[Réglé] (aide) Redirection vers d'autres sites. • page 3

Boubou2509 · le 05 Juin 2012 18:13

Le logiciel plante quand je fais des scan " a cessé de fonctionné".

Et pour le virus c'est a chaque fois que je redémarre le pc qu'il réaparrait

Yanis91270 · le 05 Juin 2012 18:14

• Si ton antivirus affiche une alerte, ignores-la et désactives l'antivirus temporairement.
• Branches toutes tes sources de données externes à ton PC
(Clé USB, Disque dur Externe, iPod/iPhone/iPad, MP3, Carte SD, etc ...) sans les ouvrir.

• Télécharges UsbFix sur ton Bureau.

/!\ Utilisateur de Windows Vista et Windows Seven : Clique droit sur le logo de USBFix, « Exécuter en tant qu'Administrateur » /!\

• Lances UsbFix.
• Cliques sur Recherche.
• Patientes le temps du scan.
• UsbFix va ouvrir le bloc-notes et y copier le rapport d'analyse.
• Enregistres le rapport sur ton Bureau.
• Héberges le rapport UsbFix sur CJoint.com
• Postes le lien donné.

/!\ Note : Pour éviter de figer l'analyse USBFix, laisses le travailler sans toucher à ton P.C. ! /!\

Boubou2509 · le 05 Juin 2012 18:28

Code: Tout sélectionner: ############################## | UsbFix V 7.084 | [Recherche] Utilisateur: SON (Administrateur) # SON-PC Mis à jour le 13/03/2012 par El Desaparecido Lancé à 19:20:50 | 05/06/2012 Site Web: http://eldesaparecido.com Fichier suspect ? : http://eldesaparecido.com/upload.html Contact: contact@eldesaparecido.com PC: System manufacturer (System Product Name) (x64-based PC) # Desktop Computer CPU: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz (2668) RAM -> [ Total : 2046 | Free : 806 ] BIOS: BIOS Date: 12/14/10 15:27:28 Ver: 08.00.15 BOOT: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 9.0.8112.16421 SC: Security Center Service [ (!) Disabled ] WU: Windows Update Service [ Enabled ] AV: Microsoft Security Essentials [ Enabled | Updated ] FW: Windows FireWall Service [ (!) Disabled ] C:\ (%systemdrive%) -> Disque fixe # 443 Go (361 Go libre(s) - 81%) [] # NTFS E:\ -> Disque fixe # 488 Go (314 Go libre(s) - 64%) [Boubou] # NTFS F:\ -> CD-ROM V:\ -> Disque fixe # 932 Go (336 Go libre(s) - 36%) [Videos] # NTFS ################## | Processus Actif | C:\Windows\system32\csrss.exe (428) C:\Windows\system32\wininit.exe (508) C:\Windows\system32\csrss.exe (528) C:\Windows\system32\services.exe (564) C:\Windows\system32\lsass.exe (592) C:\Windows\system32\lsm.exe (600) C:\Windows\system32\svchost.exe (712) C:\Windows\system32\svchost.exe (792) C:\Windows\system32\atiesrxx.exe (844) C:\Windows\system32\winlogon.exe (892) C:\Windows\System32\svchost.exe (932) C:\Windows\System32\svchost.exe (972) C:\Windows\system32\svchost.exe (1004) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (312) C:\Windows\system32\svchost.exe (532) C:\Windows\system32\svchost.exe (1104) C:\Windows\system32\atieclxx.exe (1132) C:\Windows\System32\spoolsv.exe (1336) C:\Windows\system32\Dwm.exe (1560) C:\Windows\Explorer.EXE (1592) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1608) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe (1652) C:\Windows\system32\taskhost.exe (1676) C:\Program Files\Bonjour\mDNSResponder.exe (1700) C:\Windows\System32\svchost.exe (1772) C:\Windows\system32\lxefcoms.exe (1868) C:\Windows\SysWOW64\IoctlSvc.exe (1936) C:\Windows\system32\svchost.exe (808) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1200) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (2008) C:\Windows\system32\taskeng.exe (2160) C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe (2284) C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe (2300) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2352) C:\Program Files\Microsoft Security Client\msseces.exe (2648) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (2656) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (2704) C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (2752) C:\Program Files (x86)\Razer\BlackWidow\BlackWidowTray.exe (2768) C:\Program Files (x86)\iTunes\iTunesHelper.exe (2796) C:\Program Files\iPod\bin\iPodService.exe (3004) C:\Windows\system32\SearchIndexer.exe (1468) C:\Program Files\Windows Media Player\wmpnetwk.exe (1068) C:\Windows\system32\svchost.exe (2988) C:\Windows\system32\wbem\wmiprvse.exe (3116) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (3612) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (2736) C:\Windows\system32\wuauclt.exe (3052) C:\Windows\SysWOW64\ping.exe (2256) C:\Windows\system32\conhost.exe (724) C:\Windows\system32\SearchProtocolHost.exe (4044) C:\Windows\system32\SearchFilterHost.exe (3588) C:\UsbFix\Go.exe (776) C:\Windows\system32\wbem\wmiprvse.exe (2500) ################## | Éléments infectieux | ################## | Registre | ################## | Mountpoints2 | ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) V:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F |

Le truc d'avant il plante juste apres avoir trouvé l'infection :
[url]
http://imageshack.us/f/10/sanstitrezyq.jpg/[/url]

Yanis91270 · le 05 Juin 2012 18:38

Okay, retentes en Mode Sans Echec.

Boubou2509 · le 05 Juin 2012 19:02

Crash aussi en mode sans echec ...

C'est bizarre quand même que ce truc persiste ...
y'a pas un truc pour le virer une bonne fois pour toute ?

Yanis91270 · le 05 Juin 2012 21:13

• Télécharges AntiZeroAccess sur ton Bureau.

/!\ Utilisateur de Windows Vista et Windows Seven : Cliques droit sur le logo de AdwCleaner, « Exécuter en tant qu'Administrateur » /!\

• Lances le.
• Tapes Y et appuyes sur Entrée pour lancer le scan.
• Si un redémarrage est nécessaire, le faire immédiatement.
• AntiZeroAccess va ouvrir le bloc-notes et y copier le rapport d'analyse.
• Enregistres le rapport sur ton Bureau.
• Héberges le rapport AntiZeroAccess sur CJoint.com
• Postes le lien donné.

/!\ Note : AntiZeroAccess.txt est enregistré dans le même emplacement que le programme AntiZeroAccess /!\

Boubou2509 · le 06 Juin 2012 16:16

Le logiciel "Only work on 32bit"

Yanis91270 · le 06 Juin 2012 16:24

• AVANT D' UTILISER COMBOFIX •

Tu utilises un logiciel d'émulation de CD, Daemon Tools peur gêner les outils de désinfection.
Utilises Defogger pour les désactiver temporairement :

• Télécharges Defogger sur ton Bureau.
• Lances le.
• Une fenêtre va apparaitre. Cliques sur Disable.
• Redémarres ton Ordinateur si Defogger te le demande.

• Désactives l' U.A.C. le temps de la désinfection.
• Fermes tous tes programmes et applications en cours.
• Deconnectes toi d' Internet.
• Désactives tous tes logiciels de protection (AntiVirus, AntiSpyware, AntiMalwara, PareFeu, ...)
• Pendant la durée de cette étape, ne te sert pas du pc et n'ouvres aucun programme.

• Fais un clique droit sur ComboFix et enregistres la cible du lien sous ton Bureau sous un autre nom exemple ton pseudo.exe.

/!\ Utilisateur de Windows Vista et Windows Seven : Clique droit sur le logo de ComboFix, « Exécuter en tant qu'Administrateur » /!\

/!\ Acceptes l'installation de la console de récupération si ComboFix te le demande /!\

• Réponds Oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
• Il se peut que Combofix ait besoin de se connecter à internet pour trouver les mises à jour, donc il faut l'autoriser.

• En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection, laisses-le faire.
• ComboFix va ouvrir le bloc-notes et y copier le rapport d'analyse.
• Enregistres le rapport sur ton Bureau.
• Héberges le rapport ComboFix sur CJoint.com
• Postes le lien donné.

• APRÈS AVOIR UTILISER COMBOFIX •

• Ré-actives la protection de l' U.A.C.
• Réactives Daemon Tools en relançant Defogger et en cliquant sur Re-enable.

Boubou2509 · le 06 Juin 2012 18:02

pas de rapport pour combofix ...

Yanis91270 · le 06 Juin 2012 19:33

Le rapport se trouve là:

C:\ComboFix.txt

Boubou2509 · le 07 Juin 2012 15:45

introuvable ...

Boubou2509 · le 08 Juin 2012 17:16

je te jure que y'a pas de rapport :(

Yanis91270 · le 08 Juin 2012 17:20

Pas de souci, je te crois ^^

• Télécharges OTL sur ton Bureau.

/!\ Utilisateur de Windows Vista et Windows Seven : Clique droit sur le logo de OTL, « Exécuter en tant qu'Administrateur » /!\

• Lances OTL.
• Coches toutes ces cases:
Tous les utilisateurs, Recherche Lop, Recherche Purity et mets 60 Jours à l'âge du fichier. #Screen.

• Sous Personnalisation, copies & colles ceci:

Code: Tout sélectionner: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %temp%\*.exe /s %SYSTEMDRIVE%\*.exe %systemroot%\*. /mp /s %systemroot%\system32\consrv.dll %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav /md5start explorer.exe winlogon.exe wininit.exe /md5stop HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s CREATERESTOREPOINT nslookup http://www.google.fr /c SAVEMBR:0 hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs

• Cliques sur Analyse.
• Patientes le temps de l'analyse.
• OTL va ouvrir 2 rapports dans le bloc-notes (Extras.txt & OTLTxt).
• Enregistres les 2 rapports sur ton Bureau.
• Héberges les rapports Extras.txt & OLT.txt sur CJoint.com
• Postes les liens donnés.

/!\ Note : Pour éviter de figer l'analyse OTL, laisses le travailler sans toucher à ton P.C. ! /!\

Boubou2509 · le 08 Juin 2012 18:17

voila

Code: Tout sélectionner: OTL logfile created on: 08/06/2012 19:07:25 - Run 1 OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\SON\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy 2,00 Gb Total Physical Memory | 0,54 Gb Available Physical Memory | 27,21% Memory free 4,00 Gb Paging File | 1,92 Gb Available in Paging File | 48,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 443,13 Gb Total Space | 357,88 Gb Free Space | 80,76% Space Free | Partition Type: NTFS Drive E: | 488,28 Gb Total Space | 313,78 Gb Free Space | 64,26% Space Free | Partition Type: NTFS Drive V: | 931,51 Gb Total Space | 335,94 Gb Free Space | 36,06% Space Free | Partition Type: NTFS Computer Name: SON-PC | User Name: SON | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/06/08 19:06:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\SON\Downloads\OTL.exe PRC - [2012/04/21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012/02/27 00:15:32 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2011/06/03 11:04:26 | 000,979,360 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe PRC - [2011/05/16 12:43:32 | 000,887,696 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\BlackWidow\BlackWidowTray.exe PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2010/07/07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe PRC - [2010/06/24 14:19:50 | 000,109,056 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe PRC - [2009/07/17 13:48:18 | 006,038,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe PRC - [2009/07/14 03:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/06/05 15:25:40 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012/04/21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll MOD - [2010/06/01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll MOD - [2010/02/08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll MOD - [2009/09/30 11:33:08 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2009/07/17 13:48:18 | 006,038,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe MOD - [2009/04/22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\AsusService.dll MOD - [2009/04/20 13:55:34 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2011/07/28 23:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:[b]64bit:[/b] - [2010/09/09 18:10:20 | 001,070,760 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxefcoms.exe -- (lxef_device) SRV - [2012/06/05 15:27:28 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010/06/24 14:19:50 | 000,109,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2006/12/19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2011/09/02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - [2011/09/02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - [2011/07/29 00:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2011/07/28 22:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2011/06/07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2011/05/12 18:04:22 | 000,154,624 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzSynapse.sys -- (RzSynapse) DRV:[b]64bit:[/b] - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:[b]64bit:[/b] - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:[b]64bit:[/b] - [2011/04/01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 200(UVC) DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010/08/04 21:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:[b]64bit:[/b] - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb) DRV:[b]64bit:[/b] - [2009/08/31 10:09:38 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:[b]64bit:[/b] - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/06/10 22:35:35 | 000,620,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:[b]64bit:[/b] - [2005/11/07 15:33:12 | 000,021,120 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DB3G.sys -- (Razerlow) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/02/28 19:40:18 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/08/29 10:16:50] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ IE - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR IE - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 40 49 D4 E1 66 CC 01 [binary data] IE - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/04 18:58:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/30 12:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SON\AppData\Roaming\mozilla\Extensions [2012/06/06 19:28:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SON\AppData\Roaming\mozilla\Firefox\Profiles\syqhj9f5.default\extensions [2012/06/04 18:58:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/04/21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/21 03:45:57 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml [2012/04/21 03:45:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/21 03:45:57 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2012/04/21 03:45:57 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml [2012/04/21 03:45:57 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml [2012/04/21 03:45:57 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - Extension: Skype Click to Call = C:\Users\SON\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ O1 HOSTS File: ([2011/08/30 16:08:22 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow\BlackWidowTray.exe (Razer USA Ltd) O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O7 - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47380B57-9875-4784-9F19-F186D78EEAB4}: DhcpNameServer = 62.201.142.102 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E8E661A-82E7-45E1-8C4E-E99BAC28E84F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F74DB9CE-2F0F-4DA0-84F2-28E9CCED0F63}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012/06/01 22:52:03 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012/06/01 22:52:03 | 000,000,000 | RHSD | M] - E:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2012/06/01 22:52:03 | 000,000,000 | RHSD | M] - V:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) SafeBootMin:[b]64bit:[/b] Base - Driver Group SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group SafeBootMin:[b]64bit:[/b] File system - Driver Group SafeBootMin:[b]64bit:[/b] Filter - Driver Group SafeBootMin:[b]64bit:[/b] HelpSvc - Service SafeBootMin:[b]64bit:[/b] MsMpSvc - Service SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootMin:[b]64bit:[/b] PEVSystemStart - Service SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group SafeBootMin:[b]64bit:[/b] procexp90.Sys - Driver SafeBootMin:[b]64bit:[/b] sacsvr - Service SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootMin:[b]64bit:[/b] vmms - Service SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PEVSystemStart - Service SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: procexp90.Sys - Driver SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:[b]64bit:[/b] Base - Driver Group SafeBootNet:[b]64bit:[/b] BFE - Service SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group SafeBootNet:[b]64bit:[/b] File system - Driver Group SafeBootNet:[b]64bit:[/b] Filter - Driver Group SafeBootNet:[b]64bit:[/b] HelpSvc - Service SafeBootNet:[b]64bit:[/b] Messenger - Service SafeBootNet:[b]64bit:[/b] MsMpSvc - Service SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group SafeBootNet:[b]64bit:[/b] Network - Driver Group SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group SafeBootNet:[b]64bit:[/b] PEVSystemStart - Service SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group SafeBootNet:[b]64bit:[/b] procexp90.Sys - Driver SafeBootNet:[b]64bit:[/b] rdsessmgr - Service SafeBootNet:[b]64bit:[/b] sacsvr - Service SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group SafeBootNet:[b]64bit:[/b] TDI - Driver Group SafeBootNet:[b]64bit:[/b] vmms - Service SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - C:\Windows\SysWOW64\wbem\mpssvc.mof () SafeBootNet: MsMpSvc - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PEVSystemStart - Service SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: procexp90.Sys - Driver SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:[b]64bit:[/b] {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:[b]64bit:[/b] vidc.i420 - lvcod64.dll (Logitech Inc.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/06/08 07:38:41 | 000,000,000 | ---D | C] -- C:\Windows\TempB495D829-0699-A3C8-EF5C-E5DE92770D5C-Signatures [2012/06/07 07:53:05 | 000,000,000 | ---D | C] -- C:\Windows\Temp1890B691-EEBB-841A-617A-02A6A4EFA4FD-Signatures [2012/06/06 18:55:58 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/06 18:55:46 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012/06/06 08:41:30 | 000,000,000 | ---D | C] -- C:\Windows\Temp2B299613-5CAE-11C2-F3DA-705BCA429DF5-Signatures [2012/06/05 21:34:06 | 000,000,000 | ---D | C] -- C:\Windows\Temp2AD1573C-85FB-254F-C0BC-A072CB16F733-Signatures [2012/06/05 19:20:46 | 000,000,000 | ---D | C] -- C:\UsbFix [2012/06/05 18:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP [2012/06/05 18:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag [2012/06/05 15:25:40 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/06/05 15:25:40 | 000,070,304 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/06/05 13:51:35 | 000,000,000 | ---D | C] -- C:\Users\SON\AppData\Roaming\DiskAid [2012/06/05 13:42:38 | 000,000,000 | ---D | C] -- C:\Users\SON\AppData\Roaming\libimobiledevice [2012/06/05 13:42:28 | 000,000,000 | ---D | C] -- C:\Users\SON\AppData\Roaming\log [2012/06/05 13:42:28 | 000,000,000 | ---D | C] -- C:\Users\SON\AppData\Roaming\6beb527b45923a8c6b4c5773a7012ebb0ae1ec13 [2012/06/05 13:42:14 | 000,000,000 | ---D | C] -- C:\Users\SON\AppData\Local\4Videosoft Studio [2012/06/05 13:42:13 | 000,000,000 | ---D | C] -- C:\Users\SON\Documents\4Videosoft Studio [2012/06/05 13:32:20 | 000,000,000 | ---D | C] -- C:\Users\SON\AppData\Roaming\WindSolutions [2012/06/05 13:26:00 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions [2012/06/05 12:55:42 | 000,000,000 | ---D | C] -- C:\Users\SON\Desktop\absinthe-win-2.0 [2012/06/05 12:26:03 | 000,000,000 | ---D | C] -- C:\Windows\Temp200C3B0B-FD9C-DD31-656E-DC6BA5972551-Signatures [2012/06/04 22:04:20 | 000,000,000 | ---D | C] -- C:\Windows\TempFF27DC57-46DB-BC93-DC5B-7D692D9C9910-Signatures [2012/06/04 19:37:41 | 000,000,000 | ---D | C] -- C:\ZHP [2012/06/04 19:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/06/04 19:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/06/04 18:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/06/04 18:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2012/06/03 20:54:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/06/03 20:54:28 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/06/03 20:54:28 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012/06/03 20:54:23 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/06/03 20:54:23 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/06/03 20:44:25 | 000,000,000 | ---D | C] -- C:\Users\SON\AppData\Local\Macromedia [2012/06/03 20:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com [2012/06/03 20:37:22 | 000,000,000 | ---D | C] -- C:\Users\SON\AppData\Roaming\CrystalIdea Software [2012/06/03 19:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler [2012/06/03 12:24:58 | 000,000,000 | ---D | C] -- C:\Windows\TempDB2AD471-F40B-C846-3D75-F4139CBB6374-Signatures [2012/06/02 22:43:52 | 000,000,000 | ---D | C] -- C:\Windows\TempB3501B11-850E-0712-8396-D95A37CEABB8-Signatures [2012/06/02 17:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPFix [2012/06/02 11:37:55 | 000,000,000 | ---D | C] -- C:\Windows\Temp7D710F40-D8CD-DEC9-7AC2-77E748B1B528-Signatures [2012/06/01 22:52:03 | 000,000,000 | RHSD | C] -- C:\Autorun.inf [2012/06/01 14:03:52 | 000,000,000 | ---D | C] -- C:\Windows\Temp2150D4F0-D8F8-51F9-628E-E2F8F597BAE8-Signatures [2012/05/31 21:56:57 | 000,000,000 | ---D | C] -- C:\Windows\Temp2412A0D7-6995-5415-BECD-D10B7E85ACCD-Signatures [2012/05/31 17:28:19 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/05/31 14:07:44 | 000,000,000 | ---D | C] -- C:\Windows\Temp299C198C-A22B-749D-5A0E-790CF7FBBC92-Signatures [2012/05/30 08:40:45 | 000,000,000 | ---D | C] -- C:\Windows\TempDA34B710-6D1A-7001-5686-0C9FED948F81-Signatures [2012/05/30 08:29:42 | 000,000,000 | ---D | C] -- C:\Windows\Temp647AB916-2E59-3FB6-376B-0C1ED8D85695-Signatures [2012/05/29 12:42:51 | 000,000,000 | ---D | C] -- C:\Windows\TempF177DC0E-21C8-77EC-B4EE-B102A0CEA5C3-Signatures [2012/05/29 12:37:00 | 000,000,000 | ---D | C] -- C:\found.006 [2012/05/28 15:31:23 | 000,000,000 | ---D | C] -- C:\Windows\Temp95BAC4CC-0A44-B1E0-454D-9C6D910927B5-Signatures [2012/05/27 11:42:19 | 000,000,000 | ---D | C] -- C:\Windows\TempC37581E8-8914-D8AD-9DAB-33663156698D-Signatures [2012/05/26 10:56:46 | 000,000,000 | ---D | C] -- C:\Windows\Temp7C452E1A-FC57-FDA8-7D7A-C02D37EDC8F3-Signatures [2012/05/25 17:21:20 | 000,000,000 | ---D | C] -- C:\Users\SON\Desktop\__MACOSX [2012/05/25 17:20:53 | 005,433,715 | ---- | C] (Igor Pavlov) -- C:\Users\SON\Desktop\absinthe-win-2.0.exe [2012/05/25 15:20:17 | 000,000,000 | ---D | C] -- C:\Windows\Temp203BAAE7-0DD4-B5EA-57E8-0FDF36F2D2D8-Signatures [2012/05/24 21:29:58 | 000,000,000 | ---D | C] -- C:\Windows\Temp485893E1-4DC2-0BD7-DBC4-5AA2F2F5B777-Signatures [2012/05/24 20:13:23 | 000,000,000 | ---D | C] -- C:\Users\SON\Documents\Fichiers Outlook [2012/05/24 17:29:54 | 000,000,000 | ---D | C] -- C:\Windows\Temp1FF2525D-7DFA-B578-1F23-4396769C1923-Signatures [2012/05/21 18:02:38 | 000,000,000 | ---D | C] -- C:\Windows\TempF760698E-B50E-36FF-657F-F68DA5C53462-Signatures [2012/05/20 10:38:37 | 000,000,000 | ---D | C] -- C:\Windows\Temp647D5CC1-AC12-C837-E9ED-633CEDC6A556-Signatures [2012/05/19 14:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2012/05/19 14:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012/05/19 14:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012/05/19 14:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012/05/19 14:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2012/05/19 14:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2012/05/19 14:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012/05/19 14:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012/05/19 14:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012/05/19 14:14:25 | 000,000,000 | ---D | C] -- C:\Users\SON\AppData\Local\Microsoft Help [2012/05/19 14:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2012/05/19 14:14:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012/05/19 14:13:02 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012/05/19 14:12:54 | 000,000,000 | ---D | C] -- C:\Users\SON\AppData\Roaming\TuneUp Software [2012/05/19 14:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012/05/19 14:12:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012/05/19 14:12:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/05/19 14:11:17 | 000,000,000 | ---D | C] -- C:\Users\SON\AppData\Roaming\DAEMON Tools Lite [2012/05/19 14:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012/05/19 10:43:58 | 000,000,000 | ---D | C] -- C:\Windows\TempA7CFD094-1821-D67B-4516-84BB2E746F9D-Signatures [2012/05/18 09:51:09 | 000,000,000 | ---D | C] -- C:\Windows\Temp4B3F5317-4B89-4EFD-3DB7-4B95EFCC4178-Signatures [2012/05/17 23:24:47 | 000,000,000 | ---D | C] -- C:\Windows\TempF24D7F04-5449-AF18-A0D0-EE058BF5AFE3-Signatures [2012/05/17 10:53:30 | 000,000,000 | ---D | C] -- C:\Windows\TempF81A8D62-A821-6DB5-255B-D2CBD09E077D-Signatures [2012/05/16 08:14:02 | 000,000,000 | ---D | C] -- C:\Windows\Temp7198E682-1B11-078E-1F41-7CD7987B8B00-Signatures [2012/05/16 08:03:36 | 000,000,000 | ---D | C] -- C:\Windows\TempA63C1525-1A40-894A-1F2D-404EB64D47B5-Signatures [2012/05/15 17:25:13 | 000,000,000 | ---D | C] -- C:\Windows\Temp6819ACCE-EE7E-5D0F-2631-9B2D4B704DED-Signatures [2012/05/14 17:49:13 | 000,000,000 | ---D | C] -- C:\Windows\TempE172915D-246E-88D6-4348-45FA71C2E586-Signatures [2012/05/13 10:22:13 | 000,000,000 | ---D | C] -- C:\Windows\TempE2437174-1582-C883-0E58-49B2C2F33E75-Signatures [2012/05/12 18:16:05 | 000,000,000 | ---D | C] -- C:\Windows\TempAAA917D3-A237-AB2E-A9A3-380B2D33FED4-Signatures [2012/05/11 15:38:37 | 000,000,000 | ---D | C] -- C:\Windows\Temp27243541-75F1-A066-7539-EDBA7EFD8686-Signatures [2012/05/10 17:59:40 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/05/10 17:59:39 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/05/10 17:59:38 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/05/10 17:59:38 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/05/10 17:56:54 | 000,000,000 | ---D | C] -- C:\Windows\TempFFAC72C7-5628-A054-E17C-F35293C9899C-Signatures [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/06/08 19:09:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin [2012/06/08 18:55:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/08 18:41:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/08 18:26:04 | 000,023,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/08 18:26:04 | 000,023,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/08 18:24:07 | 001,564,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/08 18:24:07 | 000,709,358 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2012/06/08 18:24:07 | 000,621,074 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/08 18:24:07 | 000,132,686 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2012/06/08 18:24:07 | 000,108,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/08 18:19:01 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/08 18:19:01 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012/06/08 18:18:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/08 18:18:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012/06/08 18:18:35 | 1609,076,736 | -HS- | M] () -- C:\hiberfil.sys [2012/06/08 07:38:42 | 000,002,106 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/06/07 19:47:49 | 000,109,846 | ---- | M] () -- C:\Users\SON\Desktop\gelée pommes.jpg [2012/06/06 18:45:47 | 000,000,000 | ---- | M] () -- C:\Users\SON\defogger_reenable [2012/06/05 15:27:28 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/06/05 15:27:28 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/06/04 18:58:12 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/06/03 20:54:21 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/06/03 20:54:21 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/05/27 17:40:31 | 366,509,324 | ---- | M] () -- C:\Users\SON\Desktop\Breaking Bad - S03E02 - Tensions.avi [2012/05/27 02:11:44 | 366,231,300 | ---- | M] () -- C:\Users\SON\Desktop\Breaking Bad - S03E01 - Crash.avi [2012/05/25 12:30:54 | 005,433,715 | ---- | M] (Igor Pavlov) -- C:\Users\SON\Desktop\absinthe-win-2.0.exe [2012/05/24 20:13:29 | 000,001,135 | ---- | M] () -- C:\Users\SON\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2012/05/24 20:10:12 | 001,584,566 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/05/20 10:34:32 | 000,442,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/06/08 19:09:17 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin [2012/06/08 18:48:54 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{a822ef32-eabc-c648-0ad8-3d92e1305c4b}\U\00000008.@ [2012/06/07 19:47:49 | 000,109,846 | ---- | C] () -- C:\Users\SON\Desktop\gelée pommes.jpg [2012/06/06 18:45:47 | 000,000,000 | ---- | C] () -- C:\Users\SON\defogger_reenable [2012/06/05 15:25:40 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/04 18:58:12 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012/06/04 18:58:12 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/05/31 17:07:03 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{a822ef32-eabc-c648-0ad8-3d92e1305c4b}\U\80000032.@ [2012/05/31 17:06:58 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{a822ef32-eabc-c648-0ad8-3d92e1305c4b}\U\80000064.@ [2012/05/31 17:06:58 | 000,000,740 | ---- | C] () -- C:\Windows\Installer\{a822ef32-eabc-c648-0ad8-3d92e1305c4b}\L\00000004.@ [2012/05/31 17:06:55 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{a822ef32-eabc-c648-0ad8-3d92e1305c4b}\U\80000000.@ [2012/05/31 17:06:53 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{a822ef32-eabc-c648-0ad8-3d92e1305c4b}\U\000000cb.@ [2012/05/31 17:06:53 | 000,001,536 | ---- | C] () -- C:\Windows\Installer\{a822ef32-eabc-c648-0ad8-3d92e1305c4b}\U\00000004.@ [2012/05/27 19:01:39 | 366,509,324 | ---- | C] () -- C:\Users\SON\Desktop\Breaking Bad - S03E02 - Tensions.avi [2012/05/27 19:01:27 | 366,231,300 | ---- | C] () -- C:\Users\SON\Desktop\Breaking Bad - S03E01 - Crash.avi [2012/05/24 20:13:29 | 000,001,135 | ---- | C] () -- C:\Users\SON\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk [2012/05/06 15:57:17 | 000,005,672 | ---- | C] () -- C:\Users\SON\AppData\Local\Temp11.html [2012/05/06 15:56:07 | 000,001,955 | ---- | C] () -- C:\Users\SON\AppData\Local\Temp1.html [2012/02/02 16:57:52 | 000,106,856 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/01/11 19:05:44 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{a822ef32-eabc-c648-0ad8-3d92e1305c4b}\@ [2011/09/30 07:43:37 | 000,000,000 | ---- | C] () -- C:\Users\SON\AppData\Local\{33DB138E-75DB-498F-98BC-EEE8D43A80D7} [2011/08/30 09:07:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/08/29 10:52:22 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2011/08/29 10:52:22 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2011/08/29 10:50:10 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2011/08/29 10:50:09 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2011/08/29 10:50:09 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2011/08/29 10:12:48 | 001,584,566 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/07/17 23:54:02 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2011/03/17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [color=#E56717]========== LOP Check ==========[/color] [2012/06/05 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\6beb527b45923a8c6b4c5773a7012ebb0ae1ec13 [2012/06/03 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\CrystalIdea Software [2012/06/07 18:48:17 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\DAEMON Tools Lite [2012/06/05 13:55:59 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\DiskAid [2012/04/20 20:33:20 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Garmin [2012/02/07 22:49:20 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\GlarySoft [2012/01/13 19:49:22 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\ImgBurn [2011/12/27 03:19:48 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Leadertech [2012/06/05 13:42:44 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\libimobiledevice [2011/11/16 19:39:03 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\LibreOffice [2012/06/05 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\log [2012/02/04 22:05:07 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\LolClient [2012/02/07 14:53:35 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\redsn0w [2012/05/19 14:12:54 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\TuneUp Software [2012/06/07 18:48:16 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\uTorrent [2012/06/05 13:32:20 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\WindSolutions [2011/08/30 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\xrecode2 [2012/06/08 18:19:01 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job [2012/06/08 18:15:59 | 000,032,496 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color] [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color] [color=#A23BEC]< %APPDATA%\*. >[/color] [2012/06/05 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\6beb527b45923a8c6b4c5773a7012ebb0ae1ec13 [2011/09/02 18:07:48 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Adobe [2011/08/29 11:01:45 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Ahead [2011/08/30 15:28:20 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Apple Computer [2011/08/30 09:09:13 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\ATI [2012/06/03 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\CrystalIdea Software [2012/06/07 18:48:17 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\DAEMON Tools Lite [2012/06/05 13:55:59 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\DiskAid [2012/01/07 19:42:58 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\dvdcss [2012/02/26 01:40:03 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\FastStone [2012/04/20 20:33:20 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Garmin [2012/02/07 22:49:20 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\GlarySoft [2011/08/29 09:13:27 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Identities [2012/01/13 19:49:22 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\ImgBurn [2011/08/29 10:54:38 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\InstallShield [2011/12/27 03:19:48 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Leadertech [2012/06/05 13:42:44 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\libimobiledevice [2011/11/16 19:39:03 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\LibreOffice [2012/06/05 13:42:28 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\log [2011/12/27 03:17:53 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Logishrd [2011/12/27 03:19:59 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Logitech [2012/02/04 22:05:07 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\LolClient [2011/11/13 16:27:39 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Macromedia [2012/03/06 17:57:55 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Malwarebytes [2009/07/14 17:35:05 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Media Center Programs [2012/05/28 17:51:22 | 000,000,000 | --SD | M] -- C:\Users\SON\AppData\Roaming\Microsoft [2011/08/30 12:50:59 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Mozilla [2012/02/07 14:53:35 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\redsn0w [2012/06/07 18:48:16 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\Skype [2012/05/19 14:12:54 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\TuneUp Software [2012/06/07 18:48:16 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\uTorrent [2012/02/07 22:43:41 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\vlc [2012/06/05 13:32:20 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\WindSolutions [2011/08/29 10:48:27 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\WinRAR [2011/08/30 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\SON\AppData\Roaming\xrecode2 [color=#A23BEC]< %APPDATA%\*.exe /s >[/color] [2011/12/27 03:19:48 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\SON\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [color=#A23BEC]< %temp%\*.exe /s >[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\consrv.dll >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2009/07/14 03:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\atl.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/11/20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >[/color] "Debug" = "" = mnmsrvc "Kmode" = \SystemRoot\System32\win32k.sys "Optional" = Posix [binary data] "Posix" = %SystemRoot%\system32\psxss.exe "Required" = DebugWindows [binary data] "Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s >[/color] "ProfilesDirectory" = %SystemDrive%\Users -- [2011/08/29 09:13:18 | 000,000,000 | ---D | M] "Default" = %SystemDrive%\Users\Default -- [2011/08/29 09:13:11 | 000,000,000 | RH-D | M] "Public" = %SystemDrive%\Users\Public -- [2009/07/14 17:35:05 | 000,000,000 | R--D | M] "ProgramData" = %SystemDrive%\ProgramData -- [2012/06/05 13:56:31 | 000,000,000 | -H-D | M] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18] "Flags" = 12 "State" = 0 "RefCount" = 1 "Sid" = 01 01 00 00 00 00 00 05 12 00 00 00 [binary data] "ProfileImagePath" = %systemroot%\system32\config\systemprofile -- [2009/07/14 05:20:14 | 000,000,000 | ---D | M] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19] "ProfileImagePath" = C:\Windows\ServiceProfiles\LocalService -- [2012/06/08 12:25:51 | 000,000,000 | ---D | M] "Flags" = 0 "State" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20] "ProfileImagePath" = C:\Windows\ServiceProfiles\NetworkService -- [2012/06/08 12:25:51 | 000,000,000 | ---D | M] "Flags" = 0 "State" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3076268114-1058155476-2427366309-1001] "ProfileImagePath" = C:\Users\SON -- [2012/06/06 18:45:47 | 000,000,000 | ---D | M] "Flags" = 0 "State" = 256 "Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 52 20 5C B7 D4 2B 12 3F A5 AB AE 90 E9 03 00 00 [binary data] "ProfileLoadTimeLow" = 0 "ProfileLoadTimeHigh" = 0 "RefCount" = 1 "RunLogonScriptSync" = 0 [color=#A23BEC]< nslookup http://www.google.fr /c >[/color] [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color] HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/04/21 03:46:41 | 000,869,120 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/04/21 03:46:41 | 000,869,120 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/04/21 03:46:41 | 000,869,120 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/04/21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/04/21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/04/21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/08/30 08:43:22 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/08/30 08:43:22 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/08/30 08:43:22 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/08/30 08:43:23 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/08/30 08:43:23 | 000,748,336 | ---- | M] (Microsoft Corporation) [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color] 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/04/21 03:46:41 | 000,869,120 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/04/21 03:46:41 | 000,869,120 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/04/21 03:46:41 | 000,869,120 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/04/21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/04/21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/04/21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/23 03:56:51 | 001,240,088 | ---- | M] (Google Inc.) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/08/30 08:43:20 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/08/30 08:43:20 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/08/30 08:43:20 | 000,089,088 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/08/30 08:43:23 | 000,748,336 | ---- | M] (Microsoft Corporation) 64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/08/30 08:43:23 | 000,748,336 | ---- | M] (Microsoft Corporation) < End of report >

Yanis91270 · le 08 Juin 2012 18:50

Code: Tout sélectionner: Poste moi aussi le rapport Extras.txt s'il te plait.

/!\ Utilisateur de Windows Vista et Windows Seven : Clique droit sur le logo de OTL, « Exécuter en tant qu'Administrateur » /!\

• Coches en haut à droite Rapport Minimal.
• Sous Personnalisation, copies & colles ceci:

Code: Tout sélectionner: :OTL [2012/05/29 12:37:00 | 000,000,000 | ---D | C] -- C:\found.006 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR IE - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 40 49 D4 E1 66 CC 01 [binary data] IE - HKU\S-1-5-21-3076268114-1058155476-2427366309-1001\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} [2011/08/30 12:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SON\AppData\Roaming\mozilla\Extensions :Commands [emptytemp]

• Cliques sur Correction.
• Patientes le temps de l'analyse.
• OTL va ouvrir le rapport dans le bloc-notes (OTL.log).
• Enregistres le rapport sur ton Bureau.
• Héberges le rapport OTL.log sur CJoint.com
• Postes le lien donnés.

/!\ Note : Pour éviter de figer l'analyse OTL, laisses le travailler sans toucher à ton P.C. ! /!\

[Réglé] (aide) Redirection vers d'autres sites. • page 3

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Re: [aide] Redirection vers d'autres sites.

Sujets similaires

Qui est en ligne