppData%

      [23/07/2011|16:30:20] | C:\Users\roro\AppData\Roaming\.minecraft
      [20/06/2011|19:21:59] | C:\Users\roro\AppData\Roaming\Adobe
      [02/08/2011|16:45:11] | C:\Users\roro\AppData\Roaming\chrtmp
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\em.class
      [30/05/2011|17:44:21] | C:\Users\roro\AppData\Roaming\Google
      [30/05/2011|17:33:23] | C:\Users\roro\AppData\Roaming\Identities
      [20/06/2011|19:21:59] | C:\Users\roro\AppData\Roaming\Macromedia
      [30/05/2011|17:33:17] | C:\Users\roro\AppData\Roaming\Media Center Programs
      [30/05/2011|17:33:17] | C:\Users\roro\AppData\Roaming\Microsoft
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\mod_TooManyItems.class
      [02/10/2011|16:00:30] | C:\Users\roro\AppData\Roaming\Mozilla
      [25/06/2011|19:21:48] | C:\Users\roro\AppData\Roaming\Mumble
      [07/09/2011|15:27:11] | C:\Users\roro\AppData\Roaming\OpenOffice.org
      [03/08/2011|14:59:22] | C:\Users\roro\AppData\Roaming\SecondLife
      [07/09/2011|13:17:51] | C:\Users\roro\AppData\Roaming\SoftGrid Client
      [22/06/2011|18:35:34] | C:\Users\roro\AppData\Roaming\teamspeak2
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\TMICompatibility.class
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\TMIConfig.class
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\TMIController.class
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\TMIStateButtonData.class
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\TMIUtils.class
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\TMIView.class
      [11/08/2011|13:05:32] | C:\Users\roro\AppData\Roaming\Todae
      [07/09/2011|13:15:53] | C:\Users\roro\AppData\Roaming\TP
      [22/06/2011|18:39:07] | C:\Users\roro\AppData\Roaming\TS3Client
      [24/06/2011|15:39:19] | C:\Users\roro\AppData\Roaming\vlc
      [11/08/2011|13:05:16] | C:\Users\roro\AppData\Roaming\Winamp
      [20/06/2011|21:03:07] | C:\Users\roro\AppData\Roaming\WinRAR
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgButton.class
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgButtonHandler.class
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgCanvas.class
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgItemHandler.class
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgItemPanel.class
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgWidget.class
      [17/09/2011|14:30:18] | C:\Users\roro\AppData\Roaming\_tmi_MgZOrder.class

      ¤¤¤¤¤¤¤¤¤¤ %CommonAppData%

      [06/08/2011|15:38:08] | C:\ProgramData\Adobe
      [06/08/2011|13:57:11] | C:\ProgramData\Apple
      [06/08/2011|15:23:24] | C:\ProgramData\Apple Computer
      [14/07/2009|06:53:55] | C:\ProgramData\Application Data
      [30/05/2011|17:33:04] | C:\ProgramData\Desktop
      [14/07/2009|06:53:55] | C:\ProgramData\Desktop
      [14/07/2009|06:53:55] | C:\ProgramData\Documents
      [30/05/2011|17:33:04] | C:\ProgramData\Favorites
      [14/07/2009|06:53:55] | C:\ProgramData\Favorites
      [30/05/2011|17:43:39] | C:\ProgramData\Google
      [20/06/2011|19:20:40] | C:\ProgramData\IM
      [20/06/2011|19:20:40] | C:\ProgramData\IncrediMail
      [30/05/2011|17:33:04] | C:\ProgramData\Start Menu
      [14/07/2009|04:37:05] | C:\ProgramData\Microsoft
      [30/05/2011|17:33:04] | C:\ProgramData\Templates

      ¤¤¤¤¤¤¤¤¤¤ %LocalAppData%

      [06/08/2011|15:37:58] | C:\Users\roro\AppData\Local\Adobe
      [06/08/2011|13:57:15] | C:\Users\roro\AppData\Local\Apple
      [06/08/2011|14:03:27] | C:\Users\roro\AppData\Local\Apple Computer
      [30/05/2011|17:33:17] | C:\Users\roro\AppData\Local\Application Data
      [30/05/2011|17:43:18] | C:\Users\roro\AppData\Local\Apps
      [29/09/2011|14:32:32] | C:\Users\roro\AppData\Local\Conduit
      [03/08/2011|15:11:40] | C:\Users\roro\AppData\Local\Databases.db
      [30/05/2011|17:43:17] | C:\Users\roro\AppData\Local\Deployment
      [19/07/2011|13:01:48] | C:\Users\roro\AppData\Local\Diagnostics
      [05/07/2011|11:55:04] | C:\Users\roro\AppData\Local\ElevatedDiagnostics
      [30/05/2011|17:43:18] | C:\Users\roro\AppData\Local\GDIPFONTCACHEV1.DAT
      [30/05/2011|17:43:27] | C:\Users\roro\AppData\Local\Google
      [30/05/2011|17:33:17] | C:\Users\roro\AppData\Local\History
      [03/08/2011|15:11:41] | C:\Users\roro\AppData\Local\http_www.flickr.com_0
      [07/09/2011|13:02:09] | C:\Users\roro\AppData\Local\IconCache.db
      [20/06/2011|19:20:54] | C:\Users\roro\AppData\Local\IM
      [30/05/2011|17:33:17] | C:\Users\roro\AppData\Local\Microsoft
      [07/08/2011|12:36:12] | C:\Users\roro\AppData\Local\Microsoft Games
      [02/10/2011|14:16:41] | C:\Users\roro\AppData\Local\reakktor
      [03/08/2011|14:59:21] | C:\Users\roro\AppData\Local\SecondLife
      [07/09/2011|13:17:51] | C:\Users\roro\AppData\Local\SoftGrid Client
      [22/06/2011|18:37:14] | C:\Users\roro\AppData\Local\TeamSpeak 3 Client
      [30/05/2011|17:33:17] | C:\Users\roro\AppData\Local\Temp
      [30/05/2011|17:33:17] | C:\Users\roro\AppData\Local\Temporary Internet Files
      [30/05/2011|17:33:18] | C:\Users\roro\AppData\Local\VirtualStore
      [05/07/2011|13:59:38] | C:\Users\roro\AppData\Local\Vivid_Abstractions
      [20/06/2011|18:37:39] | C:\Users\roro\AppData\Local\Windows Live
      [07/09/2011|13:51:26] | C:\Users\roro\AppData\Local\{12A554B5-2027-4D73-9854-91BEEF938B2F}
      [08/09/2011|18:46:21] | C:\Users\roro\AppData\Local\{7823184B-670A-486C-98EF-B886B9B9D419}
      [09/09/2011|08:38:10] | C:\Users\roro\AppData\Local\{88AB8425-C6A7-4407-9974-E7E81142FE42}
      [08/09/2011|18:46:37] | C:\Users\roro\AppData\Local\{8BD2B0F0-3143-43B0-9843-20C5A284707C}
      [07/09/2011|13:51:01] | C:\Users\roro\AppData\Local\{F2D7CE7F-6D1A-466D-A3FE-F59BF1516E80}

      ¤¤¤¤¤¤¤¤¤¤ %ProgramFiles%

      [06/08/2011|15:38:05] | C:\Program Files\Adobe
      [06/08/2011|13:57:11] | C:\Program Files\Apple Software Update
      [28/07/2011|19:29:30] | C:\Program Files\Call of Duty Game of the Year Edition
      [28/08/2011|10:27:34] | C:\Program Files\CCleaner
      [14/07/2009|04:37:05] | C:\Program Files\Common Files
      [29/09/2011|14:32:34] | C:\Program Files\Conduit
      [14/07/2009|06:41:57] | C:\Program Files\desktop.ini
      [14/07/2009|06:52:30] | C:\Program Files\DVD Maker
      [22/06/2011|18:17:27] | C:\Program Files\EA GAMES
      [07/09/2011|14:19:01] | C:\Program Files\ElcomSoft
      [30/05/2011|17:33:04] | C:\Program Files\Common Files
      [22/06/2011|18:17:54] | C:\Program Files\GameSpy Arcade
      [02/10/2011|13:56:58] | C:\Program Files\Gamigo
      [30/05/2011|17:43:29] | C:\Program Files\Google
      [20/06/2011|19:20:40] | C:\Program Files\IncrediMail
      [29/09/2011|14:32:31] | C:\Program Files\IncrediMail_MediaBar_Francais_2
      [30/05/2011|18:05:35] | C:\Program Files\InstallShield Installation Information
      [14/07/2009|04:37:05] | C:\Program Files\Internet Explorer
      [20/06/2011|20:22:22] | C:\Program Files\Java
      [07/09/2011|13:16:23] | C:\Program Files\Microsoft Application Virtualization Client
      [14/07/2009|06:52:30] | C:\Program Files\Microsoft Games
      [07/09/2011|13:16:23] | C:\Program Files\Microsoft Office
      [30/05/2011|17:46:17] | C:\Program Files\Microsoft Security Client
      [20/06/2011|18:43:32] | C:\Program Files\Microsoft Silverlight
      [07/09/2011|13:41:21] | C:\Program Files\Microsoft SQL Server Compact Edition
      [20/06/2011|18:32:59] | C:\Program Files\Microsoft.NET
      [03/10/2011|08:17:21] | C:\Program Files\mirware with FreeAngel
      [22/06/2011|19:57:15] | C:\Program Files\MOHAATools
      [14/07/2009|06:52:30] | C:\Program Files\MSBuild
      [25/06/2011|19:16:01] | C:\Program Files\Mumble
      [30/05/2011|18:03:39] | C:\Program Files\NVIDIA Corporation
      [07/09/2011|15:18:44] | C:\Program Files\OpenOffice.org 3
      [29/09/2011|14:32:37] | C:\Program Files\Photo Notifier and Animation Creator
      [06/08/2011|15:23:24] | C:\Program Files\QuickTime
      [30/05/2011|18:09:40] | C:\Program Files\Realtek
      [14/07/2009|06:52:30] | C:\Program Files\Reference Assemblies
      [03/08/2011|14:58:40] | C:\Program Files\SecondLifeViewer2
      [29/08/2011|22:00:37] | C:\Program Files\Spybot - Search & Destroy
      [20/06/2011|19:09:23] | C:\Program Files\Steam
      [30/05/2011|18:09:36] | C:\Program Files\Temp
      [24/07/2011|11:49:01] | C:\Program Files\The Game Creators
      [14/07/2009|06:53:23] | C:\Program Files\Uninstall Information
      [24/06/2011|15:15:13] | C:\Program Files\VideoLAN
      [11/08/2011|14:01:35] | C:\Program Files\VirtualDJ
      [11/08/2011|13:05:16] | C:\Program Files\Winamp
      [11/08/2011|13:06:16] | C:\Program Files\Winamp Detect
      [14/07/2009|06:52:30] | C:\Program Files\Windows Defender
      [14/07/2009|11:01:06] | C:\Program Files\Windows Journal
      [07/09/2011|13:38:03] | C:\Program Files\Windows Live
      [14/07/2009|04:37:05] | C:\Program Files\Windows Mail
      [14/07/2009|06:52:30] | C:\Program Files\Windows Media Player
      [14/07/2009|04:37:05] | C:\Program Files\Windows NT
      [14/07/2009|06:52:30] | C:\Program Files\Windows Photo Viewer
      [14/07/2009|06:52:30] | C:\Program Files\Windows Portable Devices
      [18/08/2011|15:30:15] | C:\Program Files\Windows Searchqu Toolbar
      [14/07/2009|06:52:30] | C:\Program Files\Windows Sidebar
      [20/06/2011|21:02:58] | C:\Program Files\WinRAR

      ¤¤¤¤¤¤¤¤¤¤ %CommonFiles%

      [06/08/2011|15:39:45] | C:\Program Files\Common Files\Adobe
      [06/08/2011|15:38:04] | C:\Program Files\Common Files\Adobe AIR
      [31/07/2011|17:51:55] | C:\Program Files\Common Files\Akamai
      [06/08/2011|13:57:28] | C:\Program Files\Common Files\Apple
      [24/07/2011|13:34:02] | C:\Program Files\Common Files\Bcgsoft
      [30/05/2011|18:09:32] | C:\Program Files\Common Files\InstallShield
      [20/06/2011|20:22:49] | C:\Program Files\Common Files\Java
      [14/07/2009|04:37:05] | C:\Program Files\Common Files\microsoft shared
      [11/08/2011|13:05:24] | C:\Program Files\Common Files\PX Storage Engine
      [14/07/2009|04:37:05] | C:\Program Files\Common Files\Services
      [14/07/2009|04:37:05] | C:\Program Files\Common Files\SpeechEngines
      [20/06/2011|19:09:24] | C:\Program Files\Common Files\Steam
      [22/06/2011|18:31:29] | C:\Program Files\Common Files\SWF Studio
      [14/07/2009|04:37:05] | C:\Program Files\Common Files\System
      [20/06/2011|18:37:37] | C:\Program Files\Common Files\Windows Live

      ¤¤¤¤¤¤¤¤¤¤ %Temp%\Low

      [29/09/2011|14:32:49] | C:\Users\roro\AppData\Local\Temp\Low\Google Toolbar
      [02/10/2011|11:51:48] | C:\Users\roro\AppData\Local\Temp\Low\hsperfdata_roro
      [21/09/2011|14:33:11] | C:\Users\roro\AppData\Local\Temp\Low\IM

      ¤¤¤¤¤¤¤¤¤¤ Tasks

      [30/05/2011 | 17:43:32] | C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
      [30/05/2011 | 17:43:32] | C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job


      ¤¤¤¤¤¤¤¤¤¤ Firewall

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

      ¤

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

      ¤¤¤¤¤¤¤¤¤¤ CURRENT_USER | UNINSTALL

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\]
      "TeamSpeak 3 Client"=TeamSpeak Systems GmbH ->
      "Winamp Detect"=Nullsoft, Inc -> 1.0.0.1

      ¤¤¤¤¤¤¤¤¤¤ LOCAL_MACHINE | UNINSTALL

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\]
      "AddressBook"= ->
      "Adobe AIR"=Adobe Systems Incorporated -> 2.7.0.19530
      "Adobe Flash Player ActiveX"=Adobe Systems Incorporated -> 10.3.183.10
      "Adobe Shockwave Player"=Adobe Systems, Inc. -> 11.6.1.629
      "Akamai"= ->
      "Black Prophecy_is1"= ->
      "Call of Duty"= ->
      "Call of Duty Game of the Year Edition"= ->
      "Connection Manager"= ->
      "Counter-Strike: Condition Zero"= ->
      "DirectDrawEx"= ->
      "DXM_Runtime"= ->
      "Fontcore"= ->
      "GameSpy Arcade"= ->
      "IE40"= ->
      "IE4Data"= ->
      "IE5BAKEX"= ->
      "IEData"= ->
      "IncrediMail"=IncrediMail Ltd. -> 6.2.9.5079
      "IncrediMail MediaBar Francais 2 Toolbar"= -> 6.5.2.8
      "IncrediMail_MediaBar_Francais_2 Toolbar"=IncrediMail MediaBar Francais 2 -> 6.5.2.8
      "Microsoft .NET Framework 4 Client Profile"=Microsoft Corporation -> 4.0.30319
      "Microsoft .NET Framework 4 Client Profile FRA Language Pack"=Microsoft Corporation -> 4.0.30319
      "Microsoft .NET Framework 4 Extended"=Microsoft Corporation -> 4.0.30319
      "Microsoft Security Client"=Microsoft Corporation -> 2.1.1116.0
      "MobileOptionPack"= ->
      "MPlayer2"= ->
      "NVIDIA Drivers"=NVIDIA Corporation -> 1.10.62.40
      "Photo Notifier and Animation Creator"=IncrediMail Ltd. -> 1.0.0.1009
      "SchedulingAgent"= ->
      "SecondLifeViewer2"= ->
      "Steam App 1200"=Tripwire Interactive ->
      "Steam App 1220"=Tripwire Interactive ->
      "Steam App 1230"=Sandstorm Productions ->
      "Steam App 1280"=Darkest Hour Team ->
      "Steam App 1290"= ->
      "Steam App 220"=Valve ->
      "Steam App 380"=Valve ->
      "Steam App 4000"=Team Garry ->
      "Steam App 420"=Valve ->
      "Steam App 440"=Valve ->
      "VLC media player"=VideoLAN -> 1.1.10
      "WIC"= ->
      "Winamp"= ->
      "WinRAR archiver"=win.rar GmbH -> 4.01.0
      "{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Valve -> 1.0.0.0
      "{05BFB060-4F22-4710-B0A2-2801A1B606C5}"=Microsoft Corporation -> 3.0.8402.2
      "{0A0CADCF-78DA-33C4-A350-CD51849B9702}"=Microsoft Corporation -> 4.0.30319
      "{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2162169"= ->
      "{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2416472"= ->
      "{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871"=Microsoft Corporation -> 1
      "{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2478063"= ->
      "{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2487367"=Microsoft Corporation -> 1
      "{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523"=Microsoft Corporation -> 1
      "{0DEA94ED-915A-4834-A87E-388D012C8E02}"= ->
      "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}"=Microsoft Corporation -> 4.0.30319
      "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2478663"=Microsoft Corporation -> 1
      "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}.KB2518870"=Microsoft Corporation -> 1
      "{18455581-E099-4BA8-BC6B-F34B2F06600C}"=Google Inc. -> 1.0.0
      "{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}"= ->
      "{19192A84-6172-4312-A661-D8F9A34585AB}"=Atomix Productions -> 7.0.4.1
      "{196BB40D-1578-3D01-B289-BEFC77A11A1E}"=Microsoft Corporation -> 10.0.30319
      "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Inc. -> 7.1.2003.1856
      "{26A24AE4-039D-4CA4-87B4-2F83216026FF}"=Oracle -> 6.0.260
      "{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}"=Microsoft Corporation -> 3.0.8402.2
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}"=Microsoft Corporation -> 4.0.30319
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2160841"= ->
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2162169"= ->
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708"=Microsoft Corporation -> 1
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708v2"= ->
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871"=Microsoft Corporation -> 1
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228"= ->
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478063"= ->
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663"=Microsoft Corporation -> 1
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2514805"= ->
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870"=Microsoft Corporation -> 1
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523"=Microsoft Corporation -> 1
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636"=Microsoft Corporation -> 1
      "{4A03706F-666A-4037-7777-5F2748764D10}"=Sun Microsystems, Inc. -> 2.0.5.1
      "{50779A29-834E-4E36-BBEB-B7CABC67A825}"=Microsoft Corporation -> 2.1.1116.0
      "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}"=Microsoft Corporation -> 2.1.1116.0
      "{582876EC-A178-44D4-9823-C10D6C62EAFF}"= ->
      "{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}"=IncrediMail -> 6.2.9.5079
      "{612C34C7-5E90-47D8-9B5C-0F717DD82726}"=Adobe Systems, Inc -> 12.0.0.1
      "{61AD15B2-50DB-4686-A739-14FE180D4429}"=Microsoft Corporation -> 7.250.4225.0
      "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}"= ->
      "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}"=Apple Inc. -> 2.0.1
      "{6B7F28D4-160E-40C6-B7C8-5EC6B9734DA7}"=Your company name -> 1.0.0.1009
      "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}"=Microsoft Corporation -> 8.0.61001
      "{72604C30-CBD2-4917-9AB5-4274747F3269}_is1"=KevinsL -> 0.2
      "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}"=Apple Inc. -> 2.1.3.127
      "{7914BE1E-F186-4790-B8F4-9F63C52A41C1}"= ->
      "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}"=NVIDIA Corporation -> 1.00.7325.0
      "{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}"= ->
      "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Corporation -> 4.0.60531.0
      "{9A25302D-30C0-39D9-BD6F-21E6EC160475}"=Microsoft Corporation -> 9.0.30729
      0
    2. toxic512008 Posted messages 158 Status Member 23
       
      663 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      665 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      667 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      669 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      671 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      673 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      675 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      677 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      679 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      681 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      683 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      685 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      687 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      689 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      691 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      693 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      695 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      697 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      699 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      701 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      703 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      705 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      707 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      709 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      711 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      713 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      715 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      717 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      719 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      721 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      723 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      725 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      727 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      729 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      731 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      733 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      735 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      737 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      739 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      741 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      743 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      745 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      747 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      749 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      751 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      753 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      755 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      757 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      759 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      761 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      763 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      765 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      767 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      769 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      771 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      773 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      775 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      777 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      779 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      781 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      783 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      785 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      787 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      789 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      791 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      793 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      795 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      797 mouhid[0x934C778B] -> ntkrnlpa!IofCallDriver[0x8305652A]
      799 hidusb[0x934A9391] -> ntkrnlpa!IofCallDriver[0x8305652A]
      801 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      803 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      805 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      807 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      809 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      811 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      813 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      815 volsnap[0x893B9C85] -> ntkrnlpa!IofCallDriver[0x8305652A]
      817 rdyboost[0x8920C774] -> ntkrnlpa!IofCallDriver[0x8305652A]
      819 fvevol[0x891B746F] -> ntkrnlpa!IofCallDriver[0x8305652A]
      821 volmgr[0x88C499A8] -> ntkrnlpa!IofCallDriver[0x8305652A]
      823 partmgr[0x88C38111] -> ntkrnlpa!IofCallDriver[0x8305652A]
      825 CLASSPNP[0x88FA859E] -> ntkrnlpa!IofCallDriver[0x8305652A]
      827 ACPI[0x837C03D4] -> ntkrnlpa!IofCallDriver[0x8305652A]
      829 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      831 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      833 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      835 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      837 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      839 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      841 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      843 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      845 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      847 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      849 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      851 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      853 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      855 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      857 volsnap[0x893B9C85] -> ntkrnlpa!IofCallDriver[0x8305652A]
      859 rdyboost[0x8920C774] -> ntkrnlpa!IofCallDriver[0x8305652A]
      861 fvevol[0x891B746F] -> ntkrnlpa!IofCallDriver[0x8305652A]
      863 volmgr[0x88C499A8] -> ntkrnlpa!IofCallDriver[0x8305652A]
      865 partmgr[0x88C38111] -> ntkrnlpa!IofCallDriver[0x8305652A]
      867 CLASSPNP[0x88FA859E] -> ntkrnlpa!IofCallDriver[0x8305652A]
      869 ACPI[0x837C03D4] -> ntkrnlpa!IofCallDriver[0x8305652A]
      871 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      873 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      875 USBSTOR[0x934D204A] -> ntkrnlpa!IofCallDriver[0x8305652A]
      877 usbhub[0x9341BC88] -> ntkrnlpa!IofCallDriver[0x8305652A]
      879 volsnap[0x893B9C85] -> ntkrnlpa!IofCallDriver[0x8305652A]
      881 rdyboost[0x8920C774] -> ntkrnlpa!IofCallDriver[0x8305652A]
      883 fvevol[0x891B746F] -> ntkrnlpa!IofCallDriver[0x8305652A]
      885 volmgr[0x88C499A8] -> ntkrnlpa!IofCallDriver[0x8305652A]
      887 partmgr[0x88C38111] -> ntkrnlpa!IofCallDriver[0x8305652A]
      889 CLASSPNP[0x88FA859E] -> ntkrnlpa!IofCallDriver[0x8305652A]
      891 ACPI[0x837C03D4] -> ntkrnlpa!IofCallDriver[0x8305652A]
      kernel: MBR read successfully
      user & kernel MBR OK

      ¤¤¤¤¤¤¤¤¤¤ Security Center

      [HKLM | Security Center\Svc] | AntispywareOverride : 0
      [HKLM | Security Center\Svc] | AntiVirusOverride : 0
      [HKLM | Security Center\Svc] | FirewallOverride : 0

      ¤

      [HKLM | FirewallPolicy\DomainProfile] | DisableNotifications : 0
      [HKLM | FirewallPolicy\StandardProfile] | DisableNotifications : 0

      ¤¤¤¤¤¤¤¤¤¤ Ports

      [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

      ¤

      [HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]

      ¤¤¤¤¤¤¤¤¤¤ Hidden Files Search

      ~ External Drives: 0 Hidden Objects
      ~ Local Disk: 0 Hidden Objects
      Users: 1 Hidden Object (Modified)
      ProgramFiles: 5 Hidden Objects (Modified)
      ~ Music: 0 Hidden Objects
      ~ Pictures: 0 Hidden Objects
      ~ Videos: 0 Hidden Objects
      ~ Downloads: 0 Hidden Objects
      ~ Desktop: 0 Hidden Objects
      ~ Links: 0 Hidden Objects
      Searches: 3 Hidden Objects (Modified)
      ~ Contacts: 0 Hidden Objects
      ~ Saved Games: 0 Hidden Objects
      ~ Favorites: 0 Hidden Objects
      Documents: 32 Hidden Objects (Modified)
      Windows: 45 Hidden Objects (Modified)
      ~ StartMenu: 0 Hidden Objects
      ~ Libraries: 0 Hidden Objects
      Quick Launch: 2 Hidden Objects (Modified)
      %AppData%: 2 Hidden Objects (Modified)

      ¤¤¤¤¤¤¤¤¤¤ Alternate Data Streams



      Suspect:

      ¤¤¤¤¤¤

      C:\Windows\explorer.exe -> Process restarted

      Pre_Script.exe: To make it appear, drag and drop an icon onto Pre_scan

      End: 18:17:33

      ¤¤¤¤¤¤¤¤¤¤(EOF)¤¤¤¤¤¤¤¤¤¤
      0
  5. g3n-h@ckm@n
     
    try this site for the pre_scan report

    https://www.cjoint.com/

    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      Same problem, unable to click on Browse .... The rest is also blocked -__-
      0
  6. g3n-h@ckm@n
     


    ¤¤¤¤¤¤¤¤¤¤ %StartMenu%
    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      ¤¤¤¤¤¤¤¤¤¤ DNS

      [HKLM\CCS | Tcpip\Parameters] | DhcpNameServer -> 212.27.40.240 212.27.40.241
      [HKLM\CCS | Interfaces\{B4D0BFCC-E92D-4CFE-A71E-460EAEC9BBD2}] | DhcpNameServer -> 212.27.40.240 212.27.40.241
      [HKLM\CS001 | Interfaces\{B4D0BFCC-E92D-4CFE-A71E-460EAEC9BBD2}] | DhcpNameServer -> 212.27.40.240 212.27.40.241
      [HKLM\CS002 | Interfaces\{B4D0BFCC-E92D-4CFE-A71E-460EAEC9BBD2}] | DhcpNameServer -> 212.27.40.240 212.27.40.241
      [HKLM\CCS | Tcpip\Parameters] | NameServer ->

      ¤¤¤¤¤¤¤¤¤¤ Hosts

      # 127.0.0.1 localhost
      # ::1 localhost

      ¤¤¤¤¤¤¤¤¤¤ HKCU\Software

      [HKEY_CURRENT_USER\Software\Adobe]
      [HKEY_CURRENT_USER\Software\AppDataLow]
      [HKEY_CURRENT_USER\Software\Apple Computer, Inc.]
      [HKEY_CURRENT_USER\Software\Battlefield 1942]
      [HKEY_CURRENT_USER\Software\Burda]
      [HKEY_CURRENT_USER\Software\Clients]
      [HKEY_CURRENT_USER\Software\EA Games]
      [HKEY_CURRENT_USER\Software\FPSCreator]
      [HKEY_CURRENT_USER\Software\g3n-h@ckm@n]
      [HKEY_CURRENT_USER\Software\GameSpy]
      [HKEY_CURRENT_USER\Software\Google]
      [HKEY_CURRENT_USER\Software\IM]
      [HKEY_CURRENT_USER\Software\ImInstaller]
      [HKEY_CURRENT_USER\Software\IncrediMail]
      [HKEY_CURRENT_USER\Software\JavaSoft]
      [HKEY_CURRENT_USER\Software\Macromedia]
      [HKEY_CURRENT_USER\Software\Maydje]
      [HKEY_CURRENT_USER\Software\Microsoft]
      [HKEY_CURRENT_USER\Software\MOHAA]
      [HKEY_CURRENT_USER\Software\Mumble]
      [HKEY_CURRENT_USER\Software\Netscape]
      [HKEY_CURRENT_USER\Software\Nuclear Coffee]
      [HKEY_CURRENT_USER\Software\NVIDIA Corporation]
      [HKEY_CURRENT_USER\Software\Policies]
      [HKEY_CURRENT_USER\Software\Realtek]
      [HKEY_CURRENT_USER\Software\SecuROM]
      [HKEY_CURRENT_USER\Software\Sysinternals]
      [HKEY_CURRENT_USER\Software\TeamSpeak 3 Client]
      [HKEY_CURRENT_USER\Software\Trolltech]
      [HKEY_CURRENT_USER\Software\Valve]
      [HKEY_CURRENT_USER\Software\VirtualDJ]
      [HKEY_CURRENT_USER\Software\WinRAR]
      [HKEY_CURRENT_USER\Software\WinRAR SFX]
      [HKEY_CURRENT_USER\Software\YahooPartnerToolbar]
      [HKEY_CURRENT_USER\Software\Classes]

      ¤¤¤¤¤¤¤¤¤¤ HKLM\Software

      [HKEY_LOCAL_MACHINE\Software\Activision]
      [HKEY_LOCAL_MACHINE\Software\Adobe]
      [HKEY_LOCAL_MACHINE\Software\AGEIA Technologies]
      [HKEY_LOCAL_MACHINE\Software\AppDataLow]
      [HKEY_LOCAL_MACHINE\Software\Apple Computer, Inc.]
      [HKEY_LOCAL_MACHINE\Software\Apple Inc.]
      [HKEY_LOCAL_MACHINE\Software\ATI Technologies]
      [HKEY_LOCAL_MACHINE\Software\BrowserChoice]
      [HKEY_LOCAL_MACHINE\Software\C07ft5Y]
      [HKEY_LOCAL_MACHINE\Software\CDDB]
      [HKEY_LOCAL_MACHINE\Software\Classes]
      [HKEY_LOCAL_MACHINE\Software\Clients]
      [HKEY_LOCAL_MACHINE\Software\Conduit]
      [HKEY_LOCAL_MACHINE\Software\Dark Basic]
      [HKEY_LOCAL_MACHINE\Software\Dolby]
      [HKEY_LOCAL_MACHINE\Software\DTS]
      [HKEY_LOCAL_MACHINE\Software\EA GAMES]
      [HKEY_LOCAL_MACHINE\Software\Electronic Arts]
      [HKEY_LOCAL_MACHINE\Software\Fraps]
      [HKEY_LOCAL_MACHINE\Software\Google]
      [HKEY_LOCAL_MACHINE\Software\ImInstaller]
      [HKEY_LOCAL_MACHINE\Software\IncrediMail]
      [HKEY_LOCAL_MACHINE\Software\IncrediMail_MediaBar_Francais_2]
      [HKEY_LOCAL_MACHINE\Software\InstallShield]
      [HKEY_LOCAL_MACHINE\Software\Intel]
      [HKEY_LOCAL_MACHINE\Software\JavaSoft]
      [HKEY_LOCAL_MACHINE\Software\JreMetrics]
      [HKEY_LOCAL_MACHINE\Software\Khronos]
      [HKEY_LOCAL_MACHINE\Software\Linden Research, Inc.]
      [HKEY_LOCAL_MACHINE\Software\Macromedia]
      [HKEY_LOCAL_MACHINE\Software\Microsoft]
      [HKEY_LOCAL_MACHINE\Software\Mozilla]
      [HKEY_LOCAL_MACHINE\Software\MozillaPlugins]
      [HKEY_LOCAL_MACHINE\Software\Nuclear Coffee]
      [HKEY_LOCAL_MACHINE\Software\NVIDIA Corporation]
      [HKEY_LOCAL_MACHINE\Software\ODBC]
      [HKEY_LOCAL_MACHINE\Software\Photo Notifier and Animation Creator]
      [HKEY_LOCAL_MACHINE\Software\Policies]
      [HKEY_LOCAL_MACHINE\Software\Reakktor]
      [HKEY_LOCAL_MACHINE\Software\Realtek]
      [HKEY_LOCAL_MACHINE\Software\Realtek Semiconductor Corp.]
      [HKEY_LOCAL_MACHINE\Software\RegisteredApplications]
      [HKEY_LOCAL_MACHINE\Software\Sonic]
      [HKEY_LOCAL_MACHINE\Software\SonicFocus]
      [HKEY_LOCAL_MACHINE\Software\SRS Labs]
      [HKEY_LOCAL_MACHINE\Software\The Game Creators]
      [HKEY_LOCAL_MACHINE\Software\Valve]
      [HKEY_LOCAL_MACHINE\Software\VideoLAN]
      [HKEY_LOCAL_MACHINE\Software\VirtualDJ]
      [HKEY_LOCAL_MACHINE\Software\Waves Audio]
      [HKEY_LOCAL_MACHINE\Software\WinRAR]

      ¤¤¤¤¤¤¤¤¤¤ Processus


      ¤¤¤¤¤¤¤¤¤¤ Traitement Fichiers | Dossiers | Registre

      Mise en quarantaine : C:\$Recycle.bin\S-1-5-21-1913976771-3513930833-1953101718-1001\desktop.ini
      Erreur de suppression : C:\Users\roro\AppData\Local\http_www.flickr.com_0
      Erreur de suppression : C:\Users\roro\AppData\Roaming\chrtmp
      Mise en quarantaine : C:\Windows\Temp\RGI27EB.tmp
      Mise en quarantaine : C:\Windows\Temp\RGI27EB.tmp-tmp
      Mise en quarantaine : C:\Windows\Temp\RGI47AB.tmp
      Mise en quarantaine : C:\Windows\Temp\RGI47AB.tmp-tmp
      Mise en quarantaine : C:\Windows\Temp\RGI8A93.tmp
      Mise en quarantaine : C:\Windows\Temp\RGI8A93.tmp-tmp
      Mise en quarantaine : C:\Windows\Temp\RGI8D38.tmp
      Mise en quarantaine : C:\Windows\Temp\RGI8D38.tmp-tmp
      Mise en quarantaine : C:\Windows\Temp\RGIB377.tmp
      Mise en quarantaine : C:\Windows\Temp\RGIB377.tmp-tmp
      Mise en quarantaine : C:\Windows\Temp\RGIB60D.tmp
      Mise en quarantaine : C:\Windows\Temp\RGIB60D.tmp-tmp
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\7D98.tmp
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\8890.tmp
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\IECA32C.tmp
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\IECC0F9.tmp
      Erreur de suppression : C:\Users\roro\AppData\Local\Temp\IM_56E5.tmp
      Supprimé : C:\Users\roro\AppData\Local\Temp\IM_56E5.tmp
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\nsb5D5D.tmp
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\RGI1FE3.tmp
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\RGI1FE3.tmp-tmp
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\RGI4D49.tmp
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\RGI4D49.tmp-tmp
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\RGI69B3.tmp
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\RGI69B3.tmp-tmp
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\~DF15BD0A87B4FAF1EB.TMP
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\~DF9AB37B0482A8F07E.TMP
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\~DFA5C2318ECED375B8.TMP
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\~DFAA6D7E177A6FC988.TMP
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\~DFD519B7FE2021565F.TMP
      Erreur de suppression : C:\Users\roro\AppData\Local\Temp\8890.dir\InstallFlashPlayer.exe
      Mise en quarantaine : C:\Users\roro\AppData\Local\Temp\IncrediMail\CMDCF40.tmp
      Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\55O4LMOV\install_virtualdj_home_v7.0.4b.exe
      Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\567UKXHI\mediacenter.exe
      Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\KIYVZH2O\QuickTimeInstaller.exe
      Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\P228RSZ0\Re-Enable v2.exe
      Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\P228RSZ0\winamp5621_full_emusic-7plus_fr-fr.exe
      Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\VA1WKUX9\AdobeAIRInstaller.exe
      Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\VA1WKUX9\QuickTimeInstaller.exe
      Supprimé : C:\Users\roro\AppData\Local\temporary internet files\Content.IE5\VA1WKUX9\Second_Life_2-8-0-236429_Setup.exe


      ¤¤¤¤¤¤¤¤¤¤ IFEO


      ¤¤¤¤¤¤¤¤¤¤ Mountpoints2



      ¤¤¤¤¤¤¤¤¤¤ %Homedrive%

      [14/07/2009|04:36:15] | C:\$Recycle.Bin
      [14/07/2009|04:04:04] | C:\autoexec.bat
      [14/07/2009|04:04:04] | C:\config.sys
      [22/07/2011|21:07:36] | C:\CreeperTools
      [14/07/2009|06:53:55] | C:\Documents and Settings
      [30/05/2011|17:23:08] | C:\hiberfil.sys
      [09/10/2011|18:10:38] | C:\Kill'em
      [30/05/2011|17:23:15] | C:\pagefile.sys
      [14/07/2009|04:37:05] | C:\PerfLogs
      [09/10/2011|18:10:58] | C:\Pre_Scan.txt
      [14/07/2009|04:37:05] | C:\Program Files
      [14/07/2009|04:37:05] | C:\ProgramData
      [30/05/2011|17:33:04] | C:\Recovery
      [30/05/2011|17:23:08] | C:\System Volume Information
      [14/07/2009|04:37:05] | C:\Users
      [05/08/2011|12:02:57] | C:\Valve
      [14/07/2009|04:37:05] | C:\Windows

      ¤¤¤¤¤¤¤¤¤¤ %Systemroot%

      [14/07/2009|06:52:30] | C:\Windows\addins
      [14/07/2009|04:37:05] | C:\Windows\AppCompat
      [14/07/2009|04:37:05] | C:\Windows\AppPatch
      [14/07/2009|04:37:05] | C:\Windows\assembly
      [21/06/2011|17:14:03] | C:\Windows\bfsvc.exe
      [14/07/2009|04:37:06] | C:\Windows\Boot
      [14/07/2009|06:57:37] | C:\Windows\bootstat.dat
      [14/07/2009|04:37:06] | C:\Windows\Branding
      [11/08/2011|21:59:50] | C:\Windows\CheckSur
      [28/07/2011|19:28:43] | C:\Windows\CoD.INI
      [14/07/2009|04:37:06] | C:\Windows\Cursors
      [14/07/2009|06:34:21] | C:\Windows\debug
      [14/07/2009|06:52:30] | C:\Windows\diagnostics
      [14/07/2009|10:39:39] | C:\Windows\DigitalLocker
      [20/06/2011|18:52:29] | C:\Windows\DirectX.log
      [14/07/2009|06:52:30] | C:\Windows\Downloaded Program Files
      [14/07/2009|06:34:31] | C:\Windows\DtcInstall.log
      [14/07/2009|11:00:40] | C:\Windows\ehome
      [30/05/2011|17:46:48] | C:\Windows\epplauncher.mif
      [28/07/2011|19:14:11] | C:\Windows\eReg.dat
      [20/06/2011|17:56:21] | C:\Windows\explorer.exe
      [14/07/2009|04:37:06] | C:\Windows\Fonts
      [14/07/2009|10:39:39] | C:\Windows\fr-FR
      [14/07/2009|01:12:58] | C:\Windows\fveupdate.exe
      [14/07/2009|04:37:06] | C:\Windows\Globalization
      [14/07/2009|04:37:06] | C:\Windows\Help
      [14/07/2009|02:12:58] | C:\Windows\HelpPane.exe
      [14/07/2009|02:12:22] | C:\Windows\hh.exe
      [14/07/2009|11:02:25] | C:\Windows\HomePremium.xml
      [20/06/2011|18:13:04] | C:\Windows\IE9_main.log
      [14/07/2009|04:37:06] | C:\Windows\IME
      [14/07/2009|04:37:06] | C:\Windows\inf
      [30/05/2011|17:43:33] | C:\Windows\Installer
      [14/07/2009|04:37:06] | C:\Windows\L2Schemas
      [14/07/2009|04:37:06] | C:\Windows\LiveKernelReports
      [14/07/2009|04:37:06] | C:\Windows\Logs
      [14/07/2009|04:37:06] | C:\Windows\Media
      [14/07/2009|01:55:01] | C:\Windows\mib.bin
      [14/07/2009|04:37:07] | C:\Windows\Microsoft.NET
      [14/07/2009|04:37:07] | C:\Windows\ModemLogs
      [14/07/2009|04:04:57] | C:\Windows\msdfmap.ini
      [02/08/2011|14:38:58] | C:\Windows\MSWINSCK.OCX
      [14/07/2009|01:41:04] | C:\Windows\notepad.exe
      [14/07/2009|06:52:30] | C:\Windows\Offline Web Pages
      [30/05/2011|18:22:25] | C:\Windows\Panther
      [07/09/2011|13:16:23] | C:\Windows\PCHEALTH
      [14/07/2009|06:52:30] | C:\Windows\Performance
      [30/05/2011|17:47:20] | C:\Windows\PFRO.log
      [14/07/2009|04:37:07] | C:\Windows\PLA
      [14/07/2009|04:37:07] | C:\Windows\PolicyDefinitions
      [30/05/2011|17:23:21] | C:\Windows\Prefetch
      [14/07/2009|01:17:08] | C:\Windows\regedit.exe
      [14/07/2009|04:37:07] | C:\Windows\registration
      [14/07/2009|04:37:07] | C:\Windows\rescache
      [14/07/2009|04:37:07] | C:\Windows\Resources
      [30/05/2011|18:09:35] | C:\Windows\RtlExUpd.dll
      [14/07/2009|04:37:07] | C:\Windows\SchCache
      [14/07/2009|04:37:07] | C:\Windows\schemas
      [14/07/2009|04:37:07] | C:\Windows\security
      [14/07/2009|06:34:13] | C:\Windows\ServiceProfiles
      [14/07/2009|04:37:07] | C:\Windows\servicing
      [14/07/2009|06:34:16] | C:\Windows\Setup
      [14/07/2009|06:39:09] | C:\Windows\setupact.log
      [14/07/2009|06:39:09] | C:\Windows\setuperr.log
      [14/07/2009|11:00:40] | C:\Windows\ShellNew
      [30/05/2011|17:26:04] | C:\Windows\SoftwareDistribution
      [14/07/2009|04:37:07] | C:\Windows\Speech
      [14/07/2009|06:48:09] | C:\Windows\Starter.xml
      [14/07/2009|04:37:07] | C:\Windows\system
      [14/07/2009|04:04:23] | C:\Windows\system.ini
      [14/07/2009|04:37:07] | C:\Windows\System32
      [14/07/2009|04:37:09] | C:\Windows\TAPI
      [14/07/2009|04:37:09] | C:\Windows\Tasks
      [14/07/2009|04:37:09] | C:\Windows\Temp
      [14/07/2009|04:37:09] | C:\Windows\tracing
      [30/05/2011|17:23:38] | C:\Windows\TSSysprep.log
      [10/06/2009|23:41:17] | C:\Windows\twain.dll
      [14/07/2009|06:52:30] | C:\Windows\twain_32
      [21/06/2011|17:14:10] | C:\Windows\twain_32.dll
      [14/07/2009|00:47:26] | C:\Windows\twunk_16.exe
      [14/07/2009|02:14:40] | C:\Windows\twunk_32.exe
      [14/07/2009|04:37:09] | C:\Windows\Vss
      [14/07/2009|04:37:09] | C:\Windows\Web
      [14/07/2009|04:04:23] | C:\Windows\win.ini
      [14/07/2009|06:41:57] | C:\Windows\WindowsShell.Manifest
      [30/05/2011|17:26:02] | C:\Windows\WindowsUpdate.log
      [13/07/2009|22:29:46] | C:\Windows\winhelp.exe
      [14/07/2009|02:12:29] | C:\Windows\winhlp32.exe
      [14/07/2009|04:37:09] | C:\Windows\winsxs
      [10/06/2009|23:34:23] | C:\Windows\WMSysPr9.prx
      [14/07/2009|01:41:00] | C:\Windows\write.exe
      [13/07/2009|23:30:30] | C:\Windows\_default.pif

      ¤¤¤¤¤¤¤¤¤¤ %Userprofile%

      [30/05/2011|17:33:17] | C:\Users\roro\AppData
      [30/05/2011|17:33:17] | C:\Users\roro\Application Data
      [30/05/2011|17:33:22] | C:\Users\roro\Contacts
      [30/05/2011|17:33:17] | C:\Users\roro\Cookies
      [30/05/2011|17:33:17] | C:\Users\roro\Desktop
      [30/05/2011|17:33:17] | C:\Users\roro\Documents
      [30/05/2011|17:33:17] | C:\Users\roro\Downloads
      [30/05/2011|17:33:17] | C:\Users\roro\Favorites
      [30/05/2011|17:33:17] | C:\Users\roro\Links
      [30/05/2011|17:33:17] | C:\Users\roro\Local Settings
      [30/05/2011|17:33:17] | C:\Users\roro\Start Menu
      [30/05/2011|17:33:17] | C:\Users\roro\My Documents
      [30/05/2011|17:33:17] | C:\Users\roro\Templates
      [30/05/2011|17:33:17] | C:\Users\roro\Music
      [30/05/2011|17:33:17] | C:\Users\roro\ntuser.dat
      [30/05/2011|17:33:17] | C:\Users\roro\ntuser.dat.LOG1
      [30/05/2011|17:33:17] | C:\Users\roro\ntuser.dat.LOG2
      [09/09/2011|09:17:58] | C:\Users\roro\ntuser.dat{1f226844-daae-11e0-af85-001d92292217}.TM.blf
      [09/09/2011|09:17:58] | C:\Users\roro\ntuser.dat{1f226844-daae-11e0-af85-001d92292217}.TMContainer00000000000000000001.regtrans-ms
      [09/09/2011|09:17:58] | C:\Users\roro\ntuser.dat{1f226844-daae-11e0-af85-001d92292217}.TMContainer00000000000000000002.regtrans-ms
      [11/08/2011|13:33:47] | C:\Users\roro\ntuser.dat{3a74544e-c40d-11e0-a23a-b3bd523ef58b}.TM.blf
      [11/08/2011|13:33:47] | C:\Users\roro\ntuser.dat{3a74544e-c40d-11e0-a23a-b3bd523ef58b}.TMContainer00000000000000000001.regtrans-ms
      [11/08/2011|13:33:47] | C:\Users\roro\ntuser.dat{3a74544e-c40d-11e0-a23a-b3bd523ef58b}.TMContainer00000000000000000002.regtrans-ms
      [30/05/2011|17:33:17] | C:\Users\roro\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
      [30/05/2011|17:33:17] | C:\Users\roro\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
      [30/05/2011|17:33:17] | C:\Users\roro\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
      [30/08/2011|12:57:20] | C:\Users\roro\ntuser.dat{7626e3a3-d2e3-11e0-90f0-001d92292217}.TM.blf
      [30/08/2011|12:57:20] | C:\Users\roro\ntuser.dat{7626e3a3-d2e3-11e0-90f0-001d92292217}.TMContainer00000000000000000001.regtrans-ms
      [30/08/2011|12:57:20] | C:\Users\roro\ntuser.dat{7626e3a3-d2e3-11e0-90f0-001d92292217}.TMContainer00000000000000000002.regtrans-ms
      [05/10/2011|14:10:41] | C:\Users\roro\ntuser.dat{ddbc5b47-ef47-11e0-b7e6-001d92292217}.TM.blf
      [05/10/2011|14:10:42] | C:\Users\roro\ntuser.dat{ddbc5b47-ef47-11e0-b7e6-001d92292217}.TMContainer00000000000000000001.regtrans-ms
      [05/10/2011|14:10:42] | C:\Users\roro\ntuser.dat{ddbc5b47-ef47-11e0-b7e6-001d92292217}.TMContainer00000000000000000002.regtrans-ms
      [25/08/2011|13:01:18] | C:\Users\roro\ntuser.dat{e8ee82df-cf08-11e0-8ab5-f3355ddd880d}.TM.blf
      [25/08/2011|13:01:18] | C:\Users\roro\ntuser.dat{e8ee82df-cf08-11e0-8ab5-f3355ddd880d}.TMContainer00000000000000000001.regtrans-ms
      [25/08/2011|13:01:18] | C:\Users\roro\ntuser.dat{e8ee82df-cf08-11e0-8ab5-f3355ddd880d}.TMContainer00000000000000000002.regtrans-ms
      [30/05/2011|17:33:17] | C:\Users\roro\ntuser.ini
      [30/05/2011|17:33:17] | C:\Users\roro\Pictures
      [30/05/2011|17:33:17] | C:\Users\roro\Recent
      [30/05/2011|17:33:17] | C:\Users\roro\Saved Games
      [30/05/2011|17:33:31] | C:\Users\roro\Searches
      [30/05/2011|17:33:17] | C:\Users\roro\SendTo
      [07/09/2011|13:50:46] | C:\Users\roro\Tracing
      [30/05/2011|17:33:17] | C:\Users\roro\Videos
      [30/05/2011|17:33:17] | C:\Users\roro\Printing Neighborhood
      [30/05/2011|17:33:17] | C:\Users\roro\Network Neighborhood

      ¤¤¤¤¤¤¤¤¤¤ %StartMenu%

      [14/07/2009|06:46:35] | C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
      [14/07/2009|06:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
      [30/05/2011|17:33:04] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
      [14/07/2009|04:37:05] | C:\ProgramData\Microsoft\Windows\Start Menu\Programs
      [14/07/2009|06:37:43] | C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
      0
  7. g3n-h@ckm@n
     
    There is a lack at the beginning... !!
    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 1.0.2.92 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      ¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

      ~ Updated on 10/08/2011 | 13:00 by g3n-h@ckm@n
      ~ Information: http://www.forum-fec.net/t1444-pre_scan-versions
      ~ : http://www.gen-hackman.net
      ~ Feedback: http://www.forum-fec.net/t1445-feedback-pre_scan

      ~ User: roro (Administrators)
      ~ Computer: RORO-PC

      ~ Operating System: Windows 7 Home Premium (32 bits) HomePremium Service Pack 1
      ~ Installation Type: Client
      ~ Registered as: roro
      ~ Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+
      ~ Identification: x86 Family 15 Model 75 Stepping 2
      Internet Explorer: 9.0.8112.16421
      Mozilla Firefox:
      Windows Firewall: Active
      Windows Defender: Inactive

      a:\ -> [Removable] | []
      c:\ -> [Fixed] | [] | Total: 238370 Mo | Free: 159340 Mo -> NTFS
      d:\ -> [CDROM] | []
      e:\ -> [Removable] | []

      Scan: 18:11:08 | 10/09/2011


      ¤¤¤¤¤¤¤¤¤¤ Sessions

      ~ [HKLM | ProfileList] | S-1-5-21-1913976771-3513930833-1953101718-1001 : ProfileImagePath -> C:\Users\roro
      ~ [HKLM | ProfileList] | S-1-5-21-1913976771-3513930833-1953101718-1001 : RefCount -> 2
      ~ [HKLM | ProfileList] | S-1-5-21-1913976771-3513930833-1953101718-1001 : State -> 0

      ¤¤¤¤¤¤¤¤¤¤ Processes in progress

      Start: Normal

      268 | C:\Windows\System32\smss.exe - System - Normal - \SystemRoot\System32\smss.exe - 4
      424 | C:\Windows\system32\csrss.exe - System - Normal - %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 - 412
      476 | C:\Windows\system32\wininit.exe - System - High - wininit.exe - 412
      492 | C:\Windows\system32\csrss.exe - System - Normal - %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 - 484
      532 | C:\Windows\system32\services.exe - System - Normal - C:\Windows\system32\services.exe - 476
      548 | C:\Windows\system32\lsass.exe - System - Normal - C:\Windows\system32\lsass.exe - 476
      556 | C:\Windows\system32\lsm.exe - System - Normal - C:\Windows\system32\lsm.exe - 476
      624 | C:\Windows\system32\winlogon.exe - System - High - winlogon.exe - 484
      708 | C:\Windows\system32\svchost.exe - System - Normal - C:\Windows\system32\svchost.exe -k DcomLaunch - 532
      772 | C:\Windows\system32\nvvsvc.exe - System - Normal - C:\Windows\system32\nvvsvc.exe - 532
      812 | C:\Windows\system32\svchost.exe - NETWORK SERVICE - Normal - C:\Windows\system32\svchost.exe -k RPCSS - 532
      860 | c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe - System - Normal - "c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" - 532
      1024 | C:\Windows\System32\svchost.exe - LOCAL SERVICE - Normal - C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted - 532
      1060 | C:\Windows\System32\svchost.exe - System - Normal - C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - 532
      1112 | C:\Windows\system32\svchost.exe - System - Normal - C:\Windows\system32\svchost.exe -k netsvcs - 532
      1208 | C:\Windows\system32\svchost.exe - LOCAL SERVICE - Normal - C:\Windows\system32\svchost.exe -k LocalService - 532
      1276 | C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe - System - Normal - "C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe" - 772
      1288 | C:\Windows\system32\nvvsvc.exe - System - Normal - C:\Windows\system32\nvvsvc.exe -session -first - 772
      1376 | C:\Windows\system32\svchost.exe - NETWORK SERVICE - Normal - C:\Windows\system32\svchost.exe -k NetworkService - 532
      1652 | C:\Windows\System32\spoolsv.exe - System - Normal - C:\Windows\System32\spoolsv.exe - 532
      1684 | C:\Windows\system32\svchost.exe - LOCAL SERVICE - Normal - C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork - 532
      1764 | C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - System - Normal - "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" - 532
      1796 | C:\Windows\System32\svchost.exe - System - Normal - C:\Windows\System32\svchost.exe -k Akamai - 532
      1828 | C:\Windows\system32\svchost.exe - LOCAL SERVICE - Normal - C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation - 532
      1896 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - System - Normal - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" - 532
      1996 | C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe - System - Normal - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe" - 532
      2028 | C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe - System - Normal - "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe" - 532
      328 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe - System - Normal - WLIDSvcM.exe 1896 - 1896
      2120 | C:\Windows\system32\WUDFHost.exe - LOCAL SERVICE - Normal - "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e52d151f-8b01-454f-b3bb-d7641f41831b -SystemEventPortName:HostProcess-94890e24-37c4-4ba8-b762-4720c551c848 -IoCancelEventPortName:HostProcess-799bf959-0c5e-4212-8e1b-751739610050 -NonStateChangingEventPortName:HostProcess-dd3ab813-60ea-436f-86a1-27e9f633aad1 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a6135f2a-94de-4b77-84f9-fe65b1554640 - 1060
      2336 | C:\Windows\system32\taskhost.exe - roro - Normal - "taskhost.exe" - 532
      2596 | C:\Windows\system32\Dwm.exe - roro - High - "C:\Windows\system32\Dwm.exe" - 1060
      2844 | C:\Program Files\Microsoft Security Client\msseces.exe - roro - Normal - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey - 2672
      2864 | C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe - roro - Normal - "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s - 2672
      2876 | C:\Program Files\Common Files\Java\Java Update\jusched.exe - roro - Normal - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" - 2672
      2912 | C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - roro - Normal - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" - 2672
      2056 | C:\Windows\system32\svchost.exe - NETWORK SERVICE - Normal - C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted - 532
      2364 | C:\Windows\system32\SearchIndexer.exe - System - Normal - C:\Windows\system32\SearchIndexer.exe /Embedding - 532
      2712 | C:\Program Files\Windows Media Player\wmpnetwk.exe - NETWORK SERVICE - Normal - "C:\Program Files\Windows Media Player\wmpnetwk.exe" - 532
      4020 | C:\Windows\System32\svchost.exe - LOCAL SERVICE - Normal - C:\Windows\System32\svchost.exe -k LocalServicePeerNet - 532
      1480 | C:\Windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe - roro - Normal - C:\Windows\system32\Macromed\Flash\FlashUtil10x_ActiveX.exe -Embedding - 708
      904 | C:\Program Files\Java\jre6\bin\javaw.exe - roro - Normal - javaw -Xmx1024m -Dsun.java2d.noddraw=true -Dsun.java2d.d3d=false -Dsun.java2d.opengl=false -Dsun.java2d.pmoffscreen=false -classpath /C:/Users/roro/Desktop/minecraft.jar net.minecraft.LauncherFrame - 2644
      2428 | C:\Users\roro\Downloads\Pre_Scan.exe - roro - High - "C:\Users\roro\Downloads\Pre_Scan.exe" - 2672
      676 | C:\Windows\System32\rundll32.exe - roro - Normal - C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding - 708
      4256 | C:\Windows\system32\cmd.exe - roro - Normal - cmd /c ""C:\Kill'em\Pv.bat" " - 2428
      5788 | C:\Windows\system32\conhost.exe - roro - Normal - \??\C:\Windows\system32\conhost.exe "2191158371818189802-1355157755430114271-1762945211-961685061175364448-1031713606 - 492
      1944 | C:\Kill'em\Pv.exe - roro - Normal - C:\Kill'em\pv.exe -o"%i | %f - %u - %p - %l - %r" - 4256

      ¤¤¤¤¤¤¤¤¤¤ Main start before deletion

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      "Steam"="C:\Program Files\Steam\Steam.exe" -silent
      "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe /c

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
      "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
      "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
      "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

      [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

      [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

      [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

      ¤¤¤¤¤¤¤¤¤¤ Other Silent Starts


      ¤


      ¤

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
      "{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=0x00
      "{249d74a3-bd19-4657-b6ce-e62f480a20de}"=IncrediMail MediaBar French 2 Toolbar


      ¤

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
      "{00C6D95F-329C-409a-81D7-C46C66EA7F33}"=
      "{80009818-f38f-4af1-87b5-eadab9433e58}"=MF ADTS Property Handler
      "{09A47860-11B0-4DA5-AFA5-26D86198A780}"=EPP
      "{A70C977A-BF00-412C-90B7-034C51DA2439}"=NvCpl DesktopContext Class
      "{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}"=NVIDIA Play On My TV Context Menu Extension
      "{08165EA0-E946-11CF-9C87-00AA005127ED}"=WebCheckWebCrawler
      "{F5175861-2688-11d0-9C5E-00AA00A45957}"=Subscription Folder
      "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"=WebCheck
      "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"=Code Download Agent
      "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"=Subscription Mgr
      "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"=WebCheck SyncMgr Handler
      "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"=WinRAR shell extension

      ¤¤¤¤¤¤¤¤¤¤ BHO

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] | (Adobe PDF Link Helper) -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [09/05/2011|19:04:56]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{249d74a3-bd19-4657-b6ce-e62f480a20de}] | (IncrediMail MediaBar French 2 Toolbar) -> C:\Program Files\IncrediMail_MediaBar_French_2\prxtbIncr.dll [09/05/2011|11:49:38]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] | (Windows Live ID Sign-in Helper) -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [21/09/2010|14:08:38]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] | (Google Toolbar Helper) -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [30/05/2011|17:43:41]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] | (Java(tm) Plug-In 2 SSV Helper) -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [20/06/2011|20:22:27]

      ¤¤¤¤¤¤¤¤¤¤ ActiveX

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | WMPACCESS -> Microsoft Windows Media Player
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] | IEACCESS -> Internet Explorer
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] | BRANDING.CAB -> Browser Customizations
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] | JAVAVM -> Java (Sun)
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] | -> Microsoft Windows Media Player 12.0
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] | Theme Component -> Themes Setup
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] | MobilePk -> Offline Browsing Pack
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3C3901C5-3455-3E0A-A214-0B093A5070A6}] | .NETFramework -> .NET Framework
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] | MailNews -> Microsoft Windows
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] | DirectDrawEx -> DirectDrawEx
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] | HelpCont -> Internet Explorer Help
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] | MSVBScript -> Microsoft Windows Script 5.6
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] | GenSetup -> Internet Explorer Setup Tools
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] | ExtraPack -> Browsing Enhancements
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] | Microsoft Windows Media Player -> Microsoft Windows Media Player
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] | MSN_Auth -> MSN Site Access
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] | -> Address Book 7
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] | .NETFramework -> .NET Framework
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] | IE4_SHELLID -> Windows Desktop Update
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] | BASEIE40_W2K -> Web Platform Customizations
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] | DOTNETFRAMEWORKS ->
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] | Tridata -> Dynamic HTML Data Binding
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD}] | .NETFramework -> .NET Framework
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] | Fontcore -> Internet Explorer Core Fonts
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] | HTMLHelp -> HTML Help
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] | ADSI -> Active Directory Service Interface

      ¤¤¤¤¤¤¤¤¤¤ AppPaths

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AcroRd32.exe] -> C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe [09/05/2011|19:04:56]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\BF1942.exe] -> C:\Program Files\EA GAMES\Battlefield 1942\bf1942.exe [28/07/2011|19:04:18]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe] ->
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\dvdmaker.exe] -> %ProgramFiles%\DVD Maker\dvdmaker.exe
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FPSCreator.exe] -> C:\Program Files\The Game Creators\FPS Creator\FPSCreator.exe [24/07/2011|11:49:08]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\fsquirt.exe] ->
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEDIAGCMD.EXE] -> C:\Program Files\Internet Explorer\IEDIAGCMD.EXE [20/06/2011|18:22:36]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE] -> C:\Program Files\Internet Explorer\IEXPLORE.EXE [20/06/2011|18:22:36]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImBpp.exe] -> C:\Program Files\IncrediMail\Bin\ImBpp.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImLc.exe] -> C:\Program Files\IncrediMail\Bin\ImLc.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImLcU.exe] -> C:\Program Files\IncrediMail\Bin\ImLc.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImLpp.exe] -> C:\Program Files\IncrediMail\Bin\ImLpp.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImPackr.exe] -> C:\Program Files\IncrediMail\Bin\impackr.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\impackrU.exe] -> C:\Program Files\IncrediMail\Bin\impackr.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImpCnt.exe] -> C:\Program Files\IncrediMail\Bin\ImpCnt.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImpCntU.exe] -> C:\Program Files\IncrediMail\Bin\ImpCnt.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImpContent.exe] -> C:\Program Files\IncrediMail\Bin\ImpCnt.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ImSetup.exe] -> C:\Program Files\IncrediMail\Bin\ImSetup.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IncMail.exe] -> C:\Program Files\IncrediMail\Bin\IncMail.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IncMailU.exe] -> C:\Program Files\IncrediMail\Bin\IncMail.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IncrediMail.exe] -> C:\Program Files\IncrediMail\Bin\IncMail.exe [29/09/2011|14:31:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\install.exe] ->
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaws.exe] -> C:\Program Files\Java\jre6\bin\javaws.exe [20/06/2011|20:22:26]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Journal.exe] -> %ProgramFiles%\Windows Journal\Journal.exe
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\migwiz.exe] ->
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mip.exe] -> %CommonProgramFiles%\Microsoft Shared\Ink\mip.exe
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MOHAA.exe] -> C:\Program Files\EA GAMES\MOHDA\MOHAA.exe [22/06/2011|18:18:45]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\moh_breakthrough.exe] -> C:\Program Files\EA GAMES\MOHDA\moh_breakthrough.exe [22/06/2011|18:37:09]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\moh_spearhead.exe] -> C:\Program Files\EA GAMES\MOHDA\moh_spearhead.exe [22/06/2011|18:30:52]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mplayer2.exe] -> %ProgramFiles%\Windows Media Player\wmplayer.exe
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pbrush.exe] -> %SystemRoot%\System32\mspaint.exe
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PictureViewer.exe] -> C:\Program Files\QuickTime\PictureViewer.exe [05/07/2011|18:36:36]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\pnac.exe] -> C:\Program Files\Photo Notifier and Animation Creator\Application\Bin\pnac.exe [23/12/2010|09:02:18]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PowerShell.exe] -> %SystemRoot%\system32\WindowsPowerShell\v1.0\PowerShell.exe
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QuickTimePlayer.exe] -> C:\Program Files\QuickTime\QuickTimePlayer.exe [05/07/2011|19:13:08]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\setup.exe] ->
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sidebar.exe] -> "%ProgramFiles%\Windows Sidebar\sidebar.exe"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SnippingTool.exe] -> %SystemRoot%\system32\SnippingTool.exe
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\table30.exe] ->
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\TabTip.exe] -> %CommonProgramFiles%\microsoft shared\ink\TabTip.exe
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wab.exe] -> %ProgramFiles%\Windows Mail\wab.exe
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wabmig.exe] -> %ProgramFiles%\Windows Mail\wabmig.exe
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinRAR.exe] -> C:\Program Files\WinRAR\WinRAR.exe [20/06/2011|21:02:59]
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wmplayer.exe] -> %ProgramFiles%\Windows Media Player\wmplayer.exe
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WORDPAD.EXE] -> "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WRITE.EXE] -> "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"

      ¤¤¤¤¤¤¤¤¤¤ Windows

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLS"=
      "LoadAppInit_DLLs"=0

      ¤¤¤¤¤¤¤¤¤¤ Winlogon


      ¤

      [HKLM | Winlogon] | Shell: explorer.exe
      [HKLM | Winlogon] | AutoRestartShell: 1
      [HKLM | Winlogon] | userinit: C:\Windows\system32\userinit.exe,
      [HKLM | Winlogon] | PowerDownAfterShutdown: 0 -> 1
      [HKLM | Winlogon] | System:

      ¤¤¤¤¤¤¤¤¤¤ Winlogon\Notify

      [.exe]: exefile
      [exefile | command]: "%1" %*
      [.com]: comfile
      [comfile | command]: "%1" %*
      [.reg]: regfile
      [regfile | command]: regedit.exe "%1"
      [.scr]: scrfile
      [scrfile | command]: "%1" /S
      [.bat]: batfile
      0
  8. g3n-h@ckm@n
     
    uninstall this :

    IncrediMail_MediaBar_Francais_2
    windows search qu toolbar if present

    drag any file icon onto Pre_scan, pre_script will appear

    Run Pre_script, a blank page will open.

    select all the bold text below, then (right-click/copy or ctrl+c) :
    ___________________________________________________
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"=-
    [-HKEY_LOCAL_MACHINE\Software\BrowserChoice]
    [-HKEY_LOCAL_MACHINE\Software\IncrediMail_MediaBar_Francais_2]

    file::
    C:\Users\roro\AppData\Roaming\chrtmp
    C:\Users\roro\AppData\Local\http_www.flickr.com_0
    C:\Users\roro\AppData\Local\Databases.db

    folder::
    C:\Users\roro\AppData\Local\http_www.flickr.com_0
    C:\ProgramData\Spybot - Search & Destroy
    C:\Program Files\Conduit
    C:\Program Files\Spybot - Search & Destroy
    C:\Program Files\Windows Searchqu Toolbar

    attrib::

    ___________________________________________________

    then paste it (right-click/paste or ctrl+V) into the blank page.

    then file tab => save (not save as...) , then close the text

    black windows may flicker, this is normal, the program is working

    Pre_Script.txt will appear on the desktop at the end of the work

    if your desktop does not reappear => ctrl+alt+del, task manager => file tab => new task then type explorer
    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      I didn't understand how to get pre-script, could you explain it again please?
      0
    2. toxic512008 Posted messages 158 Status Member 23
       
      Pré-script find UPDATE
      0
    3. toxic512008 Posted messages 158 Status Member 23
       
      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 1.0.2.92 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

      ¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

      Update: 08/10/2011 | 14.00 By g3n-h@ckm@n
      User: roro (Administrators)
      Computer: RORO-PC
      Operating System: Windows 7 Home Premium (32 bits)
      Internet Explorer: 9.0.8112.16421
      Mozilla Firefox:

      Possible switches:

      processes:: | file:: | folder:: | Registry::
      Driver:: | replace:: | DNS:: | Command::
      attrib:: | txt:: | Host:: | NsLook::
      list:: | IP:: | ADS:: | Kill::

      Script: 18:36:19

      ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


      Registry modification completed

      ¤

      Deleted: C:\Users\roro\AppData\Roaming\chrtmp
      Not Deleted: C:\Users\roro\AppData\Local\http_www.flickr.com_0
      Deleted: C:\Users\roro\AppData\Local\Databases.db

      ¤

      Deleted: C:\Users\roro\AppData\Local\http_www.flickr.com_0
      Deleted: C:\ProgramData\Spybot - Search & Destroy
      Deleted: C:\Program Files\Conduit
      Deleted: C:\Program Files\Spybot - Search & Destroy
      Deleted: C:\Program Files\Windows Searchqu Toolbar

      ¤

      End: 18:36:22

      ¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
      0
  9. g3n-h@ckm@n
     
    ▶ Download here: USBFIX on your desktop

    plug in all your USB peripherals without opening them

    /!\ Temporarily disable only while using USBFIX the real-time protection of your Antivirus and Antispyware, which can significantly interfere with the search and cleaning procedure of the tool.

    if you have XP => double click
    if you have Vista or Windows 7 => right-click "run as...."


    on the Usbfix icon located on your Desktop.
    On the page, click on the button:

    ▶ choose the Deletion option

    ▶ UsbFix will scan your pc, let the tool work.

    ▶ Then post the UsbFix.txt report that will appear on the desktop.

    ▶ Note: The UsbFix.txt report is saved at the root of the drive. (C:\UsbFix.txt)

    ( CTRL+A to select all, CTRL+C to copy and CTRL+V to paste )

    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      ############################## | UsbFix V 7.061 | [Removal]

      User: roro (Administrator) # RORO-PC
      Updated on 05/10/2011 by El Desaparecido
      Launched at 17:53:19 | 11/10/2011

      Website: https://www.sosvirus.net/
      Suspect file? : http://eldesaparecido.com/support.php
      Contact: contact@eldesaparecido.com

      PC: MSI (MS-7309) (X86-based PC) # Desktop Computer
      CPU: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ (2210)
      RAM -> [ Total : 2047 | Free : 1193 ]
      BIOS: Default System BIOS
      BOOT: Normal boot

      OS: Microsoft Windows 7 Home Premium Edition (6.1.7601 32-Bit) # Service Pack 1
      WB: Windows Internet Explorer 9.0.8112.16421

      SC: Security Center Service [ Enabled ]
      WU: Windows Update Service [ Enabled ]
      AV: Microsoft Security Essentials [ (!) Disabled | Updated ]
      FW: Windows FireWall Service [ Enabled ]

      C:\ (%systemdrive%) -> Hard Drive # 233 GB (155 GB free - 67%) [] # NTFS
      D:\ -> CD-ROM

      ################## | Active Processes |

      C:\Windows\system32\csrss.exe (420)
      C:\Windows\system32\wininit.exe (472)
      C:\Windows\system32\csrss.exe (488)
      C:\Windows\system32\services.exe (528)
      C:\Windows\system32\lsass.exe (552)
      C:\Windows\system32\lsm.exe (560)
      C:\Windows\system32\winlogon.exe (620)
      C:\Windows\system32\svchost.exe (704)
      C:\Windows\system32\svchost.exe (804)
      C:\Windows\System32\svchost.exe (980)
      C:\Windows\System32\svchost.exe (1016)
      C:\Windows\system32\svchost.exe (1048)
      C:\Windows\system32\svchost.exe (1200)
      C:\Windows\system32\svchost.exe (1360)
      C:\Windows\system32\svchost.exe (1660)
      C:\Windows\System32\svchost.exe (1776)
      C:\Windows\system32\svchost.exe (1816)
      C:\Windows\System32\svchost.exe (1912)
      C:\Windows\system32\svchost.exe (2576)
      C:\Windows\system32\Dwm.exe (1248)
      C:\Windows\System32\svchost.exe (896)
      C:\Windows\system32\wbem\wmiprvse.exe (4676)
      C:\Windows\system32\WUDFHost.exe (2416)
      C:\Windows\System32\rundll32.exe (3852)
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (5016)
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (5884)
      c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (484)
      C:\Windows\system32\SearchIndexer.exe (5708)
      C:\Windows\System32\spoolsv.exe (3680)
      C:\Program Files\Internet Explorer\iexplore.exe (5124)
      C:\Windows\Explorer.exe (5736)
      C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (4544)
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (4604)
      C:\Program Files\Internet Explorer\iexplore.exe (2848)
      C:\UsbFix\Go.exe (6096)
      C:\Windows\system32\wbem\wmiprvse.exe (2268)

      ################## | Stopped Processes |

      Stopped! C:\Windows\system32\WUDFHost.exe (2416)
      Stopped! C:\Windows\System32\rundll32.exe (3852)
      Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (5016)
      Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (5884)
      Stopped! c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (484)
      Stopped! C:\Windows\system32\SearchIndexer.exe (5708)
      Stopped! C:\Windows\System32\spoolsv.exe (3680)
      Stopped! C:\Program Files\Internet Explorer\iexplore.exe (5124)
      Stopped! C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (4544)
      Stopped! C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (4604)
      Stopped! C:\Program Files\Internet Explorer\iexplore.exe (2848)

      ################## | Infectious Items |

      Deleted! C:\$RECYCLE.BIN\S-1-5-21-1913976771-3513930833-1953101718-1001

      (!) Temporary files deleted.

      ################## | Registry |


      ################## | Mountpoints2 |


      ################## | Listing |

      [11/10/2011 - 17:53:46 | SHD ] C:\$Recycle.Bin
      [10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat
      [11/10/2011 - 17:48:46 | RASHD ] C:\Autorun.inf
      [10/06/2009 - 23:42:20 | N | 10] C:\config.sys
      [17/09/2011 - 14:04:38 | D ] C:\CreeperTools
      [14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings
      [11/10/2011 - 16:51:21 | ASH | 1610162176] C:\hiberfil.sys
      [10/10/2011 - 18:57:45 | D ] C:\Kill'em
      [11/10/2011 - 16:51:23 | ASH | 2146885632] C:\pagefile.sys
      [14/07/2009 - 04:37:05 | D ] C:\PerfLogs
      [10/10/2011 - 18:36:22 | D ] C:\Program Files
      [10/10/2011 - 18:36:21 | HD ] C:\ProgramData
      [07/09/2011 - 12:54:27 | SHD ] C:\Recovery
      [08/10/2011 - 20:26:39 | SHD ] C:\System Volume Information
      [11/10/2011 - 17:53:46 | D ] C:\UsbFix
      [11/10/2011 - 17:53:32 | A | 4451] C:\UsbFix.txt
      [11/10/2011 - 17:48:49 | N | 3796] C:\UsbFix_Upload_Me_RORO-PC.zip
      [30/05/2011 - 17:33:14 | D ] C:\Users
      [05/08/2011 - 12:02:57 | D ] C:\Valve
      [05/10/2011 - 14:10:27 | D ] C:\Windows

      ################## | Vaccine |

      C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

      ################## | Upload |

      Please send the file: C:\UsbFix_Upload_Me_RORO-PC.zip
      http://eldesaparecido.com/support.php
      Thank you for your contribution.

      ################## | E.O.F |
      0
  10. g3n-h@ckm@n
     
    Download here: OTL

    save it on your Desktop.

    if you have XP => double click
    if you have Vista or Windows 7 => right click "run as...."


    on OTL.exe to launch it.

    > Click here to see the Configuration

    ▶ Copy and paste the content of the following in bold in the lower part of OTL "Customization"

    netsvcs
    safebootminimal
    safebootnetwork
    %systemroot%\system32\config\*.exe /s
    %systemroot%\system32\*.sys
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s


    ▶ Click on Analyze.

    At the end of the scan, Notepad will open with the report (OTL.txt).

    This file is on your Desktop (generally C:\Documents and settings\your_username\OTL.txt)

    ▶▶▶ DO NOT POST IT ON THE FORUM (it is too long)

    To send it to me click on this link: http://www.cijoint.fr/

    ▶ Click on Browse and find the file mentioned above.

    ▶ Click on Open.

    ▶ Click on "Click here to upload the file".

    just at the button, at the end of the file upload, a link of this form will appear:

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    ▶ Copy this link in your reply.

    ▶▶ You will do the same with the "Extra.txt" which should also be on your desktop.

    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_development_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      OTL Extras logfile created on: 12/10/2011 13:46:41 - Run 1
      OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\roro\Downloads
      Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

      2.00 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.50% Memory free
      4.00 Gb Paging File | 3.02 Gb Available in Paging File | 75.60% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 232.79 Gb Total Space | 155.09 Gb Free Space | 66.62% Space Free | Partition Type: NTFS

      Computer Name: RORO-PC | User Name: roro | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      [color=#E56717]========== Extra Registry (SafeList) ==========[/color]


      [color=#E56717]========== File Associations ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
      .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
      .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

      [color=#E56717]========== Shell Spawning ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
      batfile [open] -- "%1" %*
      cmdfile [open] -- "%1" %*
      comfile [open] -- "%1" %*
      cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
      exefile [open] -- "%1" %*
      helpfile [open] -- Reg Error: Key error.
      hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
      htmlfile [edit] -- Reg Error: Key error.
      htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
      inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
      piffile [open] -- "%1" %*
      regfile [merge] -- Reg Error: Key error.
      scrfile [config] -- "%1"
      scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
      scrfile [open] -- "%1" /S
      txtfile [edit] -- Reg Error: Key error.
      Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
      Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
      Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
      Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
      Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
      Folder [open] -- C:\Windows\explorer.exe (Microsoft Corporation)
      Folder [explore] -- Reg Error: Value error.
      Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

      [color=#E56717]========== Security Center Settings ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
      "cval" = 1

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
      "VistaSp1" = Reg Error: Unknown registry data type -- File not found
      "AntiVirusOverride" = 0
      "AntiSpywareOverride" = 0
      "FirewallOverride" = 0

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

      [color=#E56717]========== Firewall Settings ==========[/color]

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
      "DisableNotifications" = 0
      "EnableFirewall" = 1

      [color=#E56717]========== Authorized Applications List ==========[/color]


      [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
      "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
      "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
      "{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor débarquement allié
      "{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
      "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
      "{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}" = MOH Débarquement allié En Formation Patch 2.15
      "{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE
      "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
      "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
      "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
      "{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}" = Microsoft Antimalware Service FR-FR Language Pack
      "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
      "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
      "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client FR-FR Language Pack
      "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
      "{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}" = IncrediMail
      "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
      "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
      "{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
      0
    2. toxic512008 Posted messages 158 Status Member 23
       
      ``` ""{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}"" = Apple Application Support
      ""{6B7F28D4-160E-40C6-B7C8-5EC6B9734DA7}"" = Photo Notifier and Animation Creator
      ""{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}"" = Microsoft Visual C++ 2005 Redistributable
      ""{72604C30-CBD2-4917-9AB5-4274747F3269}_is1"" = CreeperTools version 0.2
      ""{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}"" = Apple Software Update
      ""{7914BE1E-F186-4790-B8F4-9F63C52A41C1}"" = Medal of Honor Allied Assault(tm) In Training
      ""{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}"" = NVIDIA ForceWare Network Access Manager
      ""{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}"" = Medal of Honor Allied Assault(tm) The Offensive
      ""{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"" = Microsoft Silverlight
      ""{9A25302D-30C0-39D9-BD6F-21E6EC160475}"" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
      ""{9BE518E6-ECC6-35A9-88E4-87755C07200F}"" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
      ""{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}"" = Google Update Helper
      ""{AC76BA86-7AD7-1036-7B44-AA1000000001}"" = Adobe Reader X (10.1.1) - French
      ""{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision"" = NVIDIA 3D Vision Driver 266.71
      ""{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel"" = NVIDIA Control Panel 266.71
      ""{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver"" = NVIDIA Graphics Driver 266.71
      ""{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX"" = NVIDIA PhysX System Software 9.10.0514
      ""{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver"" = NVIDIA HD Audio Driver: 1.1.13.1
      ""{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer"" = NVIDIA Install Application
      ""{B91E4360-298A-4306-9E95-9AD91A0952A1}"" = FPS Creator
      ""{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}"" = NVIDIA PhysX
      ""{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}"" = Medal of Honor Allied Assault In Training
      ""{C9E14402-3631-4182-B377-6B0DFB1C0339}"" = QuickTime
      ""{DF9046D6-5F1F-40B6-9782-3DC2D902D391}"" = Medal of Honor Allied Assault(tm) The Offensive v2.40 Patch
      ""{E1019541-10A2-464F-A23E-A4F23DA65160}"" = Mumble 1.2.3
      ""{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"" = Realtek High Definition Audio Driver
      ""{FDB3B167-F4FA-461D-976F-286304A57B2A}"" = Adobe AIR
      ""Adobe AIR"" = Adobe AIR
      ""Adobe Flash Player ActiveX"" = Adobe Flash Player 10 ActiveX
      ""Adobe Shockwave Player"" = Adobe Shockwave Player 11.6
      ""Akamai"" = Akamai NetSession Interface
      ""Black Prophecy_is1"" = Black Prophecy
      ""Call of Duty Game of the Year Edition"" = Call of Duty Game of the Year Edition
      ""Counter-Strike: Condition Zero"" = Counter-Strike: Condition Zero
      ""GameSpy Arcade"" = GameSpy Arcade
      ""IncrediMail"" = IncrediMail 2.0
      ""IncrediMail_MediaBar_Francais_2 Toolbar"" = IncrediMail MediaBar French 2 Toolbar
      ""Microsoft .NET Framework 4 Client Profile"" = Microsoft .NET Framework 4 Client Profile
      ""Microsoft .NET Framework 4 Client Profile FRA Language Pack"" = Microsoft .NET Framework 4 Client Profile FRA Language Module
      ""Microsoft .NET Framework 4 Extended"" = Microsoft .NET Framework 4 Extended
      ""Microsoft Security Client"" = Microsoft Security Essentials
      ""NVIDIA Drivers"" = NVIDIA Drivers
      ""Photo Notifier and Animation Creator"" = Photo Notifier and Animation Creator
      ""SecondLifeViewer2"" = SecondLifeViewer2 (remove only)
      ""Steam App 1200"" = Red Orchestra: Ostfront 41-45
      ""Steam App 1220"" = RedOrchestra SDK Beta
      ""Steam App 1230"" = Mare Nostrum
      ""Steam App 1280"" = Darkest Hour: Europe '44-'45
      ""Steam App 1290"" = Darkest Hour Server
      ""Steam App 220"" = Half-Life 2
      ""Steam App 380"" = Half-Life 2: Episode One
      ""Steam App 4000"" = Garry's Mod
      ""Steam App 420"" = Half-Life 2: Episode Two
      ""Steam App 440"" = Team Fortress 2
      ""Usbfix"" = UsbFix By El Desaparecido
      ""VLC media player"" = VLC media player 1.1.10
      ""WinRAR archiver"" = WinRAR 4.01 (32-bit)

      [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========/color

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
      ""TeamSpeak 3 Client"" = TeamSpeak 3 Client
      ""Winamp Detect"" = Winamp Application Detection

      [color=#E56717]========== Last 10 Event Log Errors ==========/color

      [ Application Events ]
      Error - 06/10/2011 15:12:30 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
      Description =

      Error - 07/10/2011 07:18:50 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
      Description =

      Error - 07/10/2011 07:20:31 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
      Description =

      Error - 07/10/2011 07:22:13 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
      Description =

      Error - 07/10/2011 07:23:38 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
      Description =

      Error - 07/10/2011 07:25:20 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
      Description =

      Error - 07/10/2011 07:27:24 | Computer Name = roro-PC | Source = .NET Runtime Optimization Service | ID = 1101
      Description =

      Error - 07/10/2011 14:26:05 | Computer Name = roro-PC | Source = SideBySide | ID = 16842824
      Description = The activation context creation failed for "c:\program files\microsoft
      security client\MSESysprep.dll". Error in the manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" at line 10. The element < imaging > appears as a child of the element urn:schemas-microsoft-com:asm.v1^assembly;
      this situation is not supported by this version of Windows.

      Error - 09/10/2011 07:36:47 | Computer Name = roro-PC | Source = SideBySide | ID = 16842824
      Description = The activation context creation failed for "c:\program files\microsoft
      security client\MSESysprep.dll". Error in the manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" at line 10. The element < imaging > appears as a child of the element urn:schemas-microsoft-com:asm.v1^assembly;
      this situation is not supported by this version of Windows.

      Error - 10/10/2011 11:20:26 | Computer Name = roro-PC | Source = Application Error | ID = 1000
      Description = Faulting application name ImApp.exe, version: 6.2.9.5079,
      timestamp: 0x4e5d1935 Faulting module name: unknown, version: 0.0.0.0, timestamp
      : 0x00000000 Exception code: 0xc0000005 Offset: 0x005c0061 Faulting process ID: 0xd38 Time of faulting application start: 0x01cc8760100da690
      Faulting application path: C:\Program Files\IncrediMail\Bin\ImApp.exe
      Faulting module path: unknown Report ID: 60aa2790-f353-11e0-90f7-001d92292217

      [ System Events ]
      Error - 10/10/2011 14:52:28 | Computer Name = roro-PC | Source = Service Control Manager | ID = 7024
      Description = The HomeGroup Listener service has stopped with the specific service error
      %%-2147467262.

      Error - 10/10/2011 14:52:41 | Computer Name = roro-PC | Source = WMPNetworkSvc | ID = 866292
      Description =

      Error - 10/10/2011 15:02:46 | Computer Name = roro-PC | Source = Microsoft Antimalware | ID = 3002
      Description = The real-time protection feature %%860 encountered an
      error and has stopped. Feature: %%886 Error code: 0x800705b4 Error
      description: This operation ended because the timeout period expired. Reason:
      %%858

      Error - 11/10/2011 01:08:33 | Computer Name = roro-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
      Description = Some power management features related to
      processor performance have been disabled due to a known issue with
      the firmware. Contact the computer manufacturer for the firmware update.

      Error - 11/10/2011 01:08:47 | Computer Name = roro-PC | Source = Service Control Manager | ID = 7000
      Description = The Intel AGP Bus Filter service failed to start due to the error: %%1058

      Error - 11/10/2011 01:08:54 | Computer Name = roro-PC | Source = Microsoft Antimalware | ID = 3002
      Description = The real-time protection feature %%860 encountered an
      error and has stopped. Feature: %%886 Error code: 0x800705b4 Error
      description: This operation ended because the timeout period expired. Reason:
      %%892

      Error - 11/10/2011 01:09:11 | Computer Name = roro-PC | Source = WMPNetworkSvc | ID = 866292
      Description =

      Error - 11/10/2011 01:09:12 | Computer Name = roro-PC | Source = Service Control Manager | ID = 7024
      Description = The HomeGroup Listener service has stopped with the specific service error
      %%-2147467262.

      Error - 11/10/2011 01:10:51 | Computer Name = roro-PC | Source = WMPNetworkSvc | ID = 866292
      Description =

      Error - 11/10/2011 10:51:20 | Computer Name = roro-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
      Description = Some power management features related to
      processor performance have been disabled due to a known issue with
      the firmware. Contact the computer manufacturer for the firmware update.


      < End of report > ```
      0
    3. toxic512008 Posted messages 158 Status Member 23
       
      OTL logfile created on: 12/10/2011 13:46:41 - Run 1
      OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\roro\Downloads
      Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
      Internet Explorer (Version = 9.0.8112.16421)
      Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

      2,00 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,50% Memory free
      4,00 Gb Paging File | 3,02 Gb Available in Paging File | 75,60% Paging File free
      Paging file location(s): ?:\pagefile.sys [binary data]

      %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
      Drive C: | 232,79 Gb Total Space | 155,09 Gb Free Space | 66,62% Space Free | Partition Type: NTFS

      Computer Name: RORO-PC | User Name: roro | Logged in as Administrator.
      Boot Mode: Normal | Scan Mode: Current user
      Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

      [color=#E56717]========== Processes (SafeList) ==========/color

      PRC - [2011/10/12 13:46:08 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\roro\Downloads\OTL.exe
      PRC - [2011/07/26 15:53:06 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
      PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
      PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
      PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
      PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
      PRC - [2011/01/16 17:04:04 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
      PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
      PRC - [2010/01/21 01:52:14 | 000,167,528 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
      PRC - [2010/01/21 01:52:12 | 000,370,792 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe


      [color=#E56717]========== Modules (No Company Name) ==========/color


      [color=#E56717]========== Win32 Services (SafeList) ==========/color

      SRV - [2011/09/29 14:30:14 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
      SRV - [2011/09/23 13:04:10 | 003,542,616 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_b31de1e.dll -- (Akamai)
      SRV - [2011/06/20 17:58:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
      SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
      SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
      SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
      SRV - [2010/01/21 01:52:14 | 000,167,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
      SRV - [2010/01/21 01:52:12 | 000,370,792 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
      SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
      SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


      [color=#E56717]========== Driver Services (SafeList) ==========/color

      DRV - [2011/10/12 13:43:52 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0CC7FFBD-4931-476A-A12B-9600DED6ED50}\MpKsl4fcea588.sys -- (MpKsl4fcea588)
      DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
      DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
      DRV - [2011/01/17 01:53:00 | 010,480,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
      DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
      DRV - [2010/11/12 09:10:52 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
      DRV - [2010/08/12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
      DRV - [2010/04/09 02:32:36 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
      DRV - [2009/07/14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
      DRV - [2009/03/18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)


      [color=#E56717]========== Standard Registry (SafeList) ==========/color


      [color=#E56717]========== Internet Explorer ==========/color

      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://www.bing.com/spresults.aspx
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
      IE - HKLM\..\URLSearchHook: {249d74a3-bd19-4657-b6ce-e62f480a20de} - C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll (Conduit Ltd.)

      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://www.msn.com/fr-fr?ocid=iehp
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 68 47 1B E0 1E CC 01 [binary data]
      IE - HKCU\..\URLSearchHook: {249d74a3-bd19-4657-b6ce-e62f480a20de} - C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll (Conduit Ltd.)
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

      FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
      FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



      O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
      O2 - BHO: (IncrediMail MediaBar Francais 2 Toolbar) - {249d74a3-bd19-4657-b6ce-e62f480a20de} - C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (IncrediMail MediaBar Francais 2 Toolbar) - {249d74a3-bd19-4657-b6ce-e62f480a20de} - C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll (Conduit Ltd.)
      O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
      O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
      O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
      O4 - Startup: C:\Users\roro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = File not found
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
      O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
      O13 - gopher Prefix: missing
      O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
      O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
      O16 - DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} https://fr.permissionresearch.com/Config/packages/pr/prsetup.cab (Setup Class)
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4D0BFCC-E92D-4CFE-A71E-460EAEC9BBD2}: DhcpNameServer = 212.27.40.240 212.27.40.241
      O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O32 - HKLM CDRom: AutoRun - 1
      O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
      O32 - AutoRun File - [2011/10/11 17:54:48 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ]
      O34 - HKLM BootExecute: (autocheck autochk *)
      O35 - HKLM\..comfile [open] -- "%1" %*
      O35 - HKLM\..exefile [open] -- "%1" %*
      O37 - HKLM\...com [@ = comfile] -- "%1" %*
      O37 - HKLM\...exe [@ = exefile] -- "%1" %*

      NetSvcs: FastUserSwitchingCompatibility - File not found
      NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
      NetSvcs: Nla - File not found
      NetSvcs: Ntmssvc - File not found
      NetSvcs: NWCWorkstation - File not found
      NetSvcs: Nwsapagent - File not found
      NetSvcs: SRService - File not found
      NetSvcs: WmdmPmSp - File not found
      NetSvcs: LogonHours - File not found
      NetSvcs: PCAudit - File not found
      NetSvcs: helpsvc - File not found
      NetSvcs: uploadmgr - File not found

      SafeBootMin: AppMgmt - Service
      SafeBootMin: Base - Driver Group
      SafeBootMin: Boot Bus Extender - Driver Group
      SafeBootMin: Boot file system - Driver Group
      SafeBootMin: File system - Driver Group
      SafeBootMin: Filter - Driver Group
      SafeBootMin: HelpSvc - Service
      SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
      SafeBootMin: NTDS - File not found
      SafeBootMin: PCI Configuration - Driver Group
      SafeBootMin: PNP Filter - Driver Group
      SafeBootMin: Primary disk - Driver Group
      SafeBootMin: sacsvr - Service
      SafeBootMin: SCSI Class - Driver Group
      SafeBootMin: System Bus Extender - Driver Group
      SafeBootMin: vmms - Service
      SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
      SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
      SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
      SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
      SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
      SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
      SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
      SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
      SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
      SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
      SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
      SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
      SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
      SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
      SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
      SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
      SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
      SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

      SafeBootNet: AppMgmt - Service
      SafeBootNet: Base - Driver Group
      SafeBootNet: Boot Bus Extender - Driver Group
      SafeBootNet: Boot file system - Driver Group
      SafeBootNet: File system - Driver Group
      SafeBootNet: Filter - Driver Group
      SafeBootNet: HelpSvc - Service
      SafeBootNet: Messenger - Service
      SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
      SafeBootNet: NDIS Wrapper - Driver Group
      SafeBootNet: NetBIOSGroup - Driver Group
      SafeBootNet: NetDDEGroup - Driver Group
      SafeBootNet: Network - Driver Group
      SafeBootNet: NetworkProvider - Driver Group
      SafeBootNet: NTDS - File not found
      0
    4. toxic512008 Posted messages 158 Status Member 23
       
      SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Contrôleur de disquette standard
      SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
      SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Clavier
      SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Souris
      SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Réseau
      SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - ClientRéseau
      SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - ServiceRéseau
      SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - TransRéseau
      SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - Adaptateurs PCMCIA
      SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - Adaptateur SCSI
      SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - Système
      SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Unité de disquette
      SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Lecteurs de carte intelligente
      SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Copie desombres de volume
      SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - Contrôleurs hôtes de bus IEEE 1394
      SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
      SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Périphériques d'interface humaine
      SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - Dispositifs SBP2 IEEE 1394
      SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - Dispositifs de sécurité

      [color=#E56717]========== Fichiers/Dossiers - Créés dans les 30 derniers jours ==========[/color]

      [2011/10/11 17:54:48 | 000,000,000 | RHSD | C] -- C:\Autorun.inf
      [2011/10/11 17:45:23 | 000,000,000 | ---D | C] -- C:\UsbFix
      [2011/10/09 18:10:38 | 000,000,000 | ---D | C] -- C:\Kill'em
      [2011/10/03 08:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\mirware avec FreeAngel
      [2011/10/02 16:00:30 | 000,000,000 | ---D | C] -- C:\Users\roro\AppData\Roaming\Mozilla
      [2011/10/02 14:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gamigo
      [2011/10/02 14:29:53 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
      [2011/10/02 14:29:53 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
      [2011/10/02 14:29:53 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
      [2011/10/02 14:29:52 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
      [2011/10/02 14:29:52 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
      [2011/10/02 14:29:52 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
      [2011/10/02 14:29:52 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
      [2011/10/02 14:29:52 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
      [2011/10/02 14:29:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
      [2011/10/02 14:29:51 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
      [2011/10/02 14:29:51 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
      [2011/10/02 14:29:51 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
      [2011/10/02 14:29:50 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
      [2011/10/02 14:29:50 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
      [2011/10/02 14:29:50 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
      [2011/10/02 14:29:50 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
      [2011/10/02 14:29:50 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
      [2011/10/02 14:29:49 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
      [2011/10/02 14:29:49 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
      [2011/10/02 14:29:49 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
      [2011/10/02 14:29:49 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
      [2011/10/02 14:29:49 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
      [2011/10/02 14:29:48 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
      [2011/10/02 14:29:48 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
      [2011/10/02 14:29:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
      [2011/10/02 14:29:48 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
      [2011/10/02 14:29:48 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
      [2011/10/02 14:29:47 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
      [2011/10/02 14:29:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
      [2011/10/02 14:29:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
      [2011/10/02 14:29:46 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
      [2011/10/02 14:29:46 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
      [2011/10/02 14:29:46 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
      [2011/10/02 14:29:46 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
      [2011/10/02 14:29:45 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
      [2011/10/02 14:29:45 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
      [2011/10/02 14:29:45 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
      [2011/10/02 14:29:44 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
      [2011/10/02 14:29:44 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
      [2011/10/02 14:29:44 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
      [2011/10/02 14:29:44 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
      [2011/10/02 14:29:43 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
      [2011/10/02 14:29:43 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
      [2011/10/02 14:29:43 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
      [2011/10/02 14:29:43 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
      [2011/10/02 14:29:43 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
      [2011/10/02 14:29:43 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
      [2011/10/02 14:29:42 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
      [2011/10/02 14:29:42 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
      [2011/10/02 14:29:42 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
      [2011/10/02 14:29:42 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
      [2011/10/02 14:29:41 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
      [2011/10/02 14:29:41 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
      [2011/10/02 14:29:40 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
      [2011/10/02 14:29:40 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
      [2011/10/02 14:29:40 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
      [2011/10/02 14:29:40 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
      [2011/10/02 14:29:40 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
      [2011/10/02 14:29:39 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
      [2011/10/02 14:29:39 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
      [2011/10/02 14:29:39 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
      [2011/10/02 14:29:38 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
      [2011/10/02 14:29:38 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
      [2011/10/02 14:29:33 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
      [2011/10/02 14:29:33 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
      [2011/10/02 14:29:33 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
      [2011/10/02 14:29:33 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
      [2011/10/02 14:29:32 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
      [2011/10/02 14:29:32 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
      [2011/10/02 14:29:31 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
      [2011/10/02 14:29:31 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
      [2011/10/02 14:29:31 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
      [2011/10/02 14:16:41 | 000,000,000 | ---D | C] -- C:\Users\roro\AppData\Local\reakktor
      [2011/10/02 14:11:29 | 000,000,000 | ---D | C] -- C:\Users\roro\Documents\Reakktor Media
      [2011/10/02 13:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Gamigo
      [2011/09/29 14:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo Notifier and Animation Creator
      [2011/09/29 14:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator
      [2011/09/29 14:32:32 | 000,000,000 | ---D | C] -- C:\Users\roro\AppData\Local\Conduit
      [2011/09/29 14:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\IncrediMail_MediaBar_Francais_2

      [color=#E56717]========== Fichiers - Modifiés dans les 30 derniers jours ==========[/color]

      [2011/10/12 13:50:56 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      [2011/10/12 13:50:56 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      [2011/10/12 13:50:42 | 000,747,368 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
      [2011/10/12 13:50:42 | 000,654,250 | ---- | M] () -- C:\Windows\System32\perfh009.dat
      [2011/10/12 13:50:42 | 000,149,786 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
      [2011/10/12 13:50:42 | 000,122,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
      [2011/10/12 13:44:01 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
      [2011/10/12 13:43:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
      [2011/10/12 13:43:40 | 1610,162,176 | -HS- | M] () -- C:\hiberfil.sys
      [2011/10/11 21:01:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
      [2011/10/11 17:54:49 | 000,003,383 | ---- | M] () -- C:\UsbFix_Upload_Me_RORO-PC.zip
      [2011/10/09 18:17:33 | 000,000,922 | ---- | M] () -- C:\Users\roro\Desktop\Internet Explorer.lnk
      [2011/10/08 14:13:34 | 000,360,811 | ---- | M] () -- C:\Users\roro\Desktop\Pre_Script.exe
      [2011/10/02 14:46:26 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Launch Black Prophecy .lnk
      [2011/10/02 14:46:26 | 000,000,142 | ---- | M] () -- C:\Users\Public\Desktop\Register for Black Prophecy .url
      [2011/10/01 10:00:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
      [2011/09/29 14:31:48 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Wallpapers by IncrediMail.lnk
      [2011/09/29 14:31:48 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Augmentez la vitesse de votre ordinateur !.lnk
      [2011/09/29 14:31:48 | 000,001,983 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
      [2011/09/29 14:31:48 | 000,001,975 | ---- | M] () -- C:\Users\roro\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
      [2011/09/24 16:17:03 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer 2.lnk
      [2011/09/21 15:49:20 | 000,000,840 | ---- | M] () -- C:\Users\roro\Desktop\Poême
      [2011/09/14 15:08:40 | 000,006,877 | ---- | M] () -- C:\Users\roro\AppData\Roaming\TMIUtils.class
      [2011/09/14 15:08:40 | 000,005,762 | ---- | M] () -- C:\Users\roro\AppData\Roaming\em.class
      [2011/09/14 15:08:40 | 000,005,737 | ---- | M] () -- C:\Users\roro\AppData\Roaming\TMIConfig.class
      [2011/09/14 15:08:40 | 000,004,712 | ---- | M] () -- C:\Users\roro\AppData\Roaming\TMIController.class
      [2011/09/14 15:08:40 | 000,003,974 | ---- | M] () -- C:\Users\roro\AppData\Roaming\TMIView.class
      [2011/09/14 15:08:40 | 000,003,031 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgCanvas.class
      [2011/09/14 15:08:40 | 000,002,876 | ---- | M] () -- C:\Users\roro\AppData\Roaming\TMICompatibility.class
      [2011/09/14 15:08:40 | 000,002,262 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgItemPanel.class
      [2011/09/14 15:08:40 | 000,001,093 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgButton.class
      [2011/09/14 15:08:40 | 000,001,059 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgWidget.class
      [2011/09/14 15:08:40 | 000,000,812 | ---- | M] () -- C:\Users\roro\AppData\Roaming\mod_TooManyItems.class
      [2011/09/14 15:08:40 | 000,000,564 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgZOrder.class
      [2011/09/14 15:08:40 | 000,000,371 | ---- | M] () -- C:\Users\roro\AppData\Roaming\TMIStateButtonData.class
      [2011/09/14 15:08:40 | 000,000,169 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgButtonHandler.class
      [2011/09/14 15:08:40 | 000,000,150 | ---- | M] () -- C:\Users\roro\AppData\Roaming\_tmi_MgItemHandler.class

      [color=#E56717]========== Fichiers créés - Pas de nom de société ==========[/color]

      [2011/10/11 17:48:49 | 000,003,383 | ---- | C] () -- C:\UsbFix_Upload_Me_RORO-PC.zip
      [2011/10/02 14:46:26 | 000,002,194 | ---- | C] () -- C:\Users\Public\Desktop\Launch Black Prophecy .lnk
      [2011/10/02 14:46:26 | 000,000,142 | ---- | C] () -- C:\Users\Public\Desktop\Register for Black Prophecy .url
      [2011/09/21 15:49:20 | 000,000,840 | ---- | C] () -- C:\Users\roro\Desktop\Poême
      [2011/09/17 14:30:18 | 000,006,877 | ---- | C] () -- C:\Users\roro\AppData\Roaming\TMIUtils.class
      [2011/09/17 14:30:18 | 000,005,762 | ---- | C] () -- C:\Users\roro\AppData\Roaming\em.class
      [2011/09/17 14:30:18 | 000,005,737 | ---- | C] () -- C:\Users\roro\AppData\Roaming\TMIConfig.class
      [2011/09/17 14:30:18 | 000,004,712 | ---- | C] () -- C:\Users\roro\AppData\Roaming\TMIController.class
      [2011/09/17 14:30:18 | 000,003,974 | ---- | C] () -- C:\Users\roro\AppData\Roaming\TMIView.class
      [2011/09/17 14:30:18 | 000,003,031 | ---- | C] () -- C:\Users\roro\AppData\Roaming\_tmi_MgCanvas.class
      [2011/09/17 14:30:18 | 000,002,876 | ---- | C] () -- C:\Users\roro\AppData\Roaming\TMICompatibility.class
      [2011/09/17 14:30:18 | 000,002,262 | ---- | C] () -- C:\Users\roro\AppData\Roaming\_tmi_MgItemPanel.class
      [2011/09/17 14:30:18 |
      0
  11. g3n-h@ckm@n
     
    It would be nice if you read my instructions to the end! ^^
    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      :) I told you: I can't do "parcourire" and I can't even do it manually by writing it, so I have to post it even if it's long.....
      0
    2. g3n-h@ckm@n
       
      Oops, that's true, sorry, I'm looking into it ^^
      0
    3. toxic512008 Posted messages 158 Status Member 23
       
      No worries :P
      0
    4. toxic512008 Posted messages 158 Status Member 23
       
      (I'll be back around 6 PM, if I don't respond it's normal)
      0
  12. g3n-h@ckm@n
     
    WARNING!!!: Custom script for this machine only, do not reproduce!!

    If you have XP => double click
    If you have Vista or Windows 7 => right click "run as...."


    on OTL.exe to launch it.

    ▶Copy the list that is in bold below,

    ▶ paste it in the area under "Customization":


    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe

    :OTL
    IE - HKLM\..\URLSearchHook: {249d74a3-bd19-4657-b6ce-e62f480a20de} - C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {249d74a3-bd19-4657-b6ce-e62f480a20de} - C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll (Conduit Ltd.)
    O16 - DPF: {2E4A92AB-F2C0-456A-9935-B715439790D7} https://fr.permissionresearch.com/Config/packages/pr/prsetup.cab (Setup Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

    :commands
    [CLEARALLRESTOREPOINTS]
    [emptytemp]
    [start explorer]
    [reboot]


    ▶ Click on "Fix" to start the removal.

    ▶ Post the report that will logically open by itself at the end of the work after the restart.

    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      Tous les processus ont été tués
      ========== PROCESSUS ==========
      Aucun processus actif nommé explorer.exe n'a été trouvé !
      Processus iexplore.exe tué avec succès !
      Aucun processus actif nommé firefox.exe n'a été trouvé !
      Aucun processus actif nommé msnmsgr.exe n'a été trouvé !
      Aucun processus actif nommé Teatimer.exe n'a été trouvé !
      ========== OTL ==========
      Valeur de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{249d74a3-bd19-4657-b6ce-e62f480a20de} supprimée avec succès.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{249d74a3-bd19-4657-b6ce-e62f480a20de}\ supprimée avec succès.
      C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll déplacé avec succès.
      Valeur de registre HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{249d74a3-bd19-4657-b6ce-e62f480a20de} supprimée avec succès.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{249d74a3-bd19-4657-b6ce-e62f480a20de}\ non trouvée.
      Fichier C:\Program Files\IncrediMail_MediaBar_Francais_2\prxtbIncr.dll non trouvé.
      Début du retrait du contrôle ActiveX {2E4A92AB-F2C0-456A-9935-B715439790D7}
      C:\Windows\Downloaded Program Files\prsetup.inf déplacé avec succès.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2E4A92AB-F2C0-456A-9935-B715439790D7}\ supprimée avec succès.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E4A92AB-F2C0-456A-9935-B715439790D7}\ supprimée avec succès.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2E4A92AB-F2C0-456A-9935-B715439790D7}\ non trouvée.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E4A92AB-F2C0-456A-9935-B715439790D7}\ non trouvée.
      Début du retrait du contrôle ActiveX {8AD9C840-044E-11D1-B3E9-00805F499D93}
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ supprimée avec succès.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ supprimée avec succès.
      Clé de registre HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ supprimée avec succès.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ non trouvée.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ non trouvée.
      Début du retrait du contrôle ActiveX {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ supprimée avec succès.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ supprimée avec succès.
      Clé de registre HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ supprimée avec succès.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ non trouvée.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ non trouvée.
      Début du retrait du contrôle ActiveX {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ supprimée avec succès.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ supprimée avec succès.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ non trouvée.
      Clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ non trouvée.
      ========== COMMANDES ==========


      [VIDE LA TEMP]

      Utilisateur : Tous les utilisateurs

      Utilisateur : Par défaut
      ->Dossier Temp vidé : 0 octets
      ->Dossier des fichiers Internet temporaires vidé : 0 octets
      ->Cache Flash vidé : 53632 octets

      Utilisateur : Utilisateur par défaut
      ->Dossier Temp vidé : 0 octets
      ->Dossier des fichiers Internet temporaires vidé : 0 octets
      ->Cache Flash vidé : 0 octets

      Utilisateur : Public

      Utilisateur : roro
      ->Dossier Temp vidé : 27638863 octets
      ->Dossier des fichiers Internet temporaires vidé : 1573936099 octets
      ->Cache Java vidé : 300053 octets
      ->Cache Flash vidé : 54354 octets

      Fichiers .tmp de %systemdrive% supprimés : 0 octets
      Fichiers .tmp de %systemroot% supprimés : 0 octets
      Fichiers .tmp de %systemroot%\System32 supprimés : 0 octets
      Fichiers .tmp de %systemroot%\System32\drivers supprimés : 0 octets
      Dossier Temp de Windows vidé : 40644 octets
      Corbeille vidé : 156 octets

      Total des fichiers nettoyés = 1 528,00 mo


      OTL par OldTimer - Version 3.2.29.1 journal créé le 10122011_183401

      Fichiers\Dossiers déplacés au redémarrage...

      Entrées de registre supprimées au redémarrage...
      0
  13. g3n-h@ckm@n
     
    Is it still in English in your start menu?
    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_development_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      Yes, certain things "Calculator", "Computer", "Run", "narrator", "magnify". Otherwise, most have been corrected.
      0
  14. g3n-h@ckm@n
     
    where exactly is it found?

    in the first start menu when you open it?
    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      Start menu => Accessories => System tools and accessibility
      0
    2. g3n-h@ckm@n
       
      Actually, I need the exact path.
      0
    3. toxic512008 Posted messages 158 Status Member 23
       
      O_o oh dear, I don't know..
      0
  15. g3n-h@ckm@n
     
    right-click on calculator => properties then copy paste its path in your response
    ex:

    C:\users\..etc...
    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      I don't have access to either the right-click or the properties button :( I mentioned it earlier.
      0
  16. g3n-h@ckm@n
     
    grrrrrr!!!!!!!!

    ▶ Download Dr Web CureIt to your Desktop:

    ▶ restart in safe mode

    ▶- Double click (right-click "as admin" under Vista) <drweb-cureit.exe> and then click <Scan>;

    ▶- Click <Ok> at the prompt for the quick scan. If it finds infected processes then click the <Yes> button.

    Note: a window will open with options for "Order" or "50% off": Exit by clicking the "X".

    ▶- When the quick scan is finished, click on the <Options> menu then <Change configuration>; Choose the <Scanner> tab, and uncheck <Heuristic analysis>. Then click <Ok>.
    ▶- Back in the main window: click to enable <Full scan>

    select all disks

    ▶- Click the button with the green arrow on the right, and the scan will start.
    ▶- Click <Yes> to all at the prompt "Disinfect?" when a file is detected, and then click "Disinfect".
    ▶- When the scan is complete, see if you can click on the icon adjacent to the detected files (several sheets stacked over each other). If yes, then click on it and then click on the <Next> icon below, and choose <Move the unwanted object to quarantine>.
    ▶- From the main menu of the tool, at the top left, click on the <File> menu and choose <Save report>. Save the report to your Desktop. It will be named DrWeb.csv

    ▶- for the report you save it on your desktop, right-click on it / send to / compressed folders

    then:

    you send me the archive like this:

    click on this link: http://www.cijoint.fr/

    ▶ Click on Browse and find the file above.

    ▶ Click on Open.

    ▶ Click on "Click here to drop the file".

    A link of this form:

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    is added to the page.

    ▶ Copy this link in your reply.

    ▶- Close Dr.Web Cureit
    ▶- Restart your computer (important because some files may be moved/fixed upon restart).

    --
    ¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_developpement_¤¤¤¤¤¤¤¤¤¤
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    0
    1. toxic512008 Posted messages 158 Status Member 23
       
      I'm doing it tomorrow, right now I don't have the time.
      0