Il y a actuellement 188 visiteurs
Lundi 25 Novembre 2024
accueilactualitésdossierscomparer les prixtélécharger gratuitement vos logicielsoffres d'emploiforum informatique
Connexion
Créer un compte

antivirus action

Un ordinateur qui ralentit, des écrans publicitaires qui apparaissent, des applications qui refusent de démarrer ou encore votre navigateur qui s'obstine à ouvrir une page douteuse sont autant d'éléments qui indiquent que l'intégrité de votre ordinateur est menacée par un virus. Vous trouverez dans ce forum quelques conseils et logiciels pour surfer tranquillement.
Règles du forum
Pour afficher un rapport d'analyse ou un rapport d'infection (HijackThis, OTL, AdwCleaner etc...)‎, veuillez utiliser le système de fichiers joints interne au forum. Seuls les formats les .txt et .log de moins de 1Mo sont acceptés. Pour obtenir de l'aide pour insérer vos fichiers joints, veuillez consulter ce tutoriel

antivirus action

Message le 17 Oct 2010 10:39

Bonjour tous!
J'ai récupéré depuis 2 jours cette *** de antivirus action qui bloque serieusement mon ordi. j'ai fait le tour d'un paquet de tutoriaux, installé hijackthis et malwarebyte que j'ai fait fonctionner en mode sans echec; l'analys du dernier ne donne rien, le 1er me demande (en fait le site hijackthis.de auquel j'ai envoyé le log pour analyse) de rayer une ligne (R1-HKCU/soft.....http=127.0.0...) ce que j'ai fait, ensuite quand je redémarre en mode normal l'infection est tjs là et me bloque internet explorer, windows m'envoie aussi un message m'indiquant qu'il bloque certains programmes au démarrage mais je ne sais pas lesquels je ne peux pas accéder à la liste. Quand je refait une analyse HJT en mode sans échec la ligne R1 réapparait à chaque fois... Au secours!!! Y a t il un vrai baléze dans la salle? le log HJT suit:
Code: Tout sélectionner
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:01:40, on 17/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Safe mode

Running processes:
C:\Windows\explorer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\Rémy\Desktop\solution.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/7
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101014224032.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SetupAdobe] C:\Users\RMY~1\AppData\Local\Temp\iCxn.exe
O4 - HKCU\..\Run: [resourcesFXnetForms] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ro_b830ec032889aead\resourcesfxnet.exe
O4 - HKCU\..\Run: [CollectionsCollections] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\collectionsiforex.exe
O4 - HKCU\..\Run: [resourcesresources] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ar_b08682312d7ab589\fxnetfxnetforms.exe
O4 - HKCU\..\Run: [iFOREXiFOREX] C:\Users\Rémy\AppData\Local\Apps\2.0\NZ0Z5HA3.MV4\A8MCNK3N.R1N\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\CollectionsiFOREX.exe
O4 - HKCU\..\Run: [SetupMaster] c:\users\rémy\appdata\local\temp\icxn.exe
O4 - HKCU\..\Run: [rairebsv] C:\Users\RMY~1\AppData\Local\Temp\wncviewfd\bkolnaxyhsn.exe
O4 - HKCU\..\RunServices: [LiveMsetup] C:\Users\RMY~1\AppData\Local\Temp\iCxn.exe
O4 - HKCU\..\RunServices: [NetworkCanon] c:\users\rémy\desktop\canon\networktool3769.exe
O4 - HKCU\..\RunServices: [FXnetresources] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ro_b830ec032889aead\fxnetresources.exe
O4 - HKCU\..\RunServices: [TraderFXnetTrading] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..tion_b78ace61b57f1808_0005.0009_61645e04f2d9b6e6\pt-br\traderresources.exe
O4 - HKCU\..\RunServices: [iFOREXCollections] C:\Users\Rémy\AppData\Local\Apps\2.0\NZ0Z5HA3.MV4\A8MCNK3N.R1N\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\CollectionsiFOREX.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10782 bytes

Merci d'avance
misteremy
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 16 Oct 2010 23:37
 


Re: antivirus action

Message le 17 Oct 2010 10:52

hello et bienvenue sur PC Infopratique :wink:

* Télécharge >> OTL <<sur ton bureau.

Si le rogue bloque OTL, Renomme OTL.exe en Winlogon.exe

* Fait un double-clic sur l'icône d'OTL ( ou Winlogin.exe) pour le lancer

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "rapport minimal " soit cochée.

* Coches les case situées devant "Tous les utilisateurs", " Recherche LOP" et "Recherche Purity".

* Copier et colle le contenue de cette citation dans la partie inférieure d'OTL "personnalisation"

%APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.*
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
userinit.exe
winlogon.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles


* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( réduit dans la barre des taches).
* Copie et colle les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés


@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: antivirus action

Message le 17 Oct 2010 12:55

Merci pour ta vitesse de réponse et ta précision, je fais ça cet aprem
Je le fais en mode sanséchec je présume?
misteremy
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 16 Oct 2010 23:37
 

Re: antivirus action

Message le 17 Oct 2010 12:59

re,

je préfère en mode normal car les fichiers actifs seront visible, mais si c'est trop galère fais le en MSE :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: antivirus action

Message le 17 Oct 2010 20:48

Re: je suis passé par le sans échec, en mode normal impossible d'ouvrir un fichier , de lancer word, le bloc note ou même internet explorer (heureusement mozilla...)
Voici les logs:
Code: Tout sélectionner

Hum... Allo Houston, on a un problème...
Je n'arrive même pas à faire un copier coller des logs, il s'ouvrent 1 seconde sur le texte et se referment aussitôt avec un gentil message
Que faire?
misteremy
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 16 Oct 2010 23:37
 

Re: antivirus action

Message le 17 Oct 2010 21:14

Code: Tout sélectionner
OTL logfile created on: 17/10/2010 21:23:21 - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\Rémy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,98 Gb Total Space | 215,06 Gb Free Space | 76,00% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 6,80 Gb Free Space | 45,30% Space Free | Partition Type: NTFS
Drive G: | 3,76 Gb Total Space | 1,83 Gb Free Space | 48,73% Space Free | Partition Type: FAT32
 
Computer Name: PC-DE-RÉMY | User Name: Rémy | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Rémy\Desktop\Winlogon.exe.exe (OldTimer Tools)
PRC - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Rémy\Desktop\Winlogon.exe.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Pilote de la connexion réseau Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/7
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Durable"
FF - prefs.js..browser.search.defaulturl: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Durable"
FF - prefs.js..browser.startup.homepage: "http://www.msn.fr"
FF - prefs.js..keyword.URL: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/30 21:11:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.7\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010/09/18 10:08:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.7\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2010/09/18 10:08:13 | 000,000,000 | ---D | M]
 
[2009/09/11 10:19:19 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\mozilla\Firefox\Profiles\tyuetb14.default\extensions
[2009/09/11 10:19:19 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Users\Rémy\AppData\Roaming\mozilla\Firefox\Profiles\tyuetb14.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/14 09:44:16 | 000,000,530 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Mozilla\FireFox\Profiles\tyuetb14.default\searchplugins\durable.xml
[2009/09/11 10:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/11 14:10:50 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/11 10:19:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\defaults\profile\extensions
[2009/09/11 10:19:15 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\mozilla firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/09/19 13:39:00 | 000,041,578 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2005/09/19 13:39:00 | 000,048,228 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2005/09/19 13:39:00 | 000,160,876 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2005/09/19 13:39:00 | 000,017,028 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2010/08/13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/09/18 10:08:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/09/18 10:08:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/09/18 10:08:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/09/18 10:08:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/09/18 10:08:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/09/18 10:08:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/09/18 10:08:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/09/19 13:39:00 | 000,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotfr.png
[2005/09/19 13:39:00 | 000,000,770 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotfr.src
[2005/09/19 13:39:00 | 000,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2005/09/19 13:39:00 | 000,000,961 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2005/09/19 13:39:00 | 000,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBayfr.gif
[2005/09/19 13:39:00 | 000,001,036 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBayfr.src
[2005/09/19 13:39:00 | 000,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2005/09/19 13:39:00 | 000,000,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2005/09/19 13:39:00 | 000,000,459 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.png
[2005/09/19 13:39:00 | 000,001,350 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.src
[2005/09/19 13:39:00 | 000,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2005/09/19 13:39:00 | 000,001,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src
 
O1 HOSTS File: ([2010/05/13 22:04:27 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101017100057.dll (McAfee, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [CollectionsCollections] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\collectionsiforex.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [iFOREXiFOREX] C:\Users\Rémy\AppData\Local\Apps\2.0\NZ0Z5HA3.MV4\A8MCNK3N.R1N\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\CollectionsiFOREX.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [rairebsv] C:\Users\RMY~1\AppData\Local\Temp\wncviewfd\bkolnaxyhsn.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [resourcesFXnetForms] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ro_b830ec032889aead\resourcesfxnet.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [resourcesresources] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ar_b08682312d7ab589\fxnetfxnetforms.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [SetupAdobe] C:\Users\RMY~1\AppData\Local\Temp\iCxn.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [SetupMaster] c:\users\rémy\appdata\local\temp\icxn.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [FXnetresources] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ro_b830ec032889aead\fxnetresources.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [iFOREXCollections] C:\Users\Rémy\AppData\Local\Apps\2.0\NZ0Z5HA3.MV4\A8MCNK3N.R1N\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\CollectionsiFOREX.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [LiveMsetup] C:\Users\RMY~1\AppData\Local\Temp\iCxn.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [NetworkCanon] c:\users\rémy\desktop\canon\networktool3769.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [TraderFXnetTrading] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..tion_b78ace61b57f1808_0005.0009_61645e04f2d9b6e6\pt-br\traderresources.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Rémy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rémy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rémy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/10/17 21:12:15 | 002,666,083 | -H-- | C] () -- C:\Users\Rémy\AppData\Local\IconCache.db
[2010/10/17 21:07:44 | 000,716,800 | ---- | C] (EMKR) -- C:\Users\Rémy\AppData\Local\syssvc.exe
[2010/10/17 14:38:56 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Rémy\Desktop\Winlogon.exe.exe
[2010/10/17 00:57:28 | 000,000,000 | ---D | C] -- C:\Users\Rémy\AppData\Roaming\PeerNetworking
[2010/10/16 22:15:02 | 000,000,000 | ---D | C] -- C:\Users\Rémy\Desktop\backups
[2010/10/16 21:55:26 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rémy\Desktop\solution.exe
[2010/10/16 14:53:35 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Rémy\Desktop\mbam-setup.exe
[2010/10/13 22:57:52 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 22:57:24 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/13 22:57:02 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 22:56:55 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 22:56:54 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 22:56:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 22:56:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/13 22:56:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 22:56:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 22:56:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 22:56:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 22:56:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 22:56:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/13 22:56:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/13 22:56:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/13 22:56:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/13 22:56:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/13 22:56:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 22:56:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 22:56:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/13 22:56:49 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 22:56:48 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 22:56:45 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/13 22:56:41 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 22:56:39 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/10 11:12:01 | 000,000,000 | ---D | C] -- C:\Users\Rémy\AppData\Roaming\Malwarebytes
[2010/10/10 11:11:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/10 11:11:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/10 11:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/10 11:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/10 11:01:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Rémy\Desktop\mb.exe.exe
[2010/10/01 23:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/01 23:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/28 22:51:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/27 01:05:33 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/18 10:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/08/14 07:53:56 | 000,006,756 | ---- | C] () -- C:\Users\Rémy\AppData\Local\d3d9caps.dat
[2009/08/01 23:33:43 | 000,015,872 | ---- | C] () -- C:\Users\Rémy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/30 21:02:01 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Rémy\AppData\Roaming\DataSafeDotNet.exe
[2009/07/30 14:15:42 | 000,059,464 | ---- | C] () -- C:\Users\Rémy\AppData\Local\GDIPFONTCACHEV1.DAT
[2006/11/02 14:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/10/17 21:13:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/17 21:12:29 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 21:12:29 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 21:07:50 | 000,716,800 | ---- | M] (EMKR) -- C:\Users\Rémy\AppData\Local\syssvc.exe
[2010/10/17 14:46:52 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/10/17 14:46:52 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/17 14:46:52 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/10/17 14:46:52 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/17 14:39:08 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rémy\Desktop\Winlogon.exe.exe
[2010/10/17 00:22:05 | 000,006,756 | ---- | M] () -- C:\Users\Rémy\AppData\Local\d3d9caps.dat
[2010/10/16 21:55:28 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rémy\Desktop\solution.exe
[2010/10/16 14:56:16 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 14:54:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Rémy\Desktop\mbam-setup.exe
[2010/10/16 14:44:47 | 000,364,032 | ---- | M] () -- C:\Users\Rémy\Desktop\rkill.com
[2010/10/14 03:25:04 | 000,270,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/10 11:02:01 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Rémy\Desktop\mb.exe.exe
[2010/10/01 23:51:39 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/01 23:40:14 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/09/18 10:07:58 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/18 09:47:21 | 000,001,854 | ---- | M] () -- C:\Users\Rémy\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/18 09:47:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/10/16 14:44:44 | 000,364,032 | ---- | C] () -- C:\Users\Rémy\Desktop\rkill.com
[2010/10/10 11:11:58 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/01 23:51:39 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/18 10:07:58 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/09/24 23:43:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/24 05:04:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/07/24 05:04:27 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/04/29 22:07:57 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Canon
[2009/10/16 22:02:20 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\CoSoSys
[2010/10/17 00:57:28 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\PeerNetworking
[2009/09/09 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Windows Live Writer
[2010/10/17 21:12:27 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.* >[/color]
[2010/10/10 11:59:54 | 000,002,676 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-10 (11-59-54).txt
[2010/10/10 23:16:08 | 000,006,572 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-10 (23-16-08).txt
[2010/10/11 00:10:50 | 000,001,186 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-11 (00-10-50).txt
[2010/10/11 01:07:24 | 000,001,076 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-11 (01-07-24).txt
[2010/10/11 13:04:36 | 000,001,191 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-11 (13-04-36).txt
[2010/10/15 22:34:40 | 000,001,362 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-15 (22-34-40).txt
[2010/10/15 23:33:24 | 000,001,076 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-15 (23-33-24).txt
[2010/10/16 00:44:30 | 000,001,076 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-16 (00-44-30).txt
[2010/10/16 10:28:52 | 000,001,076 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-16 (10-28-52).txt
[2010/10/16 15:56:27 | 000,001,154 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-16 (15-56-27).txt
[2010/10/17 00:29:01 | 000,001,075 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-17 (00-29-01).txt
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2009/08/04 23:04:52 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Adobe
[2010/04/26 23:50:42 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Apple Computer
[2010/04/29 22:07:57 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Canon
[2009/10/16 22:02:20 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\CoSoSys
[2009/11/05 22:35:17 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\CyberLink
[2009/07/30 14:15:47 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Dell
[2009/08/02 00:46:43 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\DivX
[2009/07/30 14:19:58 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Identities
[2009/07/30 14:48:21 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Macromedia
[2010/10/10 11:12:01 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Malwarebytes
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Media Center Programs
[2010/10/16 22:18:37 | 000,000,000 | --SD | M] -- C:\Users\Rémy\AppData\Roaming\Microsoft
[2009/09/11 10:19:20 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Mozilla
[2010/10/17 00:57:28 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\PeerNetworking
[2009/09/09 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Windows Live Writer
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2009/12/03 22:44:20 | 008,653,312 | ---- | M] (Dell, Inc.                                                   ) -- C:\Users\Rémy\AppData\Roaming\DataSafeDotNet.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006/11/02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009/04/23 14:51:52 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/23 14:51:51 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/23 14:51:51 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/23 14:51:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008/01/21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[2008/02/08 06:25:28 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=C8560010A542B5DCA94C62468DC20784 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.22110_none_a845f8a63534c8d3\ndis.sys
[2008/02/08 06:22:00 | 000,503,352 | ---- | M] (Microsoft Corporation) MD5=E50187F20ED749F57C97836FEDE14BD6 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20768_none_a631acb4382f8e4f\ndis.sys
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\drivers\sfloppy.sys
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2009/04/23 14:39:44 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009/12/08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009/08/15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009/08/14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010/02/18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009/08/14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009/12/08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010/02/18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009/12/08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010/06/16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009/08/14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010/06/16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2009/04/23 14:39:44 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/12/08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009/08/14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2009/04/23 14:36:07 | 000,890,936 | ---- | M] (Microsoft Corporation) MD5=9081EBA4184E7EB87C55E18C089283A5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22144_none_b38070957fa0b5e0\tcpip.sys
[2010/02/18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009/12/08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010/02/18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009/12/08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008/01/21 04:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009/08/14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\drivers\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_67b3f94c\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_59ded168e0c6a0d3\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6002.18005_none_5bca4a74dde86c1f\usbscan.sys
[2006/11/02 11:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=B1F95285C08DDFE00C0B955462637EC7 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_727905e0\usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtrans.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]<  >[/color]

< End of report >
 
[color=#A23BEC]< MD5 for: [2006/11/02 10:51:40 | 000,013,312 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sfloppy.sys
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys
 
[color=#A23BEC]< MD5 for: [2006/11/02 10:51:44 | 000,067,072 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2006/11/02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
 
[color=#A23BEC]< MD5 for: [2006/11/02 11:14:17 | 000,035,328 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2006/11/02 11:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_727905e0\usbscan.sys
 
[color=#A23BEC]< MD5 for: [2006/11/02 11:49:51 | 000,052,840 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2006/11/02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:02 | 000,067,072 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:20 | 000,013,312 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:20 | 000,055,352 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:27 | 000,035,328 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_67b3f94c\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_59ded168e0c6a0d3\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6002.18005_none_5bca4a74dde86c1f\usbscan.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:50 | 000,529,464 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:24:24 | 002,927,104 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:24:49 | 000,025,088 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:24:49 | 000,314,880 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:25:03 | 000,891,448 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2008/02/08 06:22:00 | 000,503,352 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/02/08 06:22:00 | 000,503,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20768_none_a631acb4382f8e4f\ndis.sys
 
[color=#A23BEC]< MD5 for: [2008/02/08 06:25:28 | 000,529,464 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/02/08 06:25:28 | 000,529,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.22110_none_a845f8a63534c8d3\ndis.sys
 
[color=#A23BEC]< MD5 for: [2009/04/11 06:39:17 | 000,067,072 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:32:31 | 000,053,736 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:32:49 | 000,527,848 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:33:02 | 000,897,000 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:36:07 | 000,890,936 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:36:07 | 000,890,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22144_none_b38070957fa0b5e0\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:39:44 | 000,891,448 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:39:44 | 000,891,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/04/23 14:39:44 | 000,891,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:51:51 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:51:51 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:51:51 | 002,927,104 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:51:51 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:51:51 | 002,927,616 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:51:51 | 002,927,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:51:52 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:51:52 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/08/14 16:24:47 | 000,813,568 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/14 18:27:34 | 000,904,776 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/14 18:33:50 | 000,905,784 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/14 19:01:55 | 000,900,168 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/14 19:07:56 | 000,897,608 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/15 23:30:53 | 000,816,640 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 19:45:32 | 000,816,640 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 19:58:13 | 000,813,568 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 22:01:08 | 000,904,776 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 22:15:00 | 000,907,832 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 22:37:09 | 000,900,696 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 22:52:30 | 000,897,624 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 13:51:51 | 000,818,688 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 14:05:37 | 000,815,104 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 16:07:16 | 000,904,576 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 16:22:11 | 000,910,216 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 16:49:38 | 000,898,952 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 19:36:50 | 000,902,024 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/16 17:55:58 | 000,902,032 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/16 17:59:54 | 000,898,952 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/16 18:04:57 | 000,905,088 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/16 18:39:32 | 000,912,776 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtrans.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]<  >[/color]

< End of report >
misteremy
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 16 Oct 2010 23:37
 

Re: antivirus action

Message le 17 Oct 2010 21:16

Code: Tout sélectionner
OTL logfile created on: 17/10/2010 21:23:21 - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\Rémy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,98 Gb Total Space | 215,06 Gb Free Space | 76,00% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 6,80 Gb Free Space | 45,30% Space Free | Partition Type: NTFS
Drive G: | 3,76 Gb Total Space | 1,83 Gb Free Space | 48,73% Space Free | Partition Type: FAT32
 
Computer Name: PC-DE-RÉMY | User Name: Rémy | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Rémy\Desktop\Winlogon.exe.exe (OldTimer Tools)
PRC - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Rémy\Desktop\Winlogon.exe.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Pilote de la connexion réseau Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/7
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Durable"
FF - prefs.js..browser.search.defaulturl: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Durable"
FF - prefs.js..browser.startup.homepage: "http://www.msn.fr"
FF - prefs.js..keyword.URL: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/30 21:11:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.7\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010/09/18 10:08:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.7\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2010/09/18 10:08:13 | 000,000,000 | ---D | M]
 
[2009/09/11 10:19:19 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\mozilla\Firefox\Profiles\tyuetb14.default\extensions
[2009/09/11 10:19:19 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Users\Rémy\AppData\Roaming\mozilla\Firefox\Profiles\tyuetb14.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/14 09:44:16 | 000,000,530 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Mozilla\FireFox\Profiles\tyuetb14.default\searchplugins\durable.xml
[2009/09/11 10:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/11 14:10:50 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/11 10:19:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\defaults\profile\extensions
[2009/09/11 10:19:15 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\mozilla firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/09/19 13:39:00 | 000,041,578 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2005/09/19 13:39:00 | 000,048,228 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2005/09/19 13:39:00 | 000,160,876 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2005/09/19 13:39:00 | 000,017,028 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2010/08/13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/09/18 10:08:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/09/18 10:08:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/09/18 10:08:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/09/18 10:08:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/09/18 10:08:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/09/18 10:08:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/09/18 10:08:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/09/19 13:39:00 | 000,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotfr.png
[2005/09/19 13:39:00 | 000,000,770 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotfr.src
[2005/09/19 13:39:00 | 000,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2005/09/19 13:39:00 | 000,000,961 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2005/09/19 13:39:00 | 000,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBayfr.gif
[2005/09/19 13:39:00 | 000,001,036 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBayfr.src
[2005/09/19 13:39:00 | 000,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2005/09/19 13:39:00 | 000,000,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2005/09/19 13:39:00 | 000,000,459 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.png
[2005/09/19 13:39:00 | 000,001,350 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.src
[2005/09/19 13:39:00 | 000,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2005/09/19 13:39:00 | 000,001,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src
 
O1 HOSTS File: ([2010/05/13 22:04:27 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101017100057.dll (McAfee, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [CollectionsCollections] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\collectionsiforex.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [iFOREXiFOREX] C:\Users\Rémy\AppData\Local\Apps\2.0\NZ0Z5HA3.MV4\A8MCNK3N.R1N\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\CollectionsiFOREX.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [rairebsv] C:\Users\RMY~1\AppData\Local\Temp\wncviewfd\bkolnaxyhsn.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [resourcesFXnetForms] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ro_b830ec032889aead\resourcesfxnet.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [resourcesresources] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ar_b08682312d7ab589\fxnetfxnetforms.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [SetupAdobe] C:\Users\RMY~1\AppData\Local\Temp\iCxn.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [SetupMaster] c:\users\rémy\appdata\local\temp\icxn.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [FXnetresources] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ro_b830ec032889aead\fxnetresources.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [iFOREXCollections] C:\Users\Rémy\AppData\Local\Apps\2.0\NZ0Z5HA3.MV4\A8MCNK3N.R1N\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\CollectionsiFOREX.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [LiveMsetup] C:\Users\RMY~1\AppData\Local\Temp\iCxn.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [NetworkCanon] c:\users\rémy\desktop\canon\networktool3769.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [TraderFXnetTrading] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..tion_b78ace61b57f1808_0005.0009_61645e04f2d9b6e6\pt-br\traderresources.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Rémy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rémy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rémy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/10/17 21:12:15 | 002,666,083 | -H-- | C] () -- C:\Users\Rémy\AppData\Local\IconCache.db
[2010/10/17 21:07:44 | 000,716,800 | ---- | C] (EMKR) -- C:\Users\Rémy\AppData\Local\syssvc.exe
[2010/10/17 14:38:56 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Rémy\Desktop\Winlogon.exe.exe
[2010/10/17 00:57:28 | 000,000,000 | ---D | C] -- C:\Users\Rémy\AppData\Roaming\PeerNetworking
[2010/10/16 22:15:02 | 000,000,000 | ---D | C] -- C:\Users\Rémy\Desktop\backups
[2010/10/16 21:55:26 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rémy\Desktop\solution.exe
[2010/10/16 14:53:35 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Rémy\Desktop\mbam-setup.exe
[2010/10/13 22:57:52 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 22:57:24 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/13 22:57:02 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 22:56:55 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 22:56:54 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 22:56:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 22:56:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/13 22:56:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 22:56:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 22:56:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 22:56:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 22:56:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 22:56:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/13 22:56:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/13 22:56:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/13 22:56:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/13 22:56:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/13 22:56:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 22:56:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 22:56:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/13 22:56:49 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 22:56:48 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 22:56:45 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/13 22:56:41 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 22:56:39 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/10 11:12:01 | 000,000,000 | ---D | C] -- C:\Users\Rémy\AppData\Roaming\Malwarebytes
[2010/10/10 11:11:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/10 11:11:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/10 11:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/10 11:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/10 11:01:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Rémy\Desktop\mb.exe.exe
[2010/10/01 23:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/01 23:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/28 22:51:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/27 01:05:33 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/18 10:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/08/14 07:53:56 | 000,006,756 | ---- | C] () -- C:\Users\Rémy\AppData\Local\d3d9caps.dat
[2009/08/01 23:33:43 | 000,015,872 | ---- | C] () -- C:\Users\Rémy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/30 21:02:01 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Rémy\AppData\Roaming\DataSafeDotNet.exe
[2009/07/30 14:15:42 | 000,059,464 | ---- | C] () -- C:\Users\Rémy\AppData\Local\GDIPFONTCACHEV1.DAT
[2006/11/02 14:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/10/17 21:13:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/17 21:12:29 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 21:12:29 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 21:07:50 | 000,716,800 | ---- | M] (EMKR) -- C:\Users\Rémy\AppData\Local\syssvc.exe
[2010/10/17 14:46:52 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/10/17 14:46:52 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/17 14:46:52 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/10/17 14:46:52 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/17 14:39:08 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rémy\Desktop\Winlogon.exe.exe
[2010/10/17 00:22:05 | 000,006,756 | ---- | M] () -- C:\Users\Rémy\AppData\Local\d3d9caps.dat
[2010/10/16 21:55:28 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rémy\Desktop\solution.exe
[2010/10/16 14:56:16 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 14:54:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Rémy\Desktop\mbam-setup.exe
[2010/10/16 14:44:47 | 000,364,032 | ---- | M] () -- C:\Users\Rémy\Desktop\rkill.com
[2010/10/14 03:25:04 | 000,270,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/10 11:02:01 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Rémy\Desktop\mb.exe.exe
[2010/10/01 23:51:39 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/01 23:40:14 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/09/18 10:07:58 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/18 09:47:21 | 000,001,854 | ---- | M] () -- C:\Users\Rémy\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/18 09:47:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/10/16 14:44:44 | 000,364,032 | ---- | C] () -- C:\Users\Rémy\Desktop\rkill.com
[2010/10/10 11:11:58 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/01 23:51:39 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/18 10:07:58 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/09/24 23:43:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/24 05:04:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/07/24 05:04:27 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/04/29 22:07:57 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Canon
[2009/10/16 22:02:20 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\CoSoSys
[2010/10/17 00:57:28 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\PeerNetworking
[2009/09/09 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Windows Live Writer
[2010/10/17 21:12:27 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.* >[/color]
[2010/10/10 11:59:54 | 000,002,676 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-10 (11-59-54).txt
[2010/10/10 23:16:08 | 000,006,572 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-10 (23-16-08).txt
[2010/10/11 00:10:50 | 000,001,186 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-11 (00-10-50).txt
[2010/10/11 01:07:24 | 000,001,076 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-11 (01-07-24).txt
[2010/10/11 13:04:36 | 000,001,191 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-11 (13-04-36).txt
[2010/10/15 22:34:40 | 000,001,362 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-15 (22-34-40).txt
[2010/10/15 23:33:24 | 000,001,076 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-15 (23-33-24).txt
[2010/10/16 00:44:30 | 000,001,076 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-16 (00-44-30).txt
[2010/10/16 10:28:52 | 000,001,076 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-16 (10-28-52).txt
[2010/10/16 15:56:27 | 000,001,154 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-16 (15-56-27).txt
[2010/10/17 00:29:01 | 000,001,075 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-17 (00-29-01).txt
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2009/08/04 23:04:52 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Adobe
[2010/04/26 23:50:42 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Apple Computer
[2010/04/29 22:07:57 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Canon
[2009/10/16 22:02:20 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\CoSoSys
[2009/11/05 22:35:17 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\CyberLink
[2009/07/30 14:15:47 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Dell
[2009/08/02 00:46:43 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\DivX
[2009/07/30 14:19:58 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Identities
[2009/07/30 14:48:21 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Macromedia
[2010/10/10 11:12:01 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Malwarebytes
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Media Center Programs
[2010/10/16 22:18:37 | 000,000,000 | --SD | M] -- C:\Users\Rémy\AppData\Roaming\Microsoft
[2009/09/11 10:19:20 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Mozilla
[2010/10/17 00:57:28 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\PeerNetworking
[2009/09/09 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Windows Live Writer
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2009/12/03 22:44:20 | 008,653,312 | ---- | M] (Dell, Inc.                                                   ) -- C:\Users\Rémy\AppData\Roaming\DataSafeDotNet.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006/11/02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009/04/23 14:51:52 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/23 14:51:51 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/23 14:51:51 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/23 14:51:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008/01/21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[2008/02/08 06:25:28 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=C8560010A542B5DCA94C62468DC20784 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.22110_none_a845f8a63534c8d3\ndis.sys
[2008/02/08 06:22:00 | 000,503,352 | ---- | M] (Microsoft Corporation) MD5=E50187F20ED749F57C97836FEDE14BD6 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20768_none_a631acb4382f8e4f\ndis.sys
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\drivers\sfloppy.sys
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2009/04/23 14:39:44 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009/12/08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009/08/15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009/08/14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010/02/18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009/08/14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009/12/08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010/02/18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009/12/08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010/06/16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009/08/14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010/06/16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2009/04/23 14:39:44 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/12/08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009/08/14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2009/04/23 14:36:07 | 000,890,936 | ---- | M] (Microsoft Corporation) MD5=9081EBA4184E7EB87C55E18C089283A5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22144_none_b38070957fa0b5e0\tcpip.sys
[2010/02/18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009/12/08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010/02/18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009/12/08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008/01/21 04:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009/08/14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\drivers\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_67b3f94c\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_59ded168e0c6a0d3\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6002.18005_none_5bca4a74dde86c1f\usbscan.sys
[2006/11/02 11:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=B1F95285C08DDFE00C0B955462637EC7 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_727905e0\usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtrans.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]<  >[/color]

< End of report >
 
[color=#A23BEC]< MD5 for: [2006/11/02 10:51:40 | 000,013,312 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sfloppy.sys
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys
 
[color=#A23BEC]< MD5 for: [2006/11/02 10:51:44 | 000,067,072 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2006/11/02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
 
[color=#A23BEC]< MD5 for: [2006/11/02 11:14:17 | 000,035,328 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2006/11/02 11:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_727905e0\usbscan.sys
 
[color=#A23BEC]< MD5 for: [2006/11/02 11:49:51 | 000,052,840 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2006/11/02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:02 | 000,067,072 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:20 | 000,013,312 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:20 | 000,055,352 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:27 | 000,035,328 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_67b3f94c\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_59ded168e0c6a0d3\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6002.18005_none_5bca4a74dde86c1f\usbscan.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:50 | 000,529,464 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:24:24 | 002,927,104 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:24:49 | 000,025,088 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:24:49 | 000,314,880 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:25:03 | 000,891,448 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2008/02/08 06:22:00 | 000,503,352 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/02/08 06:22:00 | 000,503,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20768_none_a631acb4382f8e4f\ndis.sys
 
[color=#A23BEC]< MD5 for: [2008/02/08 06:25:28 | 000,529,464 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/02/08 06:25:28 | 000,529,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.22110_none_a845f8a63534c8d3\ndis.sys
 
[color=#A23BEC]< MD5 for: [2009/04/11 06:39:17 | 000,067,072 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:32:31 | 000,053,736 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:32:49 | 000,527,848 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:33:02 | 000,897,000 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:36:07 | 000,890,936 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:36:07 | 000,890,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22144_none_b38070957fa0b5e0\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:39:44 | 000,891,448 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:39:44 | 000,891,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/04/23 14:39:44 | 000,891,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:51:51 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:51:51 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:51:51 | 002,927,104 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:51:51 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:51:51 | 002,927,616 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:51:51 | 002,927,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:51:52 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:51:52 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/08/14 16:24:47 | 000,813,568 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/14 18:27:34 | 000,904,776 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/14 18:33:50 | 000,905,784 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/14 19:01:55 | 000,900,168 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/14 19:07:56 | 000,897,608 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/15 23:30:53 | 000,816,640 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 19:45:32 | 000,816,640 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 19:58:13 | 000,813,568 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 22:01:08 | 000,904,776 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 22:15:00 | 000,907,832 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 22:37:09 | 000,900,696 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 22:52:30 | 000,897,624 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 13:51:51 | 000,818,688 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 14:05:37 | 000,815,104 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 16:07:16 | 000,904,576 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 16:22:11 | 000,910,216 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 16:49:38 | 000,898,952 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 19:36:50 | 000,902,024 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/16 17:55:58 | 000,902,032 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/16 17:59:54 | 000,898,952 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/16 18:04:57 | 000,905,088 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/16 18:39:32 | 000,912,776 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtrans.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]<  >[/color]

< End of report >
misteremy
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 16 Oct 2010 23:37
 

Re: antivirus action

Message le 17 Oct 2010 21:18

Code: Tout sélectionner
OTL logfile created on: 17/10/2010 21:23:21 - Run 1
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\Rémy\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,98 Gb Total Space | 215,06 Gb Free Space | 76,00% Space Free | Partition Type: NTFS
Drive D: | 15,00 Gb Total Space | 6,80 Gb Free Space | 45,30% Space Free | Partition Type: NTFS
Drive G: | 3,76 Gb Total Space | 1,83 Gb Free Space | 48,73% Space Free | Partition Type: FAT32
 
Computer Name: PC-DE-RÉMY | User Name: Rémy | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Rémy\Desktop\Winlogon.exe.exe (OldTimer Tools)
PRC - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Rémy\Desktop\Winlogon.exe.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Pilote de la connexion réseau Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/7
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Durable"
FF - prefs.js..browser.search.defaulturl: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Durable"
FF - prefs.js..browser.startup.homepage: "http://www.msn.fr"
FF - prefs.js..keyword.URL: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/30 21:11:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.7\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2010/09/18 10:08:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.0.7\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2010/09/18 10:08:13 | 000,000,000 | ---D | M]
 
[2009/09/11 10:19:19 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\mozilla\Firefox\Profiles\tyuetb14.default\extensions
[2009/09/11 10:19:19 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Users\Rémy\AppData\Roaming\mozilla\Firefox\Profiles\tyuetb14.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/14 09:44:16 | 000,000,530 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Mozilla\FireFox\Profiles\tyuetb14.default\searchplugins\durable.xml
[2009/09/11 10:19:34 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/11 14:10:50 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/09/11 10:19:15 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\defaults\profile\extensions
[2009/09/11 10:19:15 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\mozilla firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/09/19 13:39:00 | 000,041,578 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2005/09/19 13:39:00 | 000,048,228 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2005/09/19 13:39:00 | 000,160,876 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2005/09/19 13:39:00 | 000,017,028 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2010/08/13 07:03:40 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2010/09/18 10:08:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/09/18 10:08:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/09/18 10:08:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/09/18 10:08:12 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/09/18 10:08:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/09/18 10:08:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/09/18 10:08:13 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2005/09/19 13:39:00 | 000,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotfr.png
[2005/09/19 13:39:00 | 000,000,770 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotfr.src
[2005/09/19 13:39:00 | 000,000,356 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2005/09/19 13:39:00 | 000,000,961 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2005/09/19 13:39:00 | 000,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBayfr.gif
[2005/09/19 13:39:00 | 000,001,036 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBayfr.src
[2005/09/19 13:39:00 | 000,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2005/09/19 13:39:00 | 000,000,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2005/09/19 13:39:00 | 000,000,459 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.png
[2005/09/19 13:39:00 | 000,001,350 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.src
[2005/09/19 13:39:00 | 000,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2005/09/19 13:39:00 | 000,001,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src
 
O1 HOSTS File: ([2010/05/13 22:04:27 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101017100057.dll (McAfee, Inc.)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [CollectionsCollections] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\collectionsiforex.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [iFOREXiFOREX] C:\Users\Rémy\AppData\Local\Apps\2.0\NZ0Z5HA3.MV4\A8MCNK3N.R1N\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\CollectionsiFOREX.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [rairebsv] C:\Users\RMY~1\AppData\Local\Temp\wncviewfd\bkolnaxyhsn.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [resourcesFXnetForms] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ro_b830ec032889aead\resourcesfxnet.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [resourcesresources] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ar_b08682312d7ab589\fxnetfxnetforms.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [SetupAdobe] C:\Users\RMY~1\AppData\Local\Temp\iCxn.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [SetupMaster] c:\users\rémy\appdata\local\temp\icxn.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [FXnetresources] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ro_b830ec032889aead\fxnetresources.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [iFOREXCollections] C:\Users\Rémy\AppData\Local\Apps\2.0\NZ0Z5HA3.MV4\A8MCNK3N.R1N\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\CollectionsiFOREX.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [LiveMsetup] C:\Users\RMY~1\AppData\Local\Temp\iCxn.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [NetworkCanon] c:\users\rémy\desktop\canon\networktool3769.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000..\RunServices: [TraderFXnetTrading] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..tion_b78ace61b57f1808_0005.0009_61645e04f2d9b6e6\pt-br\traderresources.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Rémy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Rémy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rémy\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Papier peint de la Galerie de photos Windows Live.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/10/17 21:12:15 | 002,666,083 | -H-- | C] () -- C:\Users\Rémy\AppData\Local\IconCache.db
[2010/10/17 21:07:44 | 000,716,800 | ---- | C] (EMKR) -- C:\Users\Rémy\AppData\Local\syssvc.exe
[2010/10/17 14:38:56 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Rémy\Desktop\Winlogon.exe.exe
[2010/10/17 00:57:28 | 000,000,000 | ---D | C] -- C:\Users\Rémy\AppData\Roaming\PeerNetworking
[2010/10/16 22:15:02 | 000,000,000 | ---D | C] -- C:\Users\Rémy\Desktop\backups
[2010/10/16 21:55:26 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Rémy\Desktop\solution.exe
[2010/10/16 14:53:35 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Rémy\Desktop\mbam-setup.exe
[2010/10/13 22:57:52 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 22:57:24 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/13 22:57:02 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 22:56:55 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 22:56:54 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 22:56:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 22:56:53 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/13 22:56:53 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 22:56:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 22:56:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 22:56:52 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 22:56:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 22:56:52 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/13 22:56:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/13 22:56:52 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/13 22:56:52 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/13 22:56:52 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/13 22:56:52 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 22:56:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 22:56:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/13 22:56:49 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 22:56:48 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 22:56:45 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/13 22:56:41 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 22:56:39 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/10 11:12:01 | 000,000,000 | ---D | C] -- C:\Users\Rémy\AppData\Roaming\Malwarebytes
[2010/10/10 11:11:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/10 11:11:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/10 11:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/10 11:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/10 11:01:50 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Rémy\Desktop\mb.exe.exe
[2010/10/01 23:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/10/01 23:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/28 22:51:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/27 01:05:33 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/18 10:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/08/14 07:53:56 | 000,006,756 | ---- | C] () -- C:\Users\Rémy\AppData\Local\d3d9caps.dat
[2009/08/01 23:33:43 | 000,015,872 | ---- | C] () -- C:\Users\Rémy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/30 21:02:01 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Rémy\AppData\Roaming\DataSafeDotNet.exe
[2009/07/30 14:15:42 | 000,059,464 | ---- | C] () -- C:\Users\Rémy\AppData\Local\GDIPFONTCACHEV1.DAT
[2006/11/02 14:50:50 | 000,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/10/17 21:13:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/17 21:12:29 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 21:12:29 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 21:07:50 | 000,716,800 | ---- | M] (EMKR) -- C:\Users\Rémy\AppData\Local\syssvc.exe
[2010/10/17 14:46:52 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/10/17 14:46:52 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/17 14:46:52 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/10/17 14:46:52 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/17 14:39:08 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Rémy\Desktop\Winlogon.exe.exe
[2010/10/17 00:22:05 | 000,006,756 | ---- | M] () -- C:\Users\Rémy\AppData\Local\d3d9caps.dat
[2010/10/16 21:55:28 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Rémy\Desktop\solution.exe
[2010/10/16 14:56:16 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/16 14:54:11 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Rémy\Desktop\mbam-setup.exe
[2010/10/16 14:44:47 | 000,364,032 | ---- | M] () -- C:\Users\Rémy\Desktop\rkill.com
[2010/10/14 03:25:04 | 000,270,768 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/10 11:02:01 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Rémy\Desktop\mb.exe.exe
[2010/10/01 23:51:39 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/10/01 23:40:14 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/09/18 10:07:58 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/18 09:47:21 | 000,001,854 | ---- | M] () -- C:\Users\Rémy\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/18 09:47:20 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/10/16 14:44:44 | 000,364,032 | ---- | C] () -- C:\Users\Rémy\Desktop\rkill.com
[2010/10/10 11:11:58 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/01 23:51:39 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/18 10:07:58 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2009/09/24 23:43:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/24 05:04:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1576.dll
[2009/07/24 05:04:27 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010/04/29 22:07:57 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Canon
[2009/10/16 22:02:20 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\CoSoSys
[2010/10/17 00:57:28 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\PeerNetworking
[2009/09/09 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Windows Live Writer
[2010/10/17 21:12:27 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %APPDATA%\Malwarebytes\Malwarebytes' Anti-Malware\Logs\*.* >[/color]
[2010/10/10 11:59:54 | 000,002,676 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-10 (11-59-54).txt
[2010/10/10 23:16:08 | 000,006,572 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-10 (23-16-08).txt
[2010/10/11 00:10:50 | 000,001,186 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-11 (00-10-50).txt
[2010/10/11 01:07:24 | 000,001,076 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-11 (01-07-24).txt
[2010/10/11 13:04:36 | 000,001,191 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-11 (13-04-36).txt
[2010/10/15 22:34:40 | 000,001,362 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-15 (22-34-40).txt
[2010/10/15 23:33:24 | 000,001,076 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-15 (23-33-24).txt
[2010/10/16 00:44:30 | 000,001,076 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-16 (00-44-30).txt
[2010/10/16 10:28:52 | 000,001,076 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-16 (10-28-52).txt
[2010/10/16 15:56:27 | 000,001,154 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-16 (15-56-27).txt
[2010/10/17 00:29:01 | 000,001,075 | ---- | M] () -- C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-17 (00-29-01).txt
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
 
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
 
[color=#A23BEC]< %APPDATA%\*. >[/color]
[2009/08/04 23:04:52 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Adobe
[2010/04/26 23:50:42 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Apple Computer
[2010/04/29 22:07:57 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Canon
[2009/10/16 22:02:20 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\CoSoSys
[2009/11/05 22:35:17 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\CyberLink
[2009/07/30 14:15:47 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Dell
[2009/08/02 00:46:43 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\DivX
[2009/07/30 14:19:58 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Identities
[2009/07/30 14:48:21 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Macromedia
[2010/10/10 11:12:01 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Malwarebytes
[2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Media Center Programs
[2010/10/16 22:18:37 | 000,000,000 | --SD | M] -- C:\Users\Rémy\AppData\Roaming\Microsoft
[2009/09/11 10:19:20 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Mozilla
[2010/10/17 00:57:28 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\PeerNetworking
[2009/09/09 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\Rémy\AppData\Roaming\Windows Live Writer
 
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2009/12/03 22:44:20 | 008,653,312 | ---- | M] (Dell, Inc.                                                   ) -- C:\Users\Rémy\AppData\Roaming\DataSafeDotNet.exe
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=#A23BEC]< MD5 for: CDROM.SYS  >[/color]
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006/11/02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
 
[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2009/04/23 14:51:52 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/04/23 14:51:51 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/04/23 14:51:51 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/23 14:51:51 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008/01/21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[2008/02/08 06:25:28 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=C8560010A542B5DCA94C62468DC20784 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.22110_none_a845f8a63534c8d3\ndis.sys
[2008/02/08 06:22:00 | 000,503,352 | ---- | M] (Microsoft Corporation) MD5=E50187F20ED749F57C97836FEDE14BD6 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20768_none_a631acb4382f8e4f\ndis.sys
 
[color=#A23BEC]< MD5 for: SFLOPPY.SYS  >[/color]
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\drivers\sfloppy.sys
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=46ED8E91793B2E6F848015445A0AC188 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=C33BFBD6E9E41FCD9FFEF9729E9FAED6 -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2009/04/23 14:39:44 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009/04/11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009/12/08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009/08/15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009/08/14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010/02/18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010/02/18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009/08/14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009/12/08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010/02/18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010/02/18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009/12/08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010/06/16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009/08/14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010/06/16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010/06/16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2009/04/23 14:39:44 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/12/08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009/08/14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2009/04/23 14:36:07 | 000,890,936 | ---- | M] (Microsoft Corporation) MD5=9081EBA4184E7EB87C55E18C089283A5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22144_none_b38070957fa0b5e0\tcpip.sys
[2010/02/18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010/06/16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009/12/08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010/02/18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009/12/08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2008/01/21 04:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009/08/14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
 
[color=#A23BEC]< MD5 for: USBSCAN.SYS  >[/color]
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\drivers\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_67b3f94c\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_59ded168e0c6a0d3\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=A508C9BD8724980512136B039BBA65E9 -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6002.18005_none_5bca4a74dde86c1f\usbscan.sys
[2006/11/02 11:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) MD5=B1F95285C08DDFE00C0B955462637EC7 -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_727905e0\usbscan.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtrans.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]<  >[/color]

< End of report >
 
[color=#A23BEC]< MD5 for: [2006/11/02 10:51:40 | 000,013,312 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sfloppy.sys
[2006/11/02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_7a4ca8e4\sfloppy.sys
 
[color=#A23BEC]< MD5 for: [2006/11/02 10:51:44 | 000,067,072 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2006/11/02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
 
[color=#A23BEC]< MD5 for: [2006/11/02 11:14:17 | 000,035,328 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2006/11/02 11:14:17 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_727905e0\usbscan.sys
 
[color=#A23BEC]< MD5 for: [2006/11/02 11:49:51 | 000,052,840 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2006/11/02 11:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:02 | 000,067,072 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008/01/21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:20 | 000,013,312 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_36da1340\sfloppy.sys
[2008/01/21 04:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.0.6001.18000_none_e70a102d7a7bbf43\sfloppy.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:20 | 000,055,352 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/21 04:23:20 | 000,055,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:27 | 000,035,328 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_0bb72b9f\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_67b3f94c\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6001.18000_none_59ded168e0c6a0d3\usbscan.sys
[2008/01/21 04:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.0.6002.18005_none_5bca4a74dde86c1f\usbscan.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:23:50 | 000,529,464 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:24:24 | 002,927,104 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:24:49 | 000,025,088 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userinit.exe
[2008/01/21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:24:49 | 000,314,880 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
[color=#A23BEC]< MD5 for: [2008/01/21 04:25:03 | 000,891,448 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/01/21 04:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2008/02/08 06:22:00 | 000,503,352 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/02/08 06:22:00 | 000,503,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.20768_none_a631acb4382f8e4f\ndis.sys
 
[color=#A23BEC]< MD5 for: [2008/02/08 06:25:28 | 000,529,464 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/02/08 06:25:28 | 000,529,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.22110_none_a845f8a63534c8d3\ndis.sys
 
[color=#A23BEC]< MD5 for: [2009/04/11 06:39:17 | 000,067,072 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009/04/11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
[2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:32:31 | 000,053,736 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 08:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:32:49 | 000,527,848 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ndis.sys
[2009/04/11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
 
[color=#A23BEC]< MD5 for: [2009/04/11 08:33:02 | 000,897,000 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:36:07 | 000,890,936 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:36:07 | 000,890,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22144_none_b38070957fa0b5e0\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:39:44 | 000,891,448 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:39:44 | 000,891,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009/04/23 14:39:44 | 000,891,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:51:51 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:51:51 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:51:51 | 002,927,104 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:51:51 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:51:51 | 002,927,616 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:51:51 | 002,927,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/04/23 14:51:52 | 002,923,520 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/04/23 14:51:52 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
 
[color=#A23BEC]< MD5 for: [2009/08/14 16:24:47 | 000,813,568 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/14 18:27:34 | 000,904,776 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/14 18:33:50 | 000,905,784 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/14 19:01:55 | 000,900,168 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/14 19:07:56 | 000,897,608 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/08/15 23:30:53 | 000,816,640 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/08/15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 19:45:32 | 000,816,640 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 19:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 19:58:13 | 000,813,568 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 19:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 22:01:08 | 000,904,776 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 22:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 22:15:00 | 000,907,832 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 22:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 22:37:09 | 000,900,696 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 22:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/08 22:52:30 | 000,897,624 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2009/12/08 22:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 13:51:51 | 000,818,688 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 14:05:37 | 000,815,104 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 16:07:16 | 000,904,576 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 16:22:11 | 000,910,216 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 16:49:38 | 000,898,952 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/02/18 19:36:50 | 000,902,024 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/02/18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/16 17:55:58 | 000,902,032 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/16 17:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/16 17:59:54 | 000,898,952 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/16 17:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/16 18:04:57 | 000,905,088 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/06/16 18:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2010/06/16 18:39:32 | 000,912,776 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2010/06/16 18:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009/03/08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\System32\dxtrans.dll
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles  >[/color]
 
[color=#A23BEC]<  >[/color]
 
[color=#A23BEC]<  >[/color]

< End of report >
misteremy
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 16 Oct 2010 23:37
 

Re: antivirus action

Message le 17 Oct 2010 21:20

A priori j'y suis arrivé mais c'est une vraie galère, même firefox à l'air de battre de l'aile
misteremy
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 16 Oct 2010 23:37
 

Re: antivirus action

Message le 18 Oct 2010 17:36

hello,

Qui est ce qui t'a fais utiliser Rkill [2010/10/16 14:44:47 | 000,364,032 | ---- | M] () -- C:\Users\Rémy\Desktop\rkill.com

Ne suis pas deux procédures différentes si tu es aider sur un autre forum...sinon il y a risque de plantage de ton pc

Si tu me suis fais cela...

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:Files
C:\Users\Rémy\AppData\Local\syssvc.exe

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partne ... e=UTF-8&q={searchTerms}
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775
FF - prefs.js..browser.search.defaultenginename: "Durable"
FF - prefs.js..browser.search.defaulturl: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Durable"
FF - prefs.js..keyword.URL: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\Run: [CollectionsCollections] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\collectionsiforex.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\Run: [iFOREXiFOREX] C:\Users\Rémy\AppData\Local\Apps\2.0\NZ0Z5HA3.MV4\A8MCNK3N.R1N\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\CollectionsiFOREX.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\Run: [rairebsv] C:\Users\RMY~1\AppData\Local\Temp\wncviewfd\bkolnaxyhsn.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\Run: [resourcesFXnetForms] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ro_b830ec032889aead\resourcesfxnet.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\Run: [resourcesresources] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ar_b08682312d7ab589\fxnetfxnetforms.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\Run: [SetupAdobe] C:\Users\RMY~1\AppData\Local\Temp\iCxn.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\Run: [SetupMaster] c:\users\rémy\appdata\local\temp\icxn.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\RunServices: [FXnetresources] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..rces_b240ac83b0b595b1_0005.0009_ro_b830ec032889aead\fxnetresources.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\RunServices: [iFOREXCollections] C:\Users\Rémy\AppData\Local\Apps\2.0\NZ0Z5HA3.MV4\A8MCNK3N.R1N\ifor..ions_b240ac83b0b595b1_0005.0009_none_9e52b87be40e214d\CollectionsiFOREX.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\RunServices: [LiveMsetup] C:\Users\RMY~1\AppData\Local\Temp\iCxn.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\RunServices: [NetworkCanon] c:\users\rémy\desktop\canon\networktool3769.exe File not found
O4 - HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\..\RunServices: [TraderFXnetTrading] c:\users\rémy\appdata\local\apps\2.0\nz0z5ha3.mv4\a8mcnk3n.r1n\fxne..tion_b78ace61b57f1808_0005.0009_61645e04f2d9b6e6\pt-br\traderresources.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

:Commands
[emptytemp]
[EMPTYFLASH]
[PURITY]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir "OTL.Txt"
* Copie et colle le rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: antivirus action

Message le 19 Oct 2010 11:27

Hello!
en fait j'ai utilisé Rkill avant de te contacter. Depuis je te suis aveuglément, et j'ai bien raison!!! :wink:
Je te fais parvenir le rapport: ça va déjà beaucoup mieux on dirait
question: ma clé usb peut elle avoir été infectée par la sale bête?
Code: Tout sélectionner
All processes killed
========== FILES ==========
C:\Users\Rémy\AppData\Local\syssvc.exe moved successfully.
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2618507097-2801963413-1160713288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "Durable" removed from browser.search.defaultenginename
Prefs.js: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=" removed from browser.search.defaulturl
Prefs.js: "Durable" removed from browser.search.selectedEngine
Prefs.js: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=" removed from keyword.URL
Registry value HKEY_USERS\S-1-5-21-2618507097-2801963413-1160713288-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\CollectionsCollections deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618507097-2801963413-1160713288-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\iFOREXiFOREX deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618507097-2801963413-1160713288-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\rairebsv not found.
File C:\Users\RMY~1\AppData\Local\Temp\wncviewfd\bkolnaxyhsn.exe not found.
Registry value HKEY_USERS\S-1-5-21-2618507097-2801963413-1160713288-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\resourcesFXnetForms deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618507097-2801963413-1160713288-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\resourcesresources deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618507097-2801963413-1160713288-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\SetupAdobe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618507097-2801963413-1160713288-1000\\Software\Microsoft\Windows\CurrentVersion\Run\\SetupMaster deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618507097-2801963413-1160713288-1000\\Software\Microsoft\Windows\CurrentVersion\RunServices\\FXnetresources deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618507097-2801963413-1160713288-1000\\Software\Microsoft\Windows\CurrentVersion\RunServices\\iFOREXCollections deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618507097-2801963413-1160713288-1000\\Software\Microsoft\Windows\CurrentVersion\RunServices\\LiveMsetup deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618507097-2801963413-1160713288-1000\\Software\Microsoft\Windows\CurrentVersion\RunServices\\NetworkCanon deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618507097-2801963413-1160713288-1000\\Software\Microsoft\Windows\CurrentVersion\RunServices\\TraderFXnetTrading deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\scforceoption deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\FilterAdministratorToken deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableUIADesktopToggle deleted successfully.
C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP\WiseCustomCall.dll deleted successfully.
C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP\WiseCustomCalla.exe deleted successfully.
C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP\WiseCustomCalla11.dll deleted successfully.
C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP\WiseCustomCalla11.exe deleted successfully.
C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP\WiseCustomCalla2.dll deleted successfully.
C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP\WiseCustomCalla3.dll deleted successfully.
C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP\WiseCustomCalla4.dll deleted successfully.
C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP\WiseData.ini deleted successfully.
C:\Windows\61D3AAE1D5214CD7939B37813DE8F955.TMP folder deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrateur
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Rémy
->Temp folder emptied: 245327036 bytes
->Temporary Internet Files folder emptied: 262360612 bytes
->Java cache emptied: 1612835 bytes
->Apple Safari cache emptied: 21958656 bytes
->Flash cache emptied: 168036 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31195435 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 21406 bytes
 
Total Files Cleaned = 537,00 mb
 
 
[EMPTYFLASH]
 
User: Administrateur
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Rémy
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.15.2 log created on 10192010_121423

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

misteremy
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 16 Oct 2010 23:37
 

Re: antivirus action

Message le 19 Oct 2010 18:57

hello,

Pour ta clef USB il n'y a aprioris pas de trace d'infection se propageant par support amovibles, mais rien n'empêche de s'en assurer tout en les vaccinants pour éviter de futur infections de ce type....

Branche tous tes périphériques de stockage USB >> clefs USB, DD externe (en position "marche), carte photos etc...

Tu as une infection qui se propage par support amovible (Clef USB, DD externe, carte photo SD,etc...)
Branche tes clefs USB, DD externe (en position "marche) etc...

Désactives ton anti virus car USBFix génère des faux positifs et il risque de couinner

  • Télécharge USBFix sur ton bureau,et installe le en faisant un double-clic dessus...cela créera un raccourcie de lancement du tool.
  • Fais un clic-droit et "exécuter en tant qu'administrateur" sur le raccourci créer par USBFix durant l'installation afin de le lancer.
  • Fais le choix N°1 (recherche), laisse travailler USBFix et poste le rapport qui sera générer en fin de scan.

refais aussi un scan OTL comme tu l'as fais la première fois, mais cette fois ci avec cette citation en cliquant sur"Analyse" (en haut à gauche)

type C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-16 (15-56-27).txt /c
type C:\Users\Rémy\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2010-10-17 (00-29-01).txt /c


cette fois ci tu auras uniquement le rapport OTL.txt (pas de rapport Extrat.txt)

@++
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 

Re: antivirus action

Message le 19 Oct 2010 22:43

Hello,
Il faut 7 jours pour que la désactivation de mon antivirus (mac Afee) soit prise en compte... Pratique, non?
misteremy
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 16 Oct 2010 23:37
 

Re: antivirus action

Message le 19 Oct 2010 22:48

McAfee prend USBFix pour un cheval de Troie, c'est ça?
misteremy
Visiteur Confirmé
Visiteur Confirmé
 
Messages: 10
Inscription: 16 Oct 2010 23:37
 

Re: antivirus action

Message le 20 Oct 2010 06:47

hello,

Attention, j'ai dit "désactiver" (arrêter temporairement le module résident) et non "désinstaller" :lol:

McAfee prend USBFix pour un cheval de Troie, c'est ça?

Oui, la compression UPX du tool peut faire couiner certains anti-virus et par la suite empêcher son bon fonctionnement :wink:
Avatar de l'utilisateur
jeanmimigab
PC-Infopraticien
PC-Infopraticien
 
Messages: 2986
Inscription: 29 Nov 2009 12:05
 



Sujets similaires

Message Il y a t-il un antivirus compatible avec LInux ?
Salut, je suis sur Kali Linux, je cherche un anitivrus compatible avec Linux, mais les antivrus connu comme Norton, AVG, Avast ou Bitdefender ne sont pas compatible avec Linux, et il semble que McAfee est cessé sa compatibilité avec Linux en Septembre 2023.Je ne fais pas confiance aux antivirus grat ...
Réponses: 5

Message [Réglé] recherche antivirus et anti trojan pour tel android
Salut tout le mondeje possede un Samsung GALAXY S23 ULTRA, système Android version 14 et version One Ui 6.0 je ne sais pas trop à quoi cela correspond exactement, c'est juste pour information il y a bien dessus maintenance de l'application un onglet protection des applications, mais comme je fais ...
Réponses: 6

Message Un bon antivirus open source
Salut, Je voudrais savoir si il existe un antivirus open source qui est aussi bon que AVG, ou presque ?
Réponses: 9

Message antivirus XP
Bonjour sioblets Que choisir comme antivirus de préférence gratuit ? Pas d'hésitation sur ce coup là : Windows Defender.Un tuto (entre autres) pour l'activer : https://www.premiers-clics.fr/cours-inf ... -defender/++
Réponses: 10

Message Quel est le meilleur antivirus en ligne gratuit ?
BonjourJe n’ai pas d’antivirus installé sur mon PC. Mais régulièrement je scanne les disques avec un antivirus en ligne comme pandasoftware ou secuser.com 1…Je me demande juste si ces antivirus sont aussi efficaces (au avast) que les antivirus normaux (Norton etc…).merci de votre réponse
Réponses: 8

Message Quel antivirus ou autres programmes securite choisir?
Salut tout le mondeJe possède un smartphone Samsung Galaxy note 8 je précise donc système Android, j ai beau chercher sur le net je ne trouve pas déjà de sites de confiance pour Android puis un antivirus efficace ainsi que des logiciels de protection détection nettoyage etc... donc ma question est : ...
Réponses: 7

Message désinstallation antivirus Kaspersky
j'ai oublier le mot de passe de désinstallation , Y a-t-il une autre façon pour le désinstaller NB, licence expirée depuis 6 mois
Réponses: 1


Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 14 invités


.: Nous contacter :: Flux RSS :: Données personnelles :.