Virus Privacy Protection
Marion0365
Messages postés
15
Statut
Membre
-
Marion0365 Messages postés 15 Statut Membre -
Marion0365 Messages postés 15 Statut Membre -
Bonjour,
Depuis hier j'ai attrapé un virus appelé Privacy Protection. Il m'empêche d'ouvrir tous les logiciels à exécuter: internet, word,... tout.
J'ai éssayé douvrir mon ordi en mode sans echec (et tous les autres modes proposés): je n'y arrive pas, j'ai un écran bleu qui saffiche 2scds en me disant que windows rencontre un pb avec un logiciel,.. installé sur lordi.
Comment je peux faire pr supprimer le virus?
Merci pour votre aide!
Depuis hier j'ai attrapé un virus appelé Privacy Protection. Il m'empêche d'ouvrir tous les logiciels à exécuter: internet, word,... tout.
J'ai éssayé douvrir mon ordi en mode sans echec (et tous les autres modes proposés): je n'y arrive pas, j'ai un écran bleu qui saffiche 2scds en me disant que windows rencontre un pb avec un logiciel,.. installé sur lordi.
Comment je peux faire pr supprimer le virus?
Merci pour votre aide!
A voir également:
- Virus Privacy Protection
- Virus mcafee - Accueil - Piratage
- K9 web protection - Télécharger - Contrôle parental
- Virus facebook demande d'amis - Accueil - Facebook
- Protection cellule excel - Guide
- Undisclosed-recipients virus - Guide
16 réponses
Bonjour
Il va falloir utiliser un LiveCD.
Pour cela:
Télécharge OTLPENet sur le bureau.
Double clique ou clic droit sous Vista ou Seven pour lancer l'application.
On va te demander si tu veux graver ...
Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
Pour se faire suivre ce lien : Booter sur un CD
Tuto OTLPE
Tu lances l'iso d'OTLPENet que tu as gravé.
* une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune
* Double-clique sur l'icone OTLPE
* quand demandé "Do you wish to load the remote registry", select Yes
* quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
* vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK
* sous Custom Scan box
1) copie_colle le contenu du cadre ci dessous:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
cdrom.sys
disk.sys
ndis.sys
mountmgr.sys
aec.sys
rasacd.sys
mrxsmb10.sys
mrxsmb20.sys
termdd.sys
mrxsmb.sys
win32k.sys
storport.sys
IdeChnDr.sys
viasraid.sys
explorer.exe
winlogon.exe
wininit.exe
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
* copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.
* 2) Clic Run Scan pour démarrer le scan.
* Une fois terminé , le fichier se trouve là C:\OTL.txt
* Copie_colle le contenu dans ta prochaine réponse.
@+
Il va falloir utiliser un LiveCD.
Pour cela:
Télécharge OTLPENet sur le bureau.
Double clique ou clic droit sous Vista ou Seven pour lancer l'application.
On va te demander si tu veux graver ...
Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
Pour se faire suivre ce lien : Booter sur un CD
Tuto OTLPE
Tu lances l'iso d'OTLPENet que tu as gravé.
* une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune
* Double-clique sur l'icone OTLPE
* quand demandé "Do you wish to load the remote registry", select Yes
* quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
* vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK
* sous Custom Scan box
1) copie_colle le contenu du cadre ci dessous:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
cdrom.sys
disk.sys
ndis.sys
mountmgr.sys
aec.sys
rasacd.sys
mrxsmb10.sys
mrxsmb20.sys
termdd.sys
mrxsmb.sys
win32k.sys
storport.sys
IdeChnDr.sys
viasraid.sys
explorer.exe
winlogon.exe
wininit.exe
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
* copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.
* 2) Clic Run Scan pour démarrer le scan.
* Une fois terminé , le fichier se trouve là C:\OTL.txt
* Copie_colle le contenu dans ta prochaine réponse.
@+
Re
Voici la version Usb
Télécharger OTLPEUSB sur ton bureau.
http://sd-4.archive-host.com/membres/up/7739387536519291/OTLPEUSBInstall.exe
Merci à Anthony5151 pour l'hebergement
Double-clic sur l'exécutable pour extraire et exécuter le programme.
Insère une clé usb avant de poursuivre.
/!\ Attention ta clé usb sera formaté pour la rendre bootable /!\
Lorsque la fenêtre s'ouvrira, sélectionne la clé que tu souhaites formater
Sélectionnes dans la zone Boot Option : XP (NTLDR)
Coches la case : OTLPE_Network.iso
Clic sur le bouton Lancer.
Patiente pendant le formatage et l'installation des fichiers nécessaires pour démarrer OLTPE_Network.
Une fois, terminer ferme le programme
Sur le PC en panne
Redémarre ton PC en t'assurant de booter sur la clé usb en modifiant ta séquence de boot (USB-FDD ou USB-HDD)
Au menu choisir OTLPE Into RAM, Patiente le temps du chargement...
Windows se charge tu arrives sur le bureau REATOGO-X-PE
Ensuite
Double clique sur OTLPE
= Une fenêtre s'ouvre : Do you wish to load the remote registry ; Clique sur YES
= Une seconde : Do you wish to load remote user profile(s) for scanning ; Clique sur YES
= Veille à ce que la case Automatically Load All Remaining Users soit cochée et appuie sur OK
OTL se lance.
= Clique sur Run Scan pour démarrer le scanner, cela peut prendre quelques minutes
= Une fois fini le rapport s'ouvre, utilise l'icône d'Internet explorer pour copier coller son contenu dans la réponse.
Note : si tu n'as pas de connexion Internet, sauvegarde le rapport sur un
périphérique USB
@+
Voici la version Usb
Télécharger OTLPEUSB sur ton bureau.
http://sd-4.archive-host.com/membres/up/7739387536519291/OTLPEUSBInstall.exe
Merci à Anthony5151 pour l'hebergement
Double-clic sur l'exécutable pour extraire et exécuter le programme.
Insère une clé usb avant de poursuivre.
/!\ Attention ta clé usb sera formaté pour la rendre bootable /!\
Lorsque la fenêtre s'ouvrira, sélectionne la clé que tu souhaites formater
Sélectionnes dans la zone Boot Option : XP (NTLDR)
Coches la case : OTLPE_Network.iso
Clic sur le bouton Lancer.
Patiente pendant le formatage et l'installation des fichiers nécessaires pour démarrer OLTPE_Network.
Une fois, terminer ferme le programme
Sur le PC en panne
Redémarre ton PC en t'assurant de booter sur la clé usb en modifiant ta séquence de boot (USB-FDD ou USB-HDD)
Au menu choisir OTLPE Into RAM, Patiente le temps du chargement...
Windows se charge tu arrives sur le bureau REATOGO-X-PE
Ensuite
Double clique sur OTLPE
= Une fenêtre s'ouvre : Do you wish to load the remote registry ; Clique sur YES
= Une seconde : Do you wish to load remote user profile(s) for scanning ; Clique sur YES
= Veille à ce que la case Automatically Load All Remaining Users soit cochée et appuie sur OK
OTL se lance.
= Clique sur Run Scan pour démarrer le scanner, cela peut prendre quelques minutes
= Une fois fini le rapport s'ouvre, utilise l'icône d'Internet explorer pour copier coller son contenu dans la réponse.
Note : si tu n'as pas de connexion Internet, sauvegarde le rapport sur un
périphérique USB
@+
Voila j'ai reussi à graver un cd finalement, voici le résultat:
OTL logfile created on: 12/11/2011 7:12:43 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 82.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 5.24 Gb Free Space | 7.03% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 7.02 Gb Free Space | 94.26% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto] -- -- (TapiSrv32)
SRV - File not found [Auto] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto] -- -- (btwdins)
SRV - [2011/09/27 13:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/09 11:56:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2011/02/18 09:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/06 14:26:11 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/04/01 11:58:54 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/10/19 10:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2008/11/03 19:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/11/15 06:43:04 | 000,382,248 | ---- | M] (Nero AG) [On_Demand] -- C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/10/18 09:32:42 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/05 13:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (mbr)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/06 14:26:26 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/05/06 14:26:25 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/05/06 14:26:13 | 000,085,128 | ---- | M] (BitDefender) [Kernel | Auto] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2010/05/06 14:26:06 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2010/04/01 11:58:55 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/02/10 13:49:08 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/08/27 10:28:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/05/06 21:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2007/07/25 09:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Pilote de carte de connexion réseau Intel(R)
DRV - [2007/05/02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/18 09:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 09:52:38 | 000,242,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/10/18 09:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/09 15:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2004/06/25 05:44:54 | 000,331,008 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd)
DRV - [2004/01/20 12:40:48 | 001,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 48 2B 9F 15 5A 3A DC 4C BF 26 AB 4D D2 95 08 1D [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 48 2B 9F 15 5A 3A DC 4C BF 26 AB 4D D2 95 08 1D [binary data]
IE - HKU\Marion_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.20minutes.fr/
IE - HKU\Marion_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 48 2B 9F 15 5A 3A DC 4C BF 26 AB 4D D2 95 08 1D [binary data]
IE - HKU\Marion_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\Marion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 48 2B 9F 15 5A 3A DC 4C BF 26 AB 4D D2 95 08 1D [binary data]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Marion\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
[2010/01/01 11:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marion\Application Data\Mozilla\Extensions
[2010/01/01 11:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marion\Application Data\Mozilla\Extensions\mozswing@mozswing.org
Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [iv39od7ft9] C:\Documents and Settings\All Users\iv39od7ft9.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Regedit32] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKU\.DEFAULT..\Run: [FxhQnrok] C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe (BreakPoint Software, Inc.)
O4 - HKU\Marion_ON_C..\Run: [{92ADDB88-12F9-1F39-12D8-29DA793630FB}] C:\Documents and Settings\Marion\Application Data\Vya\vayghin.exe ()
O4 - HKU\Marion_ON_C..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKU\Marion_ON_C..\Run: [FxhQnrok] C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe (BreakPoint Software, Inc.)
O4 - HKU\Marion_ON_C..\Run: [iv39od7ft9] C:\Documents and Settings\Marion\iv39od7ft9.exe ()
O4 - HKU\Marion_ON_C..\Run: [msnmsgr] File not found
O4 - HKU\Marion_ON_C..\Run: [Privacy Protection] C:\Documents and Settings\All Users\Application Data\privacy.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\IBM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\Marion\Menu Démarrer\Programmes\Démarrage\fxhqnrok.exe (BreakPoint Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Marion_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262165698093 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe) - C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe (BreakPoint Software, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/29 12:10:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/12/11 12:09:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favoris
[2011/12/11 11:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marion\Menu Démarrer\Programmes\CyberLink PowerDVD
[2011/12/11 10:44:36 | 000,090,995 | --S- | C] (BreakPoint Software, Inc.) -- C:\fxhqnrok.exe
[2011/12/07 15:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/07 15:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/07 15:13:52 | 000,819,712 | ---- | C] (Arcsoft, Inc.) -- C:\Documents and Settings\All Users\Application Data\privacy.exe
[2011/12/07 15:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marion\Application Data\Vya
[2011/12/07 15:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marion\Application Data\Kyicq
[2011/12/06 12:04:48 | 000,090,995 | --S- | C] (BreakPoint Software, Inc.) -- C:\Documents and Settings\Marion\Menu Démarrer\Programmes\Démarrage\fxhqnrok.exe
[2011/12/06 12:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft
[2010/01/08 08:02:23 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2010/01/08 08:02:23 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2010/01/08 08:02:23 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Marion\Bureau\*.tmp files -> C:\Documents and Settings\Marion\Bureau\*.tmp -> ]
[1 C:\Documents and Settings\Marion\*.tmp files -> C:\Documents and Settings\Marion\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/12/11 12:58:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/11 12:13:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/11 11:47:36 | 000,090,995 | --S- | M] (BreakPoint Software, Inc.) -- C:\fxhqnrok.exe
[2011/12/11 10:50:25 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/11 10:44:35 | 000,090,995 | --S- | M] (BreakPoint Software, Inc.) -- C:\Documents and Settings\Marion\Menu Démarrer\Programmes\Démarrage\fxhqnrok.exe
[2011/12/07 16:44:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/07 15:24:22 | 000,134,606 | ---- | M] () -- C:\Documents and Settings\Marion\iv39od7ft9.exe
[2011/12/07 15:24:22 | 000,134,606 | ---- | M] () -- C:\Documents and Settings\All Users\iv39od7ft9.exe
[2011/12/07 15:13:52 | 000,819,712 | ---- | M] (Arcsoft, Inc.) -- C:\Documents and Settings\All Users\Application Data\privacy.exe
[2011/12/02 19:02:13 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2011/12/02 16:53:47 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Marion\Application Dataprivacy.xml
[2011/11/28 17:14:33 | 000,002,575 | ---- | M] () -- C:\Documents and Settings\Marion\Bureau\Microsoft Word.lnk
[2011/11/22 11:26:51 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/14 03:57:45 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\Marion\Bureau\Microsoft PowerPoint.lnk
[2011/11/13 15:38:46 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Marion\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Marion\Bureau\*.tmp files -> C:\Documents and Settings\Marion\Bureau\*.tmp -> ]
[1 C:\Documents and Settings\Marion\*.tmp files -> C:\Documents and Settings\Marion\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/12/11 10:50:33 | 000,134,606 | ---- | C] () -- C:\Documents and Settings\Marion\iv39od7ft9.exe
[2011/12/07 15:24:23 | 000,134,606 | ---- | C] () -- C:\Documents and Settings\All Users\iv39od7ft9.exe
[2011/07/24 19:06:18 | 000,014,804 | -HS- | C] () -- C:\Documents and Settings\Marion\Local Settings\Application Data\05a3a062i5h21hn5r14r184j8402x6866h8
[2011/07/24 19:06:18 | 000,014,804 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\05a3a062i5h21hn5r14r184j8402x6866h8
[2011/07/24 19:06:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pepg.exe
[2011/07/24 19:06:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\osbc.exe
[2011/07/24 19:06:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gums.exe
[2011/07/24 19:06:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ctxe.exe
[2010/09/06 04:36:01 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/06/13 04:59:41 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Marion\Local Settings\Application Data\fusioncache.dat
[2010/04/10 14:21:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/21 08:02:05 | 000,051,100 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/12 09:21:47 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Marion\Application DataProductTweaks.xml
[2010/02/12 09:21:47 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Marion\Application Datauser_gensett.xml
[2010/02/12 09:21:47 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Marion\Application Dataprivacy.xml
[2010/02/12 07:20:40 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Marion\Application Data\bdfvconp.ini
[2010/02/08 12:58:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/02/07 11:01:38 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/02/07 11:01:36 | 000,000,477 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/02/07 11:01:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/02/07 11:01:03 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/01/12 10:37:29 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Marion\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/08 08:02:31 | 000,286,720 | ---- | C] () -- C:\WINDOWS\vsnpstd.exe
[2010/01/08 08:02:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2010/01/08 08:02:31 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2010/01/08 08:02:27 | 000,331,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2010/01/08 08:02:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd.exe
[2010/01/01 17:40:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/01 17:13:15 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\Marion\Application Data\Poladroid prefs.plist
[2010/01/01 15:51:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/31 09:57:39 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2009/12/31 09:57:39 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/12/30 07:25:29 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/12/30 06:33:00 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/12/30 06:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2009/12/30 06:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2009/12/30 06:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2009/12/30 06:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2009/12/30 06:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2009/12/30 06:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2009/12/29 12:55:12 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/29 12:53:42 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/29 12:13:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/29 12:07:38 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/15 06:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/05/26 16:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 16:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 16:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/29 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/10/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/10/29 07:00:00 | 000,536,686 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2007/10/29 07:00:00 | 000,444,808 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/10/29 07:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2007/10/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/10/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/10/29 07:00:00 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2007/10/29 07:00:00 | 000,095,170 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2007/10/29 07:00:00 | 000,072,684 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/10/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/10/29 07:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2007/10/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/10/29 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/10/29 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/10/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/10/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/01/31 07:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2004/01/20 13:16:56 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll
[2004/01/20 13:03:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2004/01/20 13:02:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2004/01/20 12:57:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[color=#E56717]========== LOP Check ==========[/color]
[2010/09/06 04:38:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
[2009/12/30 06:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\BitDefender
[2010/03/08 14:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Facebook
[2011/12/07 15:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Kyicq
[2010/12/15 16:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\LimeWire
[2011/04/27 15:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\moovida-1
[2010/09/06 11:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\pdfforge
[2011/10/14 12:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Search Settings
[2011/12/07 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Vya
[2009/12/30 05:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Windows Desktop Search
[2010/02/25 12:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Windows Search
[2009/12/30 06:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/12/30 12:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/04/08 15:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/01 16:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/01 12:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/08/01 18:00:52 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2011/12/11 11:47:36 | 000,090,995 | --S- | M] (BreakPoint Software, Inc.) -- C:\fxhqnrok.exe
[color=#A23BEC]< MD5 for: AEC.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:aec.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:aec.sys
[2006/02/14 19:30:07 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=1EE7B434BA961EF845DE136224C30FEC -- C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
[2006/02/14 19:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=1EE7B434BA961EF845DE136224C30FEC -- C:\WINDOWS\$NtServicePackUninstall$\aec.sys
[2004/08/03 16:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- C:\WINDOWS\$NtUninstallKB900485$\aec.sys
[2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ServicePackFiles\i386\aec.sys
[2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys
[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2007/10/29 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2007/10/29 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[color=#A23BEC]< MD5 for: DISK.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2007/10/29 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2007/10/29 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
[2009/06/25 09:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2007/10/29 07:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 08:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 08:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[color=#A23BEC]< MD5 for: MOUNTMGR.SYS >[/color]
[2007/10/29 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=65653F3B4477F3C63E68A9659F85EE2E -- C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys
[2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys
[2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys
[color=#A23BEC]< MD5 for: MRXSMB.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
[2006/05/05 04:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtUninstallKB957097_0$\mrxsmb.sys
[2011/04/29 11:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2011/04/29 11:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2011/04/29 11:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2011/02/17 08:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=0EA4D8ED179B75F8AFA7998BA22285CA -- C:\WINDOWS\$NtUninstallKB2536276$\mrxsmb.sys
[2007/10/29 07:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB885835$\mrxsmb.sys
[2009/12/04 13:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2009/12/04 12:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2008/10/24 06:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
[2008/10/24 06:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2008/04/13 14:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2008/04/13 14:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2008/10/24 06:10:42 | 000,453,632 | ---- | M] (Microsoft Corporation) MD5=6F2D483B97B395544E59749C47963C6A -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2008/10/24 06:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2006/05/05 05:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
[2011/04/29 11:47:42 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=8DD801E28EB76FDA2A38907882A0036F -- C:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys
[2004/10/27 20:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
[2004/10/27 20:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
[2008/10/24 06:25:29 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=D07DA410091143336DAE419A921AAE2B -- C:\WINDOWS\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
[2010/02/24 06:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$NtUninstallKB2511455$\mrxsmb.sys
[2011/02/17 08:19:38 | 000,457,472 | ---- | M] (Microsoft Corporation) MD5=FB7DFD15D760AD339837A470F0E780D3 -- C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys
[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2007/10/29 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2007/10/29 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 13:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[color=#A23BEC]< MD5 for: RASACD.SYS >[/color]
[2007/10/29 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2007/10/29 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2007/10/29 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[color=#A23BEC]< MD5 for: TERMDD.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:termdd.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:termdd.sys
[2008/04/13 21:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\ServicePackFiles\i386\termdd.sys
[2008/04/13 21:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/19 10:10:18 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=A540A99C281D933F3D69D55E48727F47 -- C:\WINDOWS\$NtServicePackUninstall$\termdd.sys
[color=#A23BEC]< MD5 for: WIN32K.SYS >[/color]
[2008/04/13 20:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\$NtUninstallKB969947$\win32k.sys
[2008/04/13 20:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
[2010/05/02 03:02:25 | 001,860,480 | ---- | M] (Microsoft Corporation) MD5=117089D35359DD8FE8054DA17AC6EE19 -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys
[2010/10/26 08:59:49 | 001,862,400 | ---- | M] (Microsoft Corporation) MD5=19209B83DC73BCA78558C2F220DB65E2 -- C:\WINDOWS\$hf_mig$\KB2436673\SP3QFE\win32k.sys
[2007/03/08 10:45:59 | 001,844,096 | ---- | M] (Microsoft Corporation) MD5=24B0EF79632899E1831BD052F53A8A24 -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
[2011/06/06 06:36:19 | 001,868,032 | ---- | M] (Microsoft Corporation) MD5=31C9FCD53634B437F36B0417DA48066A -- C:\WINDOWS\$hf_mig$\KB2555917\SP3QFE\win32k.sys
[2010/12/31 09:04:24 | 001,855,104 | ---- | M] (Microsoft Corporation) MD5=3AB58BCEC87615E452991E8E257ADFA9 -- C:\WINDOWS\$NtUninstallKB2506223$\win32k.sys
[2011/03/03 08:53:37 | 001,858,048 | ---- | M] (Microsoft Corporation) MD5=3BEDF6024160399E2AF010BB2E7F4F59 -- C:\WINDOWS\$NtUninstallKB2555917$\win32k.sys
[2009/08/14 10:58:52 | 001,859,840 | ---- | M] (Microsoft Corporation) MD5=479DD2D56488951B4842B6ECBB770239 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys
[2009/08/14 10:04:43 | 001,859,456 | ---- | M] (Microsoft Corporation) MD5=660B528148A752FFFF1D22FF865C220F -- C:\WINDOWS\$hf_mig$\KB969947\SP2QFE\win32k.sys
[2011/06/06 06:35:23 | 001,859,072 | ---- | M] (Microsoft Corporation) MD5=667C2CED1208788BD0FE1F6E8CFE1CD0 -- C:\WINDOWS\system32\dllcache\win32k.sys
[2011/06/06 06:35:23 | 001,859,072 | ---- | M] (Microsoft Corporation) MD5=667C2CED1208788BD0FE1F6E8CFE1CD0 -- C:\WINDOWS\system32\win32k.sys
[2007/10/29 07:00:00 | 001,836,032 | ---- | M] (Microsoft Corporation) MD5=6B8D8840CC7D6C822FD159613D61EBA3 -- C:\WINDOWS\$NtUninstallKB890859$\win32k.sys
[2005/03/02 13:13:08 | 001,836,416 | ---- | M] (Microsoft Corporation) MD5=7EC7E0B304C1D7F73E9B6C4977952220 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys
[2010/09/01 02:54:08 | 001,862,016 | ---- | M] (Microsoft Corporation) MD5=81C11BC7F3FAE0CC76941A8AB9B2ED1A -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys
[2009/08/14 10:13:59 | 001,850,752 | ---- | M] (Microsoft Corporation) MD5=8441F8A5DC42BD5F2BEAA95297EE0E10 -- C:\WINDOWS\$hf_mig$\KB969947\SP3GDR\win32k.sys
[2009/08/14 10:13:59 | 001,850,752 | ---- | M] (Microsoft Corporation) MD5=8441F8A5DC42BD5F2BEAA95297EE0E10 -- C:\WINDOWS\$NtUninstallKB979559$\win32k.sys
[2005/03/02 13:07:53 | 001,836,416 | ---- | M] (Microsoft Corporation) MD5=8B39DEFB4843B15A3044FFA23332B299 -- C:\WINDOWS\$NtUninstallKB925902$\win32k.sys
[2010/10/26 09:07:17 | 001,853,440 | ---- | M] (Microsoft Corporation) MD5=A872D428716E5C454D97F16785656351 -- C:\WINDOWS\$NtUninstallKB2479628$\win32k.sys
[2007/03/08 10:33:58 | 001,843,712 | ---- | M] (Microsoft Corporation) MD5=A8B9B1911F1D52DB8D24C4AC37CEC0E3 -- C:\WINDOWS\$NtUninstallKB969947_0$\win32k.sys
[2010/09/01 02:55:16 | 001,852,928 | ---- | M] (Microsoft Corporation) MD5=C71A8AFDCD34601F7FDE2DA3792CEAE9 -- C:\WINDOWS\$NtUninstallKB2436673$\win32k.sys
[2010/06/24 04:02:32 | 001,852,032 | ---- | M] (Microsoft Corporation) MD5=CA341AEF1BBBF1EF98B07E46681257D9 -- C:\WINDOWS\$NtUninstallKB981957$\win32k.sys
[2010/05/02 03:08:14 | 001,851,392 | ---- | M] (Microsoft Corporation) MD5=D6491CA433261FCBDC99D27064E5F180 -- C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys
[2009/08/14 10:21:38 | 001,850,240 | ---- | M] (Microsoft Corporation) MD5=E2C10EA786F48051A65D81CF507F6881 -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
[2011/03/03 08:52:12 | 001,867,008 | ---- | M] (Microsoft Corporation) MD5=E832E04ADDD745DC462ED800E8416B9C -- C:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys
[2010/06/24 16:29:54 | 001,861,248 | ---- | M] (Microsoft Corporation) MD5=F1AEB1184052F4598390CE4CD638CA14 -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys
[2010/12/31 09:02:58 | 001,864,192 | ---- | M] (Microsoft Corporation) MD5=FA7694CA8CE7E7660676C646A15A3CEE -- C:\WINDOWS\$hf_mig$\KB2479628\SP3QFE\win32k.sys
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2007/10/29 07:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=92CA989E459DA32A7F173489E8D9A667 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2011/03/03 01:55:26 | 000,149,504 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll
[2011/04/26 03:06:10 | 011,081,728 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ieframe.dll
[2011/04/25 11:06:09 | 001,991,680 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 21:33:33 | 000,281,600 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 21:33:36 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 09:44:12 | 008,518,656 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2009/12/29 12:52:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/12/29 12:52:53 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/12/29 12:52:53 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[color=#A23BEC]< CREATERESTOREPOINT >[/color]
[color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color]
[C:\WINDOWS\$NtUninstallKB41394$] -> -> Unknown point type
< End of report >
OTL logfile created on: 12/11/2011 7:12:43 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 82.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 5.24 Gb Free Space | 7.03% Space Free | Partition Type: NTFS
Drive D: | 7.45 Gb Total Space | 7.02 Gb Free Space | 94.26% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto] -- -- (TapiSrv32)
SRV - File not found [Auto] -- -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - File not found [Auto] -- -- (btwdins)
SRV - [2011/09/27 13:08:40 | 000,745,880 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/03/09 11:56:07 | 000,310,856 | ---- | M] (BitDefender S.R.L.) [Auto] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2011/02/18 09:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/06 14:26:11 | 001,615,688 | ---- | M] (BitDefender S.R.L.) [Auto] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2010/04/01 11:58:54 | 000,315,392 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/10/19 10:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2008/11/03 19:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/11/15 06:43:04 | 000,382,248 | ---- | M] (Nero AG) [On_Demand] -- C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/10/18 09:32:42 | 000,079,136 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/05/05 13:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (UIUSys)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (mbr)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/05/06 14:26:26 | 000,058,368 | ---- | M] (BitDefender) [Kernel | On_Demand] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2010/05/06 14:26:25 | 000,119,504 | ---- | M] (BitDefender LLC) [Kernel | System] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2010/05/06 14:26:13 | 000,085,128 | ---- | M] (BitDefender) [Kernel | Auto] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2010/05/06 14:26:06 | 000,111,312 | ---- | M] (BitDefender LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2010/04/01 11:58:55 | 000,291,352 | ---- | M] (BitDefender) [File_System | Boot] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2010/02/10 13:49:08 | 000,153,448 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/08/27 10:28:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/05/06 21:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand] -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2008/04/13 14:21:00 | 000,162,816 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\netbt.sys -- (NetBT)
DRV - [2007/07/25 09:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Pilote de carte de connexion réseau Intel(R)
DRV - [2007/05/02 04:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/18 09:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 09:52:38 | 000,242,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/10/18 09:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/09 15:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2004/06/25 05:44:54 | 000,331,008 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd)
DRV - [2004/01/20 12:40:48 | 001,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 48 2B 9F 15 5A 3A DC 4C BF 26 AB 4D D2 95 08 1D [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 48 2B 9F 15 5A 3A DC 4C BF 26 AB 4D D2 95 08 1D [binary data]
IE - HKU\Marion_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.20minutes.fr/
IE - HKU\Marion_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 48 2B 9F 15 5A 3A DC 4C BF 26 AB 4D D2 95 08 1D [binary data]
IE - HKU\Marion_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\Marion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marion_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 48 2B 9F 15 5A 3A DC 4C BF 26 AB 4D D2 95 08 1D [binary data]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Marion\Application Data\Facebook\npfbplugin_1_0_3.dll ( )
[2010/01/01 11:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marion\Application Data\Mozilla\Extensions
[2010/01/01 11:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marion\Application Data\Mozilla\Extensions\mozswing@mozswing.org
Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [iv39od7ft9] C:\Documents and Settings\All Users\iv39od7ft9.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Regedit32] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKU\.DEFAULT..\Run: [FxhQnrok] C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe (BreakPoint Software, Inc.)
O4 - HKU\Marion_ON_C..\Run: [{92ADDB88-12F9-1F39-12D8-29DA793630FB}] C:\Documents and Settings\Marion\Application Data\Vya\vayghin.exe ()
O4 - HKU\Marion_ON_C..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKU\Marion_ON_C..\Run: [FxhQnrok] C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe (BreakPoint Software, Inc.)
O4 - HKU\Marion_ON_C..\Run: [iv39od7ft9] C:\Documents and Settings\Marion\iv39od7ft9.exe ()
O4 - HKU\Marion_ON_C..\Run: [msnmsgr] File not found
O4 - HKU\Marion_ON_C..\Run: [Privacy Protection] C:\Documents and Settings\All Users\Application Data\privacy.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\BTTray.lnk = C:\Program Files\IBM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\Marion\Menu Démarrer\Programmes\Démarrage\fxhqnrok.exe (BreakPoint Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Marion_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262165698093 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe) - C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe (BreakPoint Software, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/29 12:10:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendu VML (Vector Graphics Rendering)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Liaison de données Dynamic HTML pour Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Création avancée
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classes Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Mise à jour de sécurité pour Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {72AD53CC-CCC0-3757-8480-9EE176866A7C} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9A394342-4A68-4EBA-85A6-55B559F4E700} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Planificateur de tâches
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2011/12/11 12:09:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favoris
[2011/12/11 11:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marion\Menu Démarrer\Programmes\CyberLink PowerDVD
[2011/12/11 10:44:36 | 000,090,995 | --S- | C] (BreakPoint Software, Inc.) -- C:\fxhqnrok.exe
[2011/12/07 15:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/07 15:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/12/07 15:13:52 | 000,819,712 | ---- | C] (Arcsoft, Inc.) -- C:\Documents and Settings\All Users\Application Data\privacy.exe
[2011/12/07 15:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marion\Application Data\Vya
[2011/12/07 15:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marion\Application Data\Kyicq
[2011/12/06 12:04:48 | 000,090,995 | --S- | C] (BreakPoint Software, Inc.) -- C:\Documents and Settings\Marion\Menu Démarrer\Programmes\Démarrage\fxhqnrok.exe
[2011/12/06 12:04:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft
[2010/01/08 08:02:23 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2010/01/08 08:02:23 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2010/01/08 08:02:23 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Marion\Bureau\*.tmp files -> C:\Documents and Settings\Marion\Bureau\*.tmp -> ]
[1 C:\Documents and Settings\Marion\*.tmp files -> C:\Documents and Settings\Marion\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2011/12/11 12:58:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/11 12:13:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/11 11:47:36 | 000,090,995 | --S- | M] (BreakPoint Software, Inc.) -- C:\fxhqnrok.exe
[2011/12/11 10:50:25 | 000,013,734 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/11 10:44:35 | 000,090,995 | --S- | M] (BreakPoint Software, Inc.) -- C:\Documents and Settings\Marion\Menu Démarrer\Programmes\Démarrage\fxhqnrok.exe
[2011/12/07 16:44:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/07 15:24:22 | 000,134,606 | ---- | M] () -- C:\Documents and Settings\Marion\iv39od7ft9.exe
[2011/12/07 15:24:22 | 000,134,606 | ---- | M] () -- C:\Documents and Settings\All Users\iv39od7ft9.exe
[2011/12/07 15:13:52 | 000,819,712 | ---- | M] (Arcsoft, Inc.) -- C:\Documents and Settings\All Users\Application Data\privacy.exe
[2011/12/02 19:02:13 | 000,000,052 | ---- | M] () -- C:\WINDOWS\System32\ashttpstats.csv
[2011/12/02 16:53:47 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\Marion\Application Dataprivacy.xml
[2011/11/28 17:14:33 | 000,002,575 | ---- | M] () -- C:\Documents and Settings\Marion\Bureau\Microsoft Word.lnk
[2011/11/22 11:26:51 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/14 03:57:45 | 000,002,505 | ---- | M] () -- C:\Documents and Settings\Marion\Bureau\Microsoft PowerPoint.lnk
[2011/11/13 15:38:46 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Marion\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Marion\Bureau\*.tmp files -> C:\Documents and Settings\Marion\Bureau\*.tmp -> ]
[1 C:\Documents and Settings\Marion\*.tmp files -> C:\Documents and Settings\Marion\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2011/12/11 10:50:33 | 000,134,606 | ---- | C] () -- C:\Documents and Settings\Marion\iv39od7ft9.exe
[2011/12/07 15:24:23 | 000,134,606 | ---- | C] () -- C:\Documents and Settings\All Users\iv39od7ft9.exe
[2011/07/24 19:06:18 | 000,014,804 | -HS- | C] () -- C:\Documents and Settings\Marion\Local Settings\Application Data\05a3a062i5h21hn5r14r184j8402x6866h8
[2011/07/24 19:06:18 | 000,014,804 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\05a3a062i5h21hn5r14r184j8402x6866h8
[2011/07/24 19:06:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pepg.exe
[2011/07/24 19:06:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\osbc.exe
[2011/07/24 19:06:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\gums.exe
[2011/07/24 19:06:17 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ctxe.exe
[2010/09/06 04:36:01 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/06/13 04:59:41 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Marion\Local Settings\Application Data\fusioncache.dat
[2010/04/10 14:21:38 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/21 08:02:05 | 000,051,100 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/12 09:21:47 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Marion\Application DataProductTweaks.xml
[2010/02/12 09:21:47 | 000,000,385 | ---- | C] () -- C:\Documents and Settings\Marion\Application Datauser_gensett.xml
[2010/02/12 09:21:47 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\Marion\Application Dataprivacy.xml
[2010/02/12 07:20:40 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Marion\Application Data\bdfvconp.ini
[2010/02/08 12:58:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/02/07 11:01:38 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2010/02/07 11:01:36 | 000,000,477 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/02/07 11:01:36 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/02/07 11:01:03 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_unmip.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\phar_histprot.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_webproxy.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_video.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_tabloids.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_socialnetworks.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_searchengines.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_regionaltlds.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_pornography.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlineshop.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinepay.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_onlinedating.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_news.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_im.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_illegal.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_hate.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_games.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_gambling.dat
[2010/02/02 01:39:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_drugs.dat
[2010/01/12 10:37:29 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Marion\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/08 08:02:31 | 000,286,720 | ---- | C] () -- C:\WINDOWS\vsnpstd.exe
[2010/01/08 08:02:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2010/01/08 08:02:31 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2010/01/08 08:02:27 | 000,331,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2010/01/08 08:02:19 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd.exe
[2010/01/01 17:40:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/01 17:13:15 | 000,000,506 | ---- | C] () -- C:\Documents and Settings\Marion\Application Data\Poladroid prefs.plist
[2010/01/01 15:51:35 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/31 09:57:39 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\asdict.dat
[2009/12/31 09:57:39 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\aspdict-en.dat
[2009/12/30 07:25:29 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2009/12/30 06:33:00 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/12/30 06:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2009/12/30 06:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2009/12/30 06:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2009/12/30 06:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2009/12/30 06:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2009/12/30 06:21:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2009/12/29 12:55:12 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/29 12:53:42 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/29 12:13:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/29 12:07:38 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/15 06:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/05/26 16:23:32 | 000,016,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 16:23:30 | 000,021,596 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 16:23:28 | 000,016,036 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/10/29 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007/10/29 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007/10/29 07:00:00 | 000,536,686 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2007/10/29 07:00:00 | 000,444,808 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007/10/29 07:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2007/10/29 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007/10/29 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007/10/29 07:00:00 | 000,162,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\netbt.sys
[2007/10/29 07:00:00 | 000,095,170 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2007/10/29 07:00:00 | 000,072,684 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007/10/29 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007/10/29 07:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2007/10/29 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007/10/29 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007/10/29 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007/10/29 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007/10/29 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/01/31 07:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2004/01/20 13:16:56 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll
[2004/01/20 13:03:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2004/01/20 13:02:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2004/01/20 12:57:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[color=#E56717]========== LOP Check ==========[/color]
[2010/09/06 04:38:09 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Application Updater
[2009/12/30 06:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\BitDefender
[2010/03/08 14:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Facebook
[2011/12/07 15:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Kyicq
[2010/12/15 16:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\LimeWire
[2011/04/27 15:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\moovida-1
[2010/09/06 11:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\pdfforge
[2011/10/14 12:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Search Settings
[2011/12/07 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Vya
[2009/12/30 05:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Windows Desktop Search
[2010/02/25 12:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Windows Search
[2009/12/30 06:14:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2009/12/30 12:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/04/08 15:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/01 16:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/01/01 12:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/08/01 18:00:52 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[2011/12/11 11:47:36 | 000,090,995 | --S- | M] (BreakPoint Software, Inc.) -- C:\fxhqnrok.exe
[color=#A23BEC]< MD5 for: AEC.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:aec.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:aec.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:aec.sys
[2006/02/14 19:30:07 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=1EE7B434BA961EF845DE136224C30FEC -- C:\WINDOWS\$hf_mig$\KB900485\SP2QFE\aec.sys
[2006/02/14 19:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=1EE7B434BA961EF845DE136224C30FEC -- C:\WINDOWS\$NtServicePackUninstall$\aec.sys
[2004/08/03 16:39:38 | 000,142,464 | ---- | M] (Microsoft Corporation) MD5=841F385C6CFAF66B58FBD898722BB4F0 -- C:\WINDOWS\$NtUninstallKB900485$\aec.sys
[2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\ServicePackFiles\i386\aec.sys
[2008/04/13 11:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) MD5=8BED39E3C35D6A489438B8141717A557 -- C:\WINDOWS\system32\drivers\aec.sys
[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2007/10/29 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/13 13:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2007/10/29 07:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[color=#A23BEC]< MD5 for: DISK.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2007/10/29 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 13:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys
[color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color]
[2007/10/29 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 21:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll
[2009/06/25 09:04:32 | 000,001,536 | ---- | M] () MD5=8D4CD834292293F4055BAC313268E2DE -- C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\lib\eventlog.dll
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2007/10/29 07:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=2A7BD330924252A2FD80344FC949BB72 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 08:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 08:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/13 21:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[color=#A23BEC]< MD5 for: MOUNTMGR.SYS >[/color]
[2007/10/29 07:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) MD5=65653F3B4477F3C63E68A9659F85EE2E -- C:\WINDOWS\$NtServicePackUninstall$\mountmgr.sys
[2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\ServicePackFiles\i386\mountmgr.sys
[2008/04/13 13:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A80B9A0BAD1B73637DBCBBA7DF72D3FD -- C:\WINDOWS\system32\drivers\mountmgr.sys
[color=#A23BEC]< MD5 for: MRXSMB.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:mrxsmb.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:mrxsmb.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:mrxsmb.sys
[2006/05/05 04:41:45 | 000,453,120 | ---- | M] (Microsoft Corporation) MD5=025AF03CE51645C62F3B6907A7E2BE5E -- C:\WINDOWS\$NtUninstallKB957097_0$\mrxsmb.sys
[2011/04/29 11:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- C:\WINDOWS\Driver Cache\i386\mrxsmb.sys
[2011/04/29 11:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- C:\WINDOWS\system32\dllcache\mrxsmb.sys
[2011/04/29 11:19:43 | 000,456,320 | ---- | M] (Microsoft Corporation) MD5=0DC719E9B15E902346E87E9DCD5751FA -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2011/02/17 08:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=0EA4D8ED179B75F8AFA7998BA22285CA -- C:\WINDOWS\$NtUninstallKB2536276$\mrxsmb.sys
[2007/10/29 07:00:00 | 000,451,456 | ---- | M] (Microsoft Corporation) MD5=1FD607FC67F7F7C633C3DA65BFC53D18 -- C:\WINDOWS\$NtUninstallKB885835$\mrxsmb.sys
[2009/12/04 13:22:22 | 000,455,424 | ---- | M] (Microsoft Corporation) MD5=421F7B922CEC5A5F340E7574A98F7B7C -- C:\WINDOWS\$NtUninstallKB980232$\mrxsmb.sys
[2009/12/04 12:25:56 | 000,456,832 | ---- | M] (Microsoft Corporation) MD5=602549D1E8A622E5746991F6C56B21CA -- C:\WINDOWS\$hf_mig$\KB978251\SP3QFE\mrxsmb.sys
[2008/10/24 06:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$hf_mig$\KB957097\SP3GDR\mrxsmb.sys
[2008/10/24 06:21:09 | 000,455,296 | ---- | M] (Microsoft Corporation) MD5=60AE98742484E7AB80C3C1450E708148 -- C:\WINDOWS\$NtUninstallKB978251$\mrxsmb.sys
[2008/04/13 14:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\$NtUninstallKB957097$\mrxsmb.sys
[2008/04/13 14:17:01 | 000,456,576 | ---- | M] (Microsoft Corporation) MD5=68755F0FF16070178B54674FE5B847B0 -- C:\WINDOWS\ServicePackFiles\i386\mrxsmb.sys
[2008/10/24 06:10:42 | 000,453,632 | ---- | M] (Microsoft Corporation) MD5=6F2D483B97B395544E59749C47963C6A -- C:\WINDOWS\$NtServicePackUninstall$\mrxsmb.sys
[2008/10/24 06:41:11 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=7170AB42B51954DEF2781A4D1CCE65F4 -- C:\WINDOWS\$hf_mig$\KB957097\SP3QFE\mrxsmb.sys
[2006/05/05 05:16:39 | 000,454,400 | ---- | M] (Microsoft Corporation) MD5=7412CE77C6FD823F8889B4DF420C680B -- C:\WINDOWS\$hf_mig$\KB914389\SP2QFE\mrxsmb.sys
[2011/04/29 11:47:42 | 000,457,856 | ---- | M] (Microsoft Corporation) MD5=8DD801E28EB76FDA2A38907882A0036F -- C:\WINDOWS\$hf_mig$\KB2536276\SP3QFE\mrxsmb.sys
[2004/10/27 20:15:16 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=A1BE3CB080DCC0A8270D21E3CA3B7005 -- C:\WINDOWS\$hf_mig$\KB885835\SP2QFE\mrxsmb.sys
[2004/10/27 20:14:18 | 000,448,128 | ---- | M] (Microsoft Corporation) MD5=C9D17DAA82B917CF2FD6E4F595974934 -- C:\WINDOWS\$NtUninstallKB914389$\mrxsmb.sys
[2008/10/24 06:25:29 | 000,455,936 | ---- | M] (Microsoft Corporation) MD5=D07DA410091143336DAE419A921AAE2B -- C:\WINDOWS\$hf_mig$\KB957097\SP2QFE\mrxsmb.sys
[2010/02/24 06:57:57 | 000,457,216 | ---- | M] (Microsoft Corporation) MD5=D09B9F0B9960DD41E73127B7814C115F -- C:\WINDOWS\$hf_mig$\KB980232\SP3QFE\mrxsmb.sys
[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=F3AEFB11ABC521122B67095044169E98 -- C:\WINDOWS\$NtUninstallKB2511455$\mrxsmb.sys
[2011/02/17 08:19:38 | 000,457,472 | ---- | M] (Microsoft Corporation) MD5=FB7DFD15D760AD339837A470F0E780D3 -- C:\WINDOWS\$hf_mig$\KB2511455\SP3QFE\mrxsmb.sys
[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2007/10/29 07:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/04/13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 21:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2007/10/29 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009/02/06 13:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:49 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ECD7791E0E9246CA5F218A19F3911EB9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[color=#A23BEC]< MD5 for: RASACD.SYS >[/color]
[2007/10/29 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\dllcache\rasacd.sys
[2007/10/29 07:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) MD5=FE0D99D6F31E4FAD8159F690D68DED9C -- C:\WINDOWS\system32\drivers\rasacd.sys
[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2007/10/29 07:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 21:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[color=#A23BEC]< MD5 for: TERMDD.SYS >[/color]
[2007/10/29 07:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:termdd.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:termdd.sys
[2009/12/30 09:37:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:termdd.sys
[2008/04/13 21:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\ServicePackFiles\i386\termdd.sys
[2008/04/13 21:34:52 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=88155247177638048422893737429D9E -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/19 10:10:18 | 000,040,840 | ---- | M] (Microsoft Corporation) MD5=A540A99C281D933F3D69D55E48727F47 -- C:\WINDOWS\$NtServicePackUninstall$\termdd.sys
[color=#A23BEC]< MD5 for: WIN32K.SYS >[/color]
[2008/04/13 20:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\$NtUninstallKB969947$\win32k.sys
[2008/04/13 20:58:06 | 001,845,760 | ---- | M] (Microsoft Corporation) MD5=0E65F97FF5B39068D1D2186B3D7600C7 -- C:\WINDOWS\ServicePackFiles\i386\win32k.sys
[2010/05/02 03:02:25 | 001,860,480 | ---- | M] (Microsoft Corporation) MD5=117089D35359DD8FE8054DA17AC6EE19 -- C:\WINDOWS\$hf_mig$\KB979559\SP3QFE\win32k.sys
[2010/10/26 08:59:49 | 001,862,400 | ---- | M] (Microsoft Corporation) MD5=19209B83DC73BCA78558C2F220DB65E2 -- C:\WINDOWS\$hf_mig$\KB2436673\SP3QFE\win32k.sys
[2007/03/08 10:45:59 | 001,844,096 | ---- | M] (Microsoft Corporation) MD5=24B0EF79632899E1831BD052F53A8A24 -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\win32k.sys
[2011/06/06 06:36:19 | 001,868,032 | ---- | M] (Microsoft Corporation) MD5=31C9FCD53634B437F36B0417DA48066A -- C:\WINDOWS\$hf_mig$\KB2555917\SP3QFE\win32k.sys
[2010/12/31 09:04:24 | 001,855,104 | ---- | M] (Microsoft Corporation) MD5=3AB58BCEC87615E452991E8E257ADFA9 -- C:\WINDOWS\$NtUninstallKB2506223$\win32k.sys
[2011/03/03 08:53:37 | 001,858,048 | ---- | M] (Microsoft Corporation) MD5=3BEDF6024160399E2AF010BB2E7F4F59 -- C:\WINDOWS\$NtUninstallKB2555917$\win32k.sys
[2009/08/14 10:58:52 | 001,859,840 | ---- | M] (Microsoft Corporation) MD5=479DD2D56488951B4842B6ECBB770239 -- C:\WINDOWS\$hf_mig$\KB969947\SP3QFE\win32k.sys
[2009/08/14 10:04:43 | 001,859,456 | ---- | M] (Microsoft Corporation) MD5=660B528148A752FFFF1D22FF865C220F -- C:\WINDOWS\$hf_mig$\KB969947\SP2QFE\win32k.sys
[2011/06/06 06:35:23 | 001,859,072 | ---- | M] (Microsoft Corporation) MD5=667C2CED1208788BD0FE1F6E8CFE1CD0 -- C:\WINDOWS\system32\dllcache\win32k.sys
[2011/06/06 06:35:23 | 001,859,072 | ---- | M] (Microsoft Corporation) MD5=667C2CED1208788BD0FE1F6E8CFE1CD0 -- C:\WINDOWS\system32\win32k.sys
[2007/10/29 07:00:00 | 001,836,032 | ---- | M] (Microsoft Corporation) MD5=6B8D8840CC7D6C822FD159613D61EBA3 -- C:\WINDOWS\$NtUninstallKB890859$\win32k.sys
[2005/03/02 13:13:08 | 001,836,416 | ---- | M] (Microsoft Corporation) MD5=7EC7E0B304C1D7F73E9B6C4977952220 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\win32k.sys
[2010/09/01 02:54:08 | 001,862,016 | ---- | M] (Microsoft Corporation) MD5=81C11BC7F3FAE0CC76941A8AB9B2ED1A -- C:\WINDOWS\$hf_mig$\KB981957\SP3QFE\win32k.sys
[2009/08/14 10:13:59 | 001,850,752 | ---- | M] (Microsoft Corporation) MD5=8441F8A5DC42BD5F2BEAA95297EE0E10 -- C:\WINDOWS\$hf_mig$\KB969947\SP3GDR\win32k.sys
[2009/08/14 10:13:59 | 001,850,752 | ---- | M] (Microsoft Corporation) MD5=8441F8A5DC42BD5F2BEAA95297EE0E10 -- C:\WINDOWS\$NtUninstallKB979559$\win32k.sys
[2005/03/02 13:07:53 | 001,836,416 | ---- | M] (Microsoft Corporation) MD5=8B39DEFB4843B15A3044FFA23332B299 -- C:\WINDOWS\$NtUninstallKB925902$\win32k.sys
[2010/10/26 09:07:17 | 001,853,440 | ---- | M] (Microsoft Corporation) MD5=A872D428716E5C454D97F16785656351 -- C:\WINDOWS\$NtUninstallKB2479628$\win32k.sys
[2007/03/08 10:33:58 | 001,843,712 | ---- | M] (Microsoft Corporation) MD5=A8B9B1911F1D52DB8D24C4AC37CEC0E3 -- C:\WINDOWS\$NtUninstallKB969947_0$\win32k.sys
[2010/09/01 02:55:16 | 001,852,928 | ---- | M] (Microsoft Corporation) MD5=C71A8AFDCD34601F7FDE2DA3792CEAE9 -- C:\WINDOWS\$NtUninstallKB2436673$\win32k.sys
[2010/06/24 04:02:32 | 001,852,032 | ---- | M] (Microsoft Corporation) MD5=CA341AEF1BBBF1EF98B07E46681257D9 -- C:\WINDOWS\$NtUninstallKB981957$\win32k.sys
[2010/05/02 03:08:14 | 001,851,392 | ---- | M] (Microsoft Corporation) MD5=D6491CA433261FCBDC99D27064E5F180 -- C:\WINDOWS\$NtUninstallKB2160329$\win32k.sys
[2009/08/14 10:21:38 | 001,850,240 | ---- | M] (Microsoft Corporation) MD5=E2C10EA786F48051A65D81CF507F6881 -- C:\WINDOWS\$NtServicePackUninstall$\win32k.sys
[2011/03/03 08:52:12 | 001,867,008 | ---- | M] (Microsoft Corporation) MD5=E832E04ADDD745DC462ED800E8416B9C -- C:\WINDOWS\$hf_mig$\KB2506223\SP3QFE\win32k.sys
[2010/06/24 16:29:54 | 001,861,248 | ---- | M] (Microsoft Corporation) MD5=F1AEB1184052F4598390CE4CD638CA14 -- C:\WINDOWS\$hf_mig$\KB2160329\SP3QFE\win32k.sys
[2010/12/31 09:02:58 | 001,864,192 | ---- | M] (Microsoft Corporation) MD5=FA7694CA8CE7E7660676C646A15A3CEE -- C:\WINDOWS\$hf_mig$\KB2479628\SP3QFE\win32k.sys
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2007/10/29 07:00:00 | 000,510,976 | ---- | M] (Microsoft Corporation) MD5=92CA989E459DA32A7F173489E8D9A667 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 21:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2011/03/03 01:55:26 | 000,149,504 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll
[2011/04/26 03:06:10 | 011,081,728 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ieframe.dll
[2011/04/25 11:06:09 | 001,991,680 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 21:33:33 | 000,281,600 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 21:33:36 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 09:44:12 | 008,518,656 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2009/12/29 12:52:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/12/29 12:52:53 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/12/29 12:52:53 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[color=#A23BEC]< CREATERESTOREPOINT >[/color]
[color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color]
[C:\WINDOWS\$NtUninstallKB41394$] -> -> Unknown point type
< End of report >
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re
Pour transmettre le rapport clique sur ce lien :
http://pjjoint.malekal.com/
https://www.cjoint.com/
@+
Pour transmettre le rapport clique sur ce lien :
http://pjjoint.malekal.com/
https://www.cjoint.com/
@+
Je m'escuse pour le temps que j'ai mis, je n'avais pas accès à mon ordinateur cette semaine.
Voici l'analyse avec ce lien:
https://pjjoint.malekal.com/files.php?id=20111217_o11u9k12t12l14
C'est l'analyse avec les noms de fichiers que tu m'avais dit de coller avant de lancer l'analyse.
Encore une fois merci pour ton aide.
Voici l'analyse avec ce lien:
https://pjjoint.malekal.com/files.php?id=20111217_o11u9k12t12l14
C'est l'analyse avec les noms de fichiers que tu m'avais dit de coller avant de lancer l'analyse.
Encore une fois merci pour ton aide.
Re
* Double-clique sur l'icone OTLPE
* quand demandé "Do you wish to load the remote registry", selectionne "Yes"
* quand demandé "Do you wish to load remote user profile(s) for scanning", selectionne "Yes"
* verifier que "Automatically Load All Remaining Users" est sélectionné et presse OK
http://imagesup.org/image
* sous Custom Scan box copie_colle le tout ci dessous et clic RUNFIX
:OTL
O4 - HKLM..\Run: [iv39od7ft9] C:\Documents and Settings\All Users\iv39od7ft9.exe ()
O4 - HKU\.DEFAULT..\Run: [FxhQnrok] C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe (BreakPoint Software, Inc.)
O4 - HKU\Marion_ON_C..\Run: [{92ADDB88-12F9-1F39-12D8-29DA793630FB}] C:\Documents and Settings\Marion\Application Data\Vya\vayghin.exe ()
O4 - HKU\Marion_ON_C..\Run: [FxhQnrok] C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe (BreakPoint Software, Inc.)
O4 - HKU\Marion_ON_C..\Run: [iv39od7ft9] C:\Documents and Settings\Marion\iv39od7ft9.exe ()
O4 - HKU\Marion_ON_C..\Run: [msnmsgr] File not found
O4 - HKU\Marion_ON_C..\Run: [Privacy Protection] C:\Documents and Settings\All Users\Application Data\privacy.exe (Arcsoft, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Regedit32] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe) - C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe (BreakPoint Software, Inc.)
[2011/12/07 15:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Kyicq
[2011/04/27 15:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\moovida-1
[2010/09/06 11:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\pdfforge
[2011/10/14 12:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Search Settings
[2011/12/07 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Vya
tu conserves le rapport qui s'affiche ; et tu le copies et colles dans ta prochaine réponse
@+
* Double-clique sur l'icone OTLPE
* quand demandé "Do you wish to load the remote registry", selectionne "Yes"
* quand demandé "Do you wish to load remote user profile(s) for scanning", selectionne "Yes"
* verifier que "Automatically Load All Remaining Users" est sélectionné et presse OK
http://imagesup.org/image
* sous Custom Scan box copie_colle le tout ci dessous et clic RUNFIX
:OTL
O4 - HKLM..\Run: [iv39od7ft9] C:\Documents and Settings\All Users\iv39od7ft9.exe ()
O4 - HKU\.DEFAULT..\Run: [FxhQnrok] C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe (BreakPoint Software, Inc.)
O4 - HKU\Marion_ON_C..\Run: [{92ADDB88-12F9-1F39-12D8-29DA793630FB}] C:\Documents and Settings\Marion\Application Data\Vya\vayghin.exe ()
O4 - HKU\Marion_ON_C..\Run: [FxhQnrok] C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe (BreakPoint Software, Inc.)
O4 - HKU\Marion_ON_C..\Run: [iv39od7ft9] C:\Documents and Settings\Marion\iv39od7ft9.exe ()
O4 - HKU\Marion_ON_C..\Run: [msnmsgr] File not found
O4 - HKU\Marion_ON_C..\Run: [Privacy Protection] C:\Documents and Settings\All Users\Application Data\privacy.exe (Arcsoft, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.7\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Regedit32] File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Fichiers communs\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe) - C:\Documents and Settings\Marion\Local Settings\Application Data\wusedoft\fxhqnrok.exe (BreakPoint Software, Inc.)
[2011/12/07 15:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Kyicq
[2011/04/27 15:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\moovida-1
[2010/09/06 11:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\pdfforge
[2011/10/14 12:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Search Settings
[2011/12/07 15:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marion\Application Data\Vya
tu conserves le rapport qui s'affiche ; et tu le copies et colles dans ta prochaine réponse
@+
A un moment une fenêtre s'affiche pour que je selectionne le "user profile"
J'ai 3 choix:
localservice
marion
networkservice
Les dernières fois j'ai cliqué sur Marion (ce que je suppose être mon disque dur), c'est bon?
J'ai 3 choix:
localservice
marion
networkservice
Les dernières fois j'ai cliqué sur Marion (ce que je suppose être mon disque dur), c'est bon?
Oui!! Il n'apparait plus c'est super! Merci beaucoup!!
Mais est-il vraiment parti? il faudrait peut etre que je lance une analyse anti virus non?
Mais est-il vraiment parti? il faudrait peut etre que je lance une analyse anti virus non?
Re
Pour de plus amples informations, fait ceci stp
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Serveur N°2
Ou
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
en bas de la page ZHP avec un numéro de version.
Une fois le téléchargement achevé, dé zippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.
Double-clique sur l'icône pour lancer le programme. Sous Vista ou Seven clic droit « exécuter en tant que administrateur »
Clique sur la loupe pour lancer l'analyse.
Laisse l'outil travailler, il peut être assez long.
Ferme ZHPDiag en fin d'analyse.
Pour transmettre le rapport clique sur ce lien :
http://pjjoint.malekal.com/
https://www.cjoint.com/
Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Merci
@+
---------Contributeur Sécurité---------
On a tous été un jour débutant dans quelque chose.
Mais le savoir est la récompense de l'assiduité.
Pour de plus amples informations, fait ceci stp
Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
Ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Serveur N°2
Ou
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
en bas de la page ZHP avec un numéro de version.
Une fois le téléchargement achevé, dé zippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.
Double-clique sur l'icône pour lancer le programme. Sous Vista ou Seven clic droit « exécuter en tant que administrateur »
Clique sur la loupe pour lancer l'analyse.
Laisse l'outil travailler, il peut être assez long.
Ferme ZHPDiag en fin d'analyse.
Pour transmettre le rapport clique sur ce lien :
http://pjjoint.malekal.com/
https://www.cjoint.com/
Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).
Sélectionne le fichier ZHPDiag.txt.
Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt
est ajouté dans la page.
Copie ce lien dans ta réponse.
Merci
@+
---------Contributeur Sécurité---------
On a tous été un jour débutant dans quelque chose.
Mais le savoir est la récompense de l'assiduité.
Bonjour
Vérifions quelque chose:
Télécharge TDSSKiller
*Créez un nouveau dossier sur votre bureau puis décompressez l'archive dedans
* Lancez le programme en cliquant sur TDSSKiller.exe, l'analyse se fait automatiquement, si l'infection est détectée, des éléments cachés (= hidden) seront alors affichés.
Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée.
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer
sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau
Poste moi son rapport à l'issue; merci
@+
Vérifions quelque chose:
Télécharge TDSSKiller
*Créez un nouveau dossier sur votre bureau puis décompressez l'archive dedans
* Lancez le programme en cliquant sur TDSSKiller.exe, l'analyse se fait automatiquement, si l'infection est détectée, des éléments cachés (= hidden) seront alors affichés.
Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée.
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer
sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau
Poste moi son rapport à l'issue; merci
@+
Bonsoir,
J'ai lancé le programme ca a bien trouvé une infection, il l'a détruite. Par contre je n'ai pas trouvé de rapport!
J'ai lancé roguekiller et la par contre ya des problemes, voici les analyses:
http://cjoint.com/data/0LssRUCxra6.htm
http://cjoint.com/data/0LssTVLCQJo.htm
Aussi, cette fenetre internet arrete pas de se réactualiser suite à un probleme...
J'ai lancé le programme ca a bien trouvé une infection, il l'a détruite. Par contre je n'ai pas trouvé de rapport!
J'ai lancé roguekiller et la par contre ya des problemes, voici les analyses:
http://cjoint.com/data/0LssRUCxra6.htm
http://cjoint.com/data/0LssTVLCQJo.htm
Aussi, cette fenetre internet arrete pas de se réactualiser suite à un probleme...
Re
Qui t'as demandé quoi que ce soit?
C'est bien ce que je dis:
Vous n'en fait qu'a votre tête ;-(
Fait pour le mieux.
@+
Qui t'as demandé quoi que ce soit?
C'est bien ce que je dis:
Vous n'en fait qu'a votre tête ;-(
Fait pour le mieux.
@+
Le mode sans echec avec reseau ne fonctionne pas non plus, ca ne se lance pas....
Et tu postes à partir de quel PC?
qui peut être dispose d'un graveur CD....
@+
Je te laisse poursuivre
@+