Page 1 sur 1

suspicion d'infection

Posté : mar. 11 déc. 2012 21:11
par virginie24
Bonjour, nouvelle parmi vous je recherche de l'aide en esperant le trouver, je vous remercie d'avance.

- 1/ j'ai windows 7 , jusque la ca va , seulement depuis un moment des mises a jours n'arretent pas de s'installées plusieurs fois par jour et tous le temps les mêmes que se passe t-il ? j'ai l'impression qu'il est plus lent que d'abitude parfois même des réactions inhabituel !

-2/ Il refuse systematiquement de se mettre en veille prolongée ou non sa ne fonctionne pas un ecran bleu apparait avec pleins de ligne j'ai a peine le temps de lire ! je crois comprendre qu il me demande de desinstaller ou de parametre quelques choses mais bon c'est tout en anglais je l'ai en photo si sa peu aider! est-ce dut a une infection ?

J'attend de vos conseil merci.

rapport otl

Posté : mar. 11 déc. 2012 21:42
par virginie24
End of report >

OTL Extras logfile created on: 11/12/2012 20:50:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kabour\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

8,00 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 74,62% Memory free
16,00 Gb Paging File | 13,83 Gb Available in Paging File | 86,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 285,91 Gb Free Space | 62,43% Space Free | Partition Type: NTFS
Drive D: | 458,46 Gb Total Space | 458,32 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Computer Name: KABOURPC | User Name: kabour | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009CCD96-3762-479C-9451-13C5646D4634}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{020D5351-F373-4B92-83D3-85777BD51F62}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=partage de fichiers et d’imprimantes (service spouleur - rpc-epmap) |
"{088B9A87-3EA6-44F3-A309-0291AB32A1F1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{0C42D37A-B75F-4532-AD5F-8893AF95964D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{10903EA1-8E92-4FBF-8C26-716B6D9A2B22}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1905D652-0156-4EE0-97A6-4E5B80D0F1E6}" = lport=138 | protocol=17 | dir=in | app=system |
"{19CCFE3D-257D-4852-BB54-F477F252E6F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E1E8ECD-5719-4B5A-A1A2-A1FD42B2D77E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36A5EDC2-958F-4AD9-8D96-915240E062CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41EEEB0A-284D-4ECA-8D04-77AF647AB1D2}" = lport=139 | protocol=6 | dir=in | app=system |
"{487CA512-25F2-4742-A0AD-A97B92BD4B1A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{50B54782-751D-45C8-8092-644DF0B8637F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{57FC8A68-65A7-4D13-A017-E51063407D63}" = rport=139 | protocol=6 | dir=out | app=system |
"{8F83B7EF-5684-492F-AB0A-F4580194933E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{993DF022-441F-4778-B2E6-5CE5A910EF23}" = rport=137 | protocol=17 | dir=out | app=system |
"{A6C31235-511D-404A-A300-EBEC92E2E6AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A91B1095-608A-48E9-8699-144C673562E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ACBCB015-7D92-43CF-9798-32FEA4AB1283}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AE223821-D58E-403F-A21B-BF7B613E888F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C0CE7274-3671-4392-A408-318C4159F43A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CAED082E-88F1-4195-BE20-1BFCD736CD68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CFC74218-94BA-49E7-BAA4-454C4F93A5D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D14F40DC-F502-4834-AA28-803AF7E74934}" = lport=445 | protocol=6 | dir=in | app=system |
"{D55DAF6A-DF21-467D-A995-410339D4B5A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DBAF4727-5118-4852-8753-5E415B65C56E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E81E393B-3904-408E-BF76-3839BA724A2D}" = rport=445 | protocol=6 | dir=out | app=system |
"{EF8F857D-8CE8-4229-A4C6-1B8F3AF3D9A9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F06B0B99-8F53-4F3B-893B-2A9FB45D84B8}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA1A8DC3-481B-40B2-AB3E-ADE842C8C079}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F981C8-BB57-4324-BCB7-2EA70B41F24B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{05E3AC4A-7AB8-497A-80E3-6526AE4D7601}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{07D82470-50E9-497D-AE85-AB61F6FD6B8D}" = protocol=6 | dir=in | app=c:\program files (x86)\adsltv\vlc\vlc.exe |
"{08182A68-B586-4132-93ED-A14621E65F46}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{132B5598-E908-4511-979B-A359722F3D67}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{15F26B0C-C395-4D41-8D08-14181049558E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{178FC62D-AA95-4953-A939-E435C51717B1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{19A6B150-E8DD-4D10-AC62-35A9C961F576}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{1BF7124D-C00A-408F-922D-C41FCDB295EA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{1C492F8C-BD18-4C37-9EC1-FD01294FCCFF}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{1DCF070C-1308-4EA7-8172-479F29DCFD66}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{288E7935-6688-4D6A-A2CD-9795F0343B73}" = protocol=6 | dir=in | app=c:\program files (x86)\adsltv\adsltv.exe |
"{28EC79C9-8777-4C87-BC0A-FD64434BB36F}" = protocol=17 | dir=in | app=c:\program files (x86)\dartybox_v3\bewan\netagent\netagent_wifi.exe |
"{2C3D7089-A63F-44A6-824A-9309B9DE8075}" = protocol=17 | dir=in | app=c:\program files (x86)\dartybox_v3\bewan\netagent\netagent_wifi.exe |
"{2C983186-D28F-48B1-B3CB-F55DB08CC76C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2FE173DC-364B-4C1D-A10A-0A9EF7F1A67C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{316CCDF7-1304-45F8-B0DD-FF8EC617833B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{328971D9-B6E2-48B5-AE5D-A4699F1A9D51}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{336D2FF2-1BCE-4900-B275-8E86021EC077}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{34B85035-F76D-4410-9D4D-FDE4AF38FB97}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3A4A445E-6BC0-4ABF-A37E-0A657E858BC6}" = protocol=17 | dir=in | app=c:\program files (x86)\adsltv\vlc\vlc.exe |
"{3CDD80F6-B6ED-42D9-B576-7DB1603A5384}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{3F7E143C-5E66-4C58-A774-90640C74AFA2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{42638748-74BB-4DE6-A22E-260F212B4140}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{483A69DB-FC83-4CE5-85BF-AA1BAE335474}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49E35439-7780-45E3-98E9-1FD46A938F85}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{55CBBE03-FE01-4170-BAE8-1981EC4F1EA9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{5911C4C0-0036-4B09-A902-0A22228E0F92}" = protocol=58 | dir=out | name=partage de fichiers et d’imprimantes (demande d’écho - icmpv6 sortant) |
"{66901D89-6763-408C-95CE-378A7494DCA0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{670E34CE-CEC7-419B-9772-B7F68A111C11}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{6FB14D52-3DF6-4E87-99F3-4380982B60B6}" = protocol=1 | dir=in | name=partage de fichiers et d’imprimantes (demande d’écho - trafic entrant icmpv4) |
"{73B3F2BA-513A-4EED-9973-29B2C5A9EAF4}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{73D1208C-D371-4D4A-B5A5-AB6A5A6388DC}" = protocol=6 | dir=in | app=c:\program files (x86)\dartybox_v3\bewan\netagent\netagent_dhcp.exe |
"{7BBBE5DE-908A-49B0-BFB9-2A07FA675683}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7E9B7C39-36F2-46D2-AD76-3F94113756E5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{84C6A9FF-B130-41CE-AEDC-72D86FD89AF4}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{87BBE2AE-9D89-46FC-A9FF-8A34E4C03937}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{89329639-025F-4E0D-BD6B-BDB3426F2F84}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{91A05C83-6F79-4541-B2F9-439A56B6C3E1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{9493283F-DECC-42B1-BE19-A3334BD45D6D}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{99171BF1-F6E9-4654-B626-D725F834C495}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9AAC0A51-FF96-4805-89CF-D6DDF875B33E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{9CD3253F-2B02-4080-9D1E-D065927561AB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A2C19713-1275-4933-A2F4-69F079ECB188}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A593018C-642C-4B21-88AE-75E989EAF22B}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{A6B2C4A1-CB29-4273-950B-66E558301141}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A77B872E-81F7-4063-A72C-E69BFD4C988D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{A79C1CD2-2D94-4B29-8C99-2383182F9523}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{AD69137E-1DE4-4749-A879-BB8059B7413A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AEF96109-382A-40C7-BE29-90DB199F1A56}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B38F9E08-4C6A-47CD-8708-2CD154C97CEF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{BE412944-F4BB-42E4-AACA-5B729C6CFED1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{C0570137-976D-4082-A52E-32C507702E84}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C519AA70-A66C-43A8-80BA-818CBECE1F59}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CA8E4EB9-03FE-47CD-8543-29FE09964A04}" = protocol=1 | dir=out | name=partage de fichiers et d’imprimantes (demande d’écho - trafic sortant icmpv4) |
"{CCBC37B2-15C4-4B65-A3C7-A0889956F5C7}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{CE24DE24-92CE-473D-9827-A371F3E3498E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D3EFF43C-6248-4977-8FC0-4732B143F800}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{D99F7FFE-D9DD-4052-A997-3EA1204FEAF3}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E0CEE088-DA97-476C-B39D-5E650F523D5D}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{E1E9FE0D-A5BB-4042-91F1-AD32FAC0D45A}" = protocol=6 | dir=in | app=c:\program files (x86)\dartybox_v3\bewan\netagent\netagent_wifi.exe |
"{E433C473-6C26-484F-825C-52400DEB4941}" = protocol=58 | dir=in | name=partage de fichiers et d’imprimantes (demande d’écho - icmpv6 entrant) |
"{E6D3EAD7-BF45-4E2B-8261-89068697A115}" = protocol=17 | dir=in | app=c:\program files (x86)\adsltv\adsltv.exe |
"{EA3608B2-F1B0-4369-8198-9399D60B14FD}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{EBE3C9B6-BD2B-46EB-BF75-70A81B53A8ED}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EFD47631-57C5-4451-827B-D1759BB9318A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F195C38C-A05D-49FC-9E81-6F41E5AFDB87}" = protocol=17 | dir=in | app=c:\program files (x86)\dartybox_v3\bewan\netagent\netagent_dhcp.exe |
"{F211B64C-8F78-452D-A748-6A3197A98294}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{F513660C-98E2-4DC5-8950-C2832BB57C71}" = protocol=6 | dir=in | app=c:\program files (x86)\dartybox_v3\bewan\netagent\netagent_wifi.exe |
"TCP Query User{1F8DB2B5-8D24-4F91-8748-A427B307BA93}C:\users\kabour\appdata\local\temp\7217158141196.exe" = protocol=6 | dir=in | app=c:\users\kabour\appdata\local\temp\7217158141196.exe |
"TCP Query User{4C66EF06-6957-4BF4-9018-CF0E48399158}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{4D62B310-9BCC-4A1A-91E9-7538316646A9}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{72E841BC-70E7-42CB-BC4C-538B1AC2AE04}C:\program files (x86)\sfr\media center\httpd\httpd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sfr\media center\httpd\httpd.exe |
"TCP Query User{B13457D4-2E9F-4941-A2CD-40094F1A9971}C:\users\kabour\appdata\local\temp\73029162150.exe" = protocol=6 | dir=in | app=c:\users\kabour\appdata\local\temp\73029162150.exe |
"TCP Query User{C0150A1F-583A-4CB9-959F-EB049C082A76}C:\users\kabour\appdata\local\temp\101368978118.exe" = protocol=6 | dir=in | app=c:\users\kabour\appdata\local\temp\101368978118.exe |
"TCP Query User{FC0883FE-D0F8-4830-920F-06B0E10D8BEC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1457AEBE-EB6E-4318-ACD7-254DA275DCC5}C:\users\kabour\appdata\local\temp\101368978118.exe" = protocol=17 | dir=in | app=c:\users\kabour\appdata\local\temp\101368978118.exe |
"UDP Query User{52A480F0-95D1-4513-90CD-6BE86D76A3D7}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{A5CAC526-A8E2-4739-9EB1-0664DCB71CD1}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{DACFE879-7B34-4CAE-B31A-393839F6598D}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{E2BE0537-ABF7-49CE-9012-A884F229C59B}C:\users\kabour\appdata\local\temp\7217158141196.exe" = protocol=17 | dir=in | app=c:\users\kabour\appdata\local\temp\7217158141196.exe |
"UDP Query User{E4C0BC5F-FDAF-4BAE-8CE0-64AD815EA3DB}C:\users\kabour\appdata\local\temp\73029162150.exe" = protocol=17 | dir=in | app=c:\users\kabour\appdata\local\temp\73029162150.exe |
"UDP Query User{F2314180-1822-4E62-8C97-80B614A39330}C:\program files (x86)\sfr\media center\httpd\httpd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sfr\media center\httpd\httpd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014E482A-0C27-47E3-BA82-307E9DCA2F47}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2906A05E-2D38-4B47-85A2-D3485E372C8F}" = Microsoft SQL Server Compact 3.5 SP2 x64 FRA
"{32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8}" = Microsoft Antimalware Service FR-FR Language Pack
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.533
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E39F2FB-0D5B-413E-903C-3F495017109C}" = Utilitaire de mise à jour des logiciels EBP 1.1.3
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2010
"{90140000-006D-040C-1000-0000000FF1CE}" = Microsoft Office « Démarrer en un clic » 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client FR-FR Language Pack
"{EC6EDD64-CC00-4F6F-AA26-152BC224D146}" = EBP Auto-entrepreneur Pratic Open Line 2013 5.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"WNLT" = IB Updater Service

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05653DE1-6567-40C6-B930-39D399B64369}" = OpenOffice.org 3.3
"{05D08C4D-58A2-438B-A419-EE994E64E15D}" = B110
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15F4085A-BC98-4590-AFFD-03BBBE49524E}" = Garmin Communicator Plugin
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{40ACE18D-D5B4-40AF-81E8-2816A8AED029}" = Sagem Wi-Fi 11g USB adapter
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}" = Fissa
"{4CFFAEC0-1F2A-4D38-8D95-3995A936ADD9}" = NetWorkingWizard_ICM
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2007
"{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{879D8136-C3A7-4A13-A8F4-309467087372}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.fr-fr_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.fr-fr_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.fr-fr_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_OMUI.fr-fr_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2007
"{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2007
"{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0015-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0016-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0018-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-0019-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001A-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001B-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0401-0000-0000000FF1CE}_Office14.PROPLUS_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0413-0000-0000000FF1CE}_Office14.PROPLUS_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-040C-1000-0000000FF1CE}_Office14.PROPLUS_{0CCCD9C7-637C-41CA-A293-6E9992109B09}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-002C-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C8E4AA87-3E5A-4C70-8CB7-43FE25C99B74}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
"{90140000-0044-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-006E-040C-0000-0000000FF1CE}_Office14.PROPLUS_{7C5C7E8C-F6D2-43AC-93A4-89E4FF7367E6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{90140000-00A1-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
"{90140000-00BA-040C-0000-0000000FF1CE}_Office14.PROPLUS_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0062-040C-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - Français
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Français
"{AF6919D0-5691-4F35-9D65-54F981013514}" = Microsoft SQL Server Compact 3.5 SP2 FRA
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Jumpstart Installation Program
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search Destroy
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Les Sims™ 3
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8EDC82F-44C8-443A-9ECA-A9F109378E17}" = Micro Application - Architecte 3DHD Classic
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CCleaner" = CCleaner
"Cities XL" = Cities XL
"EADM" = EA Download Manager
"EBP Auto-entrepreneur Pratic Open Line 2013 5.0" = EBP Auto-entrepreneur Pratic Open Line 2013 5.0
"Free Disc Burner_is1" = Free Disc Burner version 2.5.10
"GoToAssist" = GoToAssist 8.0.0.508
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"jv16 PowerTools 2011" = jv16 PowerTools 2012
"Kit DartyBox ADSL v3.2_is1" = Kit DartyBox ADSL v3.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Office14.Click2Run" = Microsoft Office « Démarrer en un clic » 2010
"Office14.PROPLUS" = Microsoft Office Professionnel Plus 2010
"OMUI.fr-fr" = Microsoft Office Language Pack 2007 - French/Français
"SFR_Kit" = SFR - Kit de connexion
"Softonic_France Toolbar" = Softonic_France Toolbar
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Utilitaire de mise à jour des logiciels EBP 1.1.3" = Utilitaire de mise à jour des logiciels EBP 1.1.3
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1201331004-2914378652-793719002-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"Facebook Plug-In" = Facebook Plug-In
"PhotoFiltre" = PhotoFiltre

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18/11/2012 10:07:28 | Computer Name = kabourPC | Source = SideBySide | ID = 16842832
Description = La création du contexte d’activation a échoué pour « C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\WU6LH2ZO\SoftonicDownloader_pour_logo-design-studio.exe ».
Erreur dans le fichier de manifeste ou de stratégie « » à la ligne . Une version
de composant nécessaire à l’application est en conflit avec une autre version de
composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 18/11/2012 10:07:32 | Computer Name = kabourPC | Source = SideBySide | ID = 16842832
Description = La création du contexte d’activation a échoué pour « C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\WU6LH2ZO\SoftonicDownloader_pour_logo-design-studio.exe ».
Erreur dans le fichier de manifeste ou de stratégie « » à la ligne . Une version
de composant nécessaire à l’application est en conflit avec une autre version de
composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 18/11/2012 10:07:38 | Computer Name = kabourPC | Source = SideBySide | ID = 16842832
Description = La création du contexte d’activation a échoué pour « C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Content.IE5\WU6LH2ZO\SoftonicDownloader_pour_logo-design-studio.exe ».
Erreur dans le fichier de manifeste ou de stratégie « » à la ligne . Une version
de composant nécessaire à l’application est en conflit avec une autre version de
composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 18/11/2012 18:35:01 | Computer Name = kabourPC | Source = Application Hang | ID = 1002
Description = Le programme iexplore.exe version 9.0.8112.16455 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID
de processus : a74 Heure de début : 01cdc5d931f263bd Heure de fin : 70 Chemin d’accès
de l’application : C:\Program Files (x86)\Internet Explorer\iexplore.exe ID de rapport
:

Error - 19/11/2012 11:14:00 | Computer Name = kabourPC | Source = SideBySide | ID = 16842832
Description = La création du contexte d’activation a échoué pour « c:\Users\kabour\AppData\Local\microsoft\Windows\temporary
internet files\Content.IE5\WU6LH2ZO\softonicdownloader_pour_logo-design-studio.exe ».
Erreur dans le fichier de manifeste ou de stratégie « » à la ligne . Une version
de composant nécessaire à l’application est en conflit avec une autre version de
composant déjà active. Les composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 23/11/2012 16:11:22 | Computer Name = kabourPC | Source = MsiInstaller | ID = 11316
Description =

Error - 23/11/2012 16:21:08 | Computer Name = kabourPC | Source = Application Hang | ID = 1002
Description = Le programme msiexec.exe version 5.0.7601.17514 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID
de processus : 1928 Heure de début : 01cdc9b79d453107 Heure de fin : 0 Chemin d’accès
de l’application : C:\Windows\SysWOW64\msiexec.exe ID de rapport :

Error - 27/11/2012 07:02:56 | Computer Name = kabourPC | Source = CVHSVC | ID = 100
Description = Pour information uniquement. (Patch task for {90140011-0062-040C-0000-0000000FF1CE}):
DownloadLatest Failed: État HTTP 404 : l’URL requise n’existe pas sur le serveur.


Error - 01/12/2012 09:30:36 | Computer Name = kabourPC | Source = Application Hang | ID = 1002
Description = Le programme iexplore.exe version 9.0.8112.16455 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID
de processus : 1b20 Heure de début : 01cdcfbc632d27ed Heure de fin : 0 Chemin d’accès
de l’application : C:\Program Files (x86)\Internet Explorer\iexplore.exe ID de rapport
:

Error - 11/12/2012 15:48:15 | Computer Name = kabourPC | Source = Application Hang | ID = 1002
Description = Le programme OTL.exe version 3.2.69.0 a cessé d’interagir avec Windows
et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles,
consultez l’historique du problème dans le Centre de maintenance. ID de processus :
300 Heure de début : 01cdd7d7ce59c4b2 Heure de fin : 0 Chemin d’accès de l’application
: C:\Users\kabour\Downloads\OTL.exe ID de rapport : 82edbe3d-43cb-11e2-98da-002511506c22


[ Media Center Events ]
Error - 12/12/2009 13:53:20 | Computer Name = kabourPC | Source = MCUpdate | ID = 0
Description = 18:53:20 - Échec de la récupération de ClientUpdate (Erreur : La connexion
sous-jacente a été fermée : Une erreur inattendue s'est produite lors de la réception.)


Error - 21/07/2010 07:34:19 | Computer Name = kabourPC | Source = MCUpdate | ID = 0
Description = 13:34:19 - Erreur de connexion à Internet. 13:34:19 - Impossible
de contacter le service..

Error - 21/07/2010 07:34:55 | Computer Name = kabourPC | Source = MCUpdate | ID = 0
Description = 13:34:49 - Erreur de connexion à Internet. 13:34:49 - Impossible
de contacter le service..

Error - 21/07/2010 08:36:05 | Computer Name = kabourPC | Source = MCUpdate | ID = 0
Description = 14:36:05 - Erreur de connexion à Internet. 14:36:05 - Impossible
de contacter le service..

Error - 21/07/2010 08:36:35 | Computer Name = kabourPC | Source = MCUpdate | ID = 0
Description = 14:36:35 - Erreur de connexion à Internet. 14:36:35 - Impossible
de contacter le service..

Error - 21/07/2010 09:36:42 | Computer Name = kabourPC | Source = MCUpdate | ID = 0
Description = 15:36:42 - Erreur de connexion à Internet. 15:36:42 - Impossible
de contacter le service..

Error - 21/07/2010 09:36:48 | Computer Name = kabourPC | Source = MCUpdate | ID = 0
Description = 15:36:48 - Erreur de connexion à Internet. 15:36:48 - Impossible
de contacter le service..

Error - 21/07/2010 10:36:55 | Computer Name = kabourPC | Source = MCUpdate | ID = 0
Description = 16:36:55 - Erreur de connexion à Internet. 16:36:55 - Impossible
de contacter le service..

Error - 21/07/2010 10:37:01 | Computer Name = kabourPC | Source = MCUpdate | ID = 0
Description = 16:37:00 - Erreur de connexion à Internet. 16:37:00 - Impossible
de contacter le service..

Error - 12/05/2011 16:01:08 | Computer Name = kabourPC | Source = MCUpdate | ID = 0
Description = 22:01:04 - Erreur de connexion à Internet. 22:01:04 - Impossible
de contacter le service..

[ System Events ]
Error - 10/12/2012 15:39:24 | Computer Name = kabourPC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 18:56:39 le ?10/?12/?2012 n’était pas
prévu.

Error - 10/12/2012 15:39:27 | Computer Name = kabourPC | Source = BugCheck | ID = 1001
Description =

Error - 10/12/2012 15:39:43 | Computer Name = kabourPC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : SBRE

Error - 11/12/2012 03:20:27 | Computer Name = kabourPC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : SBRE

Error - 11/12/2012 12:18:42 | Computer Name = kabourPC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 15:27:24 le ?11/?12/?2012 n’était pas
prévu.

Error - 11/12/2012 12:18:49 | Computer Name = kabourPC | Source = BugCheck | ID = 1001
Description =

Error - 11/12/2012 12:19:04 | Computer Name = kabourPC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : SBRE

Error - 11/12/2012 15:07:18 | Computer Name = kabourPC | Source = EventLog | ID = 6008
Description = L’arrêt système précédant à 19:48:59 le ?11/?12/?2012 n’était pas
prévu.

Error - 11/12/2012 15:07:19 | Computer Name = KABOURPC | Source = BugCheck | ID = 1001
Description =

Error - 11/12/2012 15:07:36 | Computer Name = kabourPC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : SBRE

Re: suspicion d'infection

Posté : mar. 11 déc. 2012 21:48
par virginie24
OTL logfile created on: 11/12/2012 20:50:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kabour\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

8,00 Gb Total Physical Memory | 5,97 Gb Available Physical Memory | 74,62% Memory free
16,00 Gb Paging File | 13,83 Gb Available in Paging File | 86,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457,95 Gb Total Space | 285,91 Gb Free Space | 62,43% Space Free | Partition Type: NTFS
Drive D: | 458,46 Gb Total Space | 458,32 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Computer Name: KABOURPC | User Name: kabour | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/11 20:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kabour\Downloads\OTL (1).exe
PRC - [2012/11/18 22:41:53 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
PRC - [2012/10/03 14:25:42 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
PRC - [2012/08/22 14:26:44 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/08/08 09:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/16 12:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/07/16 12:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/16 12:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012/01/18 17:26:36 | 004,954,624 | ---- | M] (Celliance) -- C:\Program Files (x86)\DartyBox_v3\Bewan\AssistantDB\AssistantDB_Bewan.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/29 10:56:42 | 027,311,232 | ---- | M] (Gemalto N.V.) -- C:\Users\kabour\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/08/12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/12 22:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/08/10 06:36:04 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009/08/06 18:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/07/04 02:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/04 14:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/17 18:51:19 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\38e2909de0b5e7887b46dd28725ba718\System.Management.ni.dll
MOD - [2012/11/17 18:51:02 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll
MOD - [2012/11/17 18:50:48 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll
MOD - [2012/11/17 18:50:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\a24c1c772b5c5ce0f0b9d8290f7792c2\System.Runtime.Remoting.ni.dll
MOD - [2012/11/17 01:24:51 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll
MOD - [2012/11/17 01:24:38 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll
MOD - [2012/11/17 01:24:29 | 003,882,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll
MOD - [2012/11/17 01:24:26 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\46215c6276fca8ba6b8a765dfa384c73\PresentationFramework.Aero.ni.dll
MOD - [2012/11/17 01:20:08 | 013,198,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ecbb113bbad9034fa8385c15f73fb4cf\System.Windows.Forms.ni.dll
MOD - [2012/11/17 01:20:04 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll
MOD - [2012/11/17 01:20:01 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll
MOD - [2012/11/17 01:20:00 | 001,666,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a8dfd1388afc0a50f39f9e1dc7ecd45c\System.Drawing.ni.dll
MOD - [2012/11/17 01:19:58 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll
MOD - [2012/11/17 01:19:57 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll
MOD - [2012/11/17 01:19:52 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll
MOD - [2012/07/29 09:33:56 | 000,115,137 | ---- | M] () -- C:\Users\kabour\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012/07/16 12:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/06/29 09:56:06 | 011,483,264 | ---- | M] () -- C:\Users\kabour\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
MOD - [2011/06/10 07:24:04 | 000,079,240 | ---- | M] () -- C:\Program Files (x86)\SFR\Kit\9unelevate.dll
MOD - [2009/08/10 06:36:04 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2009/08/10 03:49:40 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009/02/03 01:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/03 14:25:42 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater Updater)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 02:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/11/18 22:41:54 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/01/31 12:30:46 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\508\g2aservice.exe -- (GoToAssist)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/12 23:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/06 18:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/06/04 14:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/04/01 13:10:08 | 000,265,216 | ---- | M] (Atheros Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Atheros\jswpbapi.exe -- (jswpbapi)
SRV - [2009/04/01 13:07:00 | 000,360,529 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Atheros\jswpsapi.exe -- (jswpsapi)
SRV - [2008/11/11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/04 08:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(http://www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/04 08:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(http://www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/05/01 07:51:28 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/01 07:51:14 | 000,020,568 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010/04/27 03:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010/04/27 03:25:22 | 000,129,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssceserd.sys -- (ssceserd)
DRV:64bit: - [2010/04/27 03:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus)
DRV:64bit: - [2010/04/27 03:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010/04/27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010/04/27 03:25:16 | 000,128,000 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bserd.sys -- (ss_bserd)
DRV:64bit: - [2010/04/27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2010/04/27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2010/02/01 11:30:54 | 000,622,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xpn64)
DRV:64bit: - [2010/02/01 11:30:54 | 000,622,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xp)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/26 08:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/12 11:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/09/25 18:07:30 | 000,075,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jswscimdx.sys -- (JSWSCIMD)
DRV:64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2010/05/01 07:51:28 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/08/30 13:00:00 | 000,002,864 | --S- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\winsock.dll -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 2511506C22}
IE - HKLM\..\URLSearchHook: {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files (x86)\Softonic_France\tbSof0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=i ... lz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... earchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2611275


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/kit/adsl/
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTe ... 064f85f722
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\SearchScopes\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}: "URL" = http://gb.toolbarhome.com/search.aspx?q ... s}srch=dsp
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?source ... earchTerms}
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.fr/search?sourceid=ie ... NI_frFR458
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... earchTerms}
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2611275
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}: "URL" = http://www.fissa.com/en/results/?s=bc=1 ... earchTerms}
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic_France Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com/?crg=3.1010000. ... 2511506C22}"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {4daac69c-cba7-45e2-9bc8-1044483d3352}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..browser.startup.homepage: "http://radiobar.toolbarhome.com/?hp=df"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Web Search..."
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Softonic_France Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?sr ... 1506C22}q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..browser.startup.homepage: "http://safesearchr.lavasoft.com/?source ... 50A1600FF0"
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8oe ... ntgfns=1q="

FF - user.js..keyword.URL: "http://redirecterror.sfr.fr/?q="

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\kabour\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2012/11/18 15:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\SpiderMessengerHelper@spidermessenger.com:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/19 12:36:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012/11/18 15:13:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/19 12:36:35 | 000,000,000 | ---D | M]

[2010/05/18 07:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kabour\AppData\Roaming\mozilla\Extensions
[2010/05/18 07:55:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kabour\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2009/12/10 14:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kabour\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012/11/18 15:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kabour\AppData\Roaming\mozilla\Firefox\Profiles\8d0olbyd.default\extensions
[2011/02/22 12:37:09 | 000,000,000 | ---D | M] (Fissa) -- C:\Users\kabour\AppData\Roaming\mozilla\Firefox\Profiles\8d0olbyd.default\extensions\@FissaPlugin
[2011/01/27 18:48:13 | 000,000,000 | ---D | M] (uTorrentBar_FR Community Toolbar) -- C:\Users\kabour\AppData\Roaming\mozilla\Firefox\Profiles\8d0olbyd.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
[2010/07/05 19:52:04 | 000,000,000 | ---D | M] (Softonic_France Toolbar) -- C:\Users\kabour\AppData\Roaming\mozilla\Firefox\Profiles\8d0olbyd.default\extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352}
[2010/06/09 16:47:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\kabour\AppData\Roaming\mozilla\Firefox\Profiles\8d0olbyd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/11/12 21:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kabour\AppData\Roaming\mozilla\Firefox\Profiles\8d0olbyd.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2011/01/27 18:48:14 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\kabour\AppData\Roaming\mozilla\Firefox\Profiles\8d0olbyd.default\extensions\engine@conduit.com
[2011/11/01 20:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kabour\AppData\Roaming\mozilla\Firefox\Profiles\8d0olbyd.default\extensions\ffxtlbr@babylon.com
[2012/11/12 21:46:12 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\kabour\AppData\Roaming\mozilla\Firefox\Profiles\8d0olbyd.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2010/06/09 15:17:13 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\kabour\AppData\Roaming\mozilla\Firefox\Profiles\8d0olbyd.default\extensions\radiobar@toolbar
[2010/08/29 17:34:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/19 22:04:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/29 14:46:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - homepage: http://safesearchr.lavasoft.com/?source ... 50A1600FF0
CHR - default_search_provider: Search Results ()
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=cr ... earchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://safesearchr.lavasoft.com/?source ... 50A1600FF0
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: SquareClock 3D Plugin - Production_Castorama_Bathroom_Internet (Enabled) = C:\Users\kabour\AppData\Local\SquareClock.Production_Castorama_Bathroom_Internet\NPSQ3D.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\kabour\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - Extension: YouTube = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Recherche Google = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Recherche Google = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: IB Updater = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.533_0\
CHR - Extension: SweetIM for Facebook = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\
CHR - Extension: Gmail = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Recherche Google = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Recherche Google = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: IB Updater = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.533_0\
CHR - Extension: SweetIM for Facebook = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\
CHR - Extension: Gmail = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2011/11/27 21:52:55 | 000,437,957 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15090 more lines...
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files (x86)\SFR\Kit\SFRNavErrorHelper.dll (SFR)
O2 - BHO: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files (x86)\Softonic_France\tbSof0.dll (Conduit Ltd.)
O2 - BHO: (Spybot-SD IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic_France Toolbar) - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files (x86)\Softonic_France\tbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {A29B2641-9931-448A-8DE7-B2D63BDC1812} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\Toolbar\WebBrowser: (Softonic_France Toolbar) - {4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - C:\Program Files (x86)\Softonic_France\tbSof0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1201331004-2914378652-793719002-1001..\Run: [Assistant DartyBox] C:\Program Files (x86)\DartyBox_v3\Bewan\AssistantDB\AssistantDB_Bewan.exe (Celliance)
O4 - HKU\S-1-5-21-1201331004-2914378652-793719002-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1201331004-2914378652-793719002-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1201331004-2914378652-793719002-1001..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\kabour\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Plugin Control)
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} https://static.impots.gouv.fr/abos/stat ... rtdgi1.cab (Reg Error: Key error.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/fr/Core/ ... _Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0 ... ontrol.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{068047DD-0DE9-4281-B108-7B78C61DF729}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

suite

Re: suspicion d'infection

Posté : mar. 11 déc. 2012 21:49
par virginie24
[2012/12/05 13:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/12/01 10:08:45 | 000,000,000 | ---D | C] -- C:\Users\kabour\AppData\Local\{90A5ECF7-5EED-438F-A178-F25EAAD3BC8A}
[2012/11/30 13:39:09 | 000,000,000 | ---D | C] -- C:\Users\kabour\AppData\Local\{537242BC-C154-4DC5-918A-C9CF84376E5F}
[2012/11/30 12:19:45 | 000,000,000 | ---D | C] -- C:\Users\kabour\Desktop\photo
[2012/11/27 19:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFR
[2012/11/27 19:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SFR
[2012/11/24 19:50:34 | 000,000,000 | ---D | C] -- C:\Users\kabour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2012
[2012/11/24 19:50:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jv16 PowerTools 2012
[2012/11/23 21:25:51 | 000,000,000 | ---D | C] -- C:\Users\kabour\AppData\Local\{E3A13718-4A57-4E9B-9556-7B3FB762E3D8}
[2012/11/23 20:37:40 | 000,000,000 | ---D | C] -- C:\Users\kabour\Documents\interphone
[2012/11/23 20:36:59 | 000,000,000 | ---D | C] -- C:\Users\kabour\Desktop\document a envoyer a pro btp
[2012/11/20 22:27:38 | 000,000,000 | ---D | C] -- C:\Navilog1
[2012/11/20 22:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Navilog1
[2012/11/18 20:34:04 | 000,000,000 | ---D | C] -- C:\Users\kabour\AppData\Local\StimulsoftReportsResources
[2012/11/18 20:33:39 | 000,000,000 | ---D | C] -- C:\Users\kabour\AppData\Local\Stimulsoft
[2012/11/18 15:15:40 | 000,000,000 | ---D | C] -- C:\Users\kabour\AppData\Roaming\Summitsoft
[2012/11/18 15:14:02 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2012/11/18 15:14:02 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
[2012/11/18 15:14:02 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2012/11/18 15:14:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC
[2012/11/18 15:14:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT
[2012/11/18 15:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater
[2012/11/18 15:12:00 | 000,000,000 | ---D | C] -- C:\Users\kabour\Documents\My Logo Design Studio Projects
[2012/11/18 15:11:11 | 000,000,000 | ---D | C] -- C:\Windows\Logo Design Studio Trial
[2012/11/17 01:21:09 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/17 01:21:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/17 01:15:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/17 01:15:38 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/17 01:15:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/17 01:15:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/17 01:15:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/17 01:15:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/17 01:15:36 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/17 01:15:36 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/17 01:15:35 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/17 01:15:35 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/17 01:15:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/17 01:15:35 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/17 01:15:33 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/17 01:15:33 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/17 01:15:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/17 01:09:38 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/17 01:09:38 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/17 01:09:37 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/17 01:09:37 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/16 16:49:13 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/16 16:49:13 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/16 16:49:13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/16 16:49:10 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/16 16:49:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/16 16:49:10 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/16 16:49:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/16 16:49:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/16 16:49:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/16 16:48:52 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/16 16:48:52 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/14 19:31:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{43B55ACB-A031-4DC3-AA95-8492F35E13ED}
[2012/11/13 19:24:47 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/11/13 19:24:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/11/13 19:24:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/11/13 19:24:45 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/11/13 19:24:45 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/11/13 19:24:43 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/11/13 19:24:43 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/11/13 19:24:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/11/13 19:24:43 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/11/13 19:24:43 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/11/13 19:24:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/11/13 19:24:43 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/11/13 19:24:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/11/13 19:24:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/11/13 19:24:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/11/13 19:24:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/11/13 19:24:43 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/11/13 19:24:43 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/11/13 19:24:42 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/11/13 19:24:42 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/11/13 19:24:42 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/11/13 19:24:42 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/11/13 19:24:42 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/11/13 19:24:41 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/11/13 19:23:23 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/11/13 19:23:23 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/11/13 18:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/13 18:56:46 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/11/13 18:56:46 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/11/13 18:56:46 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/11/13 18:56:37 | 000,000,000 | ---D | C] -- C:\Users\kabour\Documents\Nouveau dossier
[2012/11/13 09:37:14 | 000,000,000 | R--D | C] -- C:\Users\kabour\Desktop\auto-entrepreneur nicolas
[2012/11/12 21:53:03 | 000,000,000 | ---D | C] -- C:\Users\kabour\AppData\Roaming\LavasoftStatistics
[2012/11/12 21:47:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/11/12 21:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/11/12 21:46:23 | 000,000,000 | ---D | C] -- C:\Users\kabour\AppData\Local\adawarebp
[2012/11/12 21:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/11/12 21:45:48 | 000,000,000 | ---D | C] -- C:\Users\kabour\AppData\Roaming\Ad-Aware Antivirus
[2009/08/27 21:50:01 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\SysWow64\*.tmp files - C:\Windows\SysWow64\*.tmp - ]
[1 C:\Windows\SysNative\drivers\*.tmp files - C:\Windows\SysNative\drivers\*.tmp - ]
[1 C:\Users\kabour\AppData\Local\*.tmp files - C:\Users\kabour\AppData\Local\*.tmp - ]

========== Files - Modified Within 30 Days ==========

[2012/12/11 20:52:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/12/11 20:43:13 | 000,749,018 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/12/11 20:43:13 | 000,150,400 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/12/11 20:43:12 | 001,650,822 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/11 20:43:12 | 000,656,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/11 20:43:12 | 000,122,662 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/11 20:43:09 | 001,650,822 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/11 20:30:08 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/11 20:25:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/11 20:25:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/11 20:19:16 | 000,002,167 | ---- | M] () -- C:\Users\kabour\Desktop\L'Assistant DartyBox.lnk
[2012/12/11 20:19:10 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/11 20:07:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/11 20:07:12 | 823,451,055 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/11 20:07:09 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/11 18:56:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/05 13:09:51 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/12/05 13:08:34 | 022,912,657 | ---- | M] () -- C:\Users\kabour\Documents\vlc-2.0.4-win32.exe
[2012/11/24 19:52:19 | 000,000,086 | ---- | M] () -- C:\Users\kabour\Desktop\Achetez jv16 PowerTools.url
[2012/11/24 19:51:41 | 000,000,022 | -HS- | M] () -- C:\Users\kabour\AppData\Roaming\Windows1569_SettingsRepository.bin
[2012/11/24 19:51:41 | 000,000,022 | -HS- | M] () -- C:\Windows\90C7D912BE2316.sys
[2012/11/24 19:50:34 | 000,001,893 | ---- | M] () -- C:\Users\kabour\Desktop\jv16 PowerTools 2012.lnk
[2012/11/24 19:46:41 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/23 21:23:25 | 000,456,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/20 22:41:14 | 000,007,368 | ---- | M] () -- C:\Windows\wininit.ini
[2012/11/19 15:38:50 | 035,344,384 | ---- | M] () -- C:\Users\kabour\Documents\Mon Dossier Invoicing5.0FR03_0895452f-b7c1-4c00-a316-c6a6d0ea4bf4.sdf
[2012/11/18 22:41:53 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/18 22:41:53 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/18 15:14:17 | 000,000,447 | ---- | M] () -- C:\user.js
[2012/11/14 19:32:44 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\EBP Auto-entrepreneur Pratic Open Line 2013 5.0.lnk
[1 C:\Windows\SysWow64\*.tmp files - C:\Windows\SysWow64\*.tmp - ]
[1 C:\Windows\SysNative\drivers\*.tmp files - C:\Windows\SysNative\drivers\*.tmp - ]
[1 C:\Users\kabour\AppData\Local\*.tmp files - C:\Users\kabour\AppData\Local\*.tmp - ]

========== Files Created - No Company Name ==========

[2012/12/11 20:52:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/12/05 13:09:51 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/12/05 13:07:15 | 022,912,657 | ---- | C] () -- C:\Users\kabour\Documents\vlc-2.0.4-win32.exe
[2012/11/27 19:02:25 | 823,451,055 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/11/24 19:52:19 | 000,000,086 | ---- | C] () -- C:\Users\kabour\Desktop\Achetez jv16 PowerTools.url
[2012/11/24 19:51:41 | 000,000,022 | -HS- | C] () -- C:\Users\kabour\AppData\Roaming\Windows1569_SettingsRepository.bin
[2012/11/24 19:51:41 | 000,000,022 | -HS- | C] () -- C:\Windows\90C7D912BE2316.sys
[2012/11/24 19:50:34 | 000,001,893 | ---- | C] () -- C:\Users\kabour\Desktop\jv16 PowerTools 2012.lnk
[2012/11/24 19:46:41 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/24 14:15:36 | 000,002,167 | ---- | C] () -- C:\Users\kabour\Desktop\L'Assistant DartyBox.lnk
[2012/11/18 15:14:16 | 000,000,447 | ---- | C] () -- C:\user.js
[2012/11/18 15:14:02 | 001,261,936 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe
[2012/11/17 01:21:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 01:09:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/14 19:32:44 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\EBP Auto-entrepreneur Pratic Open Line 2013 5.0.lnk
[2012/02/21 16:05:56 | 000,333,050 | ---- | C] () -- C:\Users\kabour\numérisation0001.pdf
[2012/01/21 19:19:48 | 000,006,144 | ---- | C] () -- C:\Users\kabour\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/21 18:35:28 | 000,221,184 | --S- | C] () -- C:\Windows\SysWow64\glut32.dll
[2012/01/18 19:30:58 | 000,000,688 | ---- | C] () -- C:\Users\kabour\AppData\Roaming\.backup.dm
[2012/01/04 11:52:08 | 000,001,162 | ---- | C] () -- C:\Windows\SysWow64\W32N55.INI
[2011/11/07 21:06:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/07 21:06:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/07 21:06:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/07 21:06:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/07 21:06:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/01 19:31:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\407b7047fbad9f4c4e9529d268b4d25d_c
[2011/09/23 19:01:58 | 000,004,096 | -H-- | C] () -- C:\Users\kabour\AppData\Local\keyfile3.drm
[2011/07/13 15:22:33 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/03/29 11:57:28 | 000,007,368 | ---- | C] () -- C:\Windows\wininit.ini
[2011/01/29 17:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/12/22 18:54:00 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\Utils.dll
[2010/09/19 11:28:18 | 002,529,622 | ---- | C] () -- C:\Users\kabour\AppData\Local\[j0002]-[p06].bmp
[2010/09/19 11:28:17 | 002,529,622 | ---- | C] () -- C:\Users\kabour\AppData\Local\[j0002]-[p05].bmp
[2010/09/19 11:28:17 | 002,529,622 | ---- | C] () -- C:\Users\kabour\AppData\Local\[j0002]-[p04].bmp
[2010/09/19 11:28:17 | 002,529,622 | ---- | C] () -- C:\Users\kabour\AppData\Local\[j0002]-[p03].bmp
[2010/09/19 11:28:16 | 002,529,622 | ---- | C] () -- C:\Users\kabour\AppData\Local\[j0002]-[p02].bmp
[2010/05/30 18:38:29 | 000,000,000 | ---- | C] () -- C:\Users\kabour\AppData\Roaming\bibstats
[2009/12/14 09:01:00 | 000,009,768 | ---- | C] () -- C:\Users\kabour\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/18 19:16:37 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\Ad-Aware Antivirus
[2010/08/12 21:05:45 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\ArchiFacile
[2011/04/02 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\CheckPoint
[2011/05/18 19:09:36 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\DartyBox
[2011/01/31 12:42:01 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\DartyBox ADSL
[2010/12/08 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\DVDVideoSoft
[2010/02/01 08:47:03 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\Facebook
[2011/02/22 12:37:08 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\FissaSearch
[2009/12/18 12:34:41 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\GameConsole
[2010/01/15 17:29:37 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\GARMIN
[2011/02/28 15:26:12 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\LimeWire
[2011/02/28 15:24:04 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\moovida-1
[2011/03/17 23:03:50 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\OpenOffice.org
[2010/08/29 17:36:56 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\Opera
[2010/08/19 15:17:22 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\PC Suite
[2010/08/19 16:45:04 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\PhotoFiltre
[2011/05/20 22:38:20 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\PowerCinema
[2012/07/29 09:44:07 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\SAMSUNG
[2012/12/02 15:13:43 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\SanDisk
[2012/10/29 12:15:22 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\SanDisk SecureAccess
[2011/05/20 22:38:20 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\SoftDMA
[2012/11/10 18:41:56 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\SoftGrid Client
[2012/11/18 15:15:40 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\Summitsoft
[2009/12/17 16:06:48 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\Template
[2010/05/18 07:55:02 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\TomTom
[2010/07/05 21:32:57 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\TP
[2012/11/18 19:16:12 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\uTorrent
[2010/05/02 12:10:56 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\widestream
[2012/02/21 15:13:09 | 000,000,000 | ---D | M] -- C:\Users\kabour\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========


HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/20 16:48:38 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/20 16:48:38 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/20 16:48:38 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/10/08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/10/08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)


[2009/12/10 11:10:04 | 000,000,039 | ---- | M] () -- C:\2.txt
[2010/08/19 15:10:57 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2009/08/27 22:25:20 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/11/20 22:28:36 | 000,000,907 | ---- | M] () -- C:\cleannavi.txt
[2011/11/07 21:19:39 | 000,023,826 | ---- | M] () -- C:\ComboFix.txt
[2012/12/11 20:07:09 | 2146,807,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/11 20:07:12 | 4294,066,175 | -HS- | M] () -- C:\pagefile.sys
[2012/12/11 20:52:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2009/09/23 19:23:52 | 000,002,035 | ---- | M] () -- C:\RHDSetup.log
[2012/11/18 15:14:17 | 000,000,447 | ---- | M] () -- C:\user.js










[2011/04/20 16:48:38 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011/04/20 16:48:38 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2012/10/08 09:02:17 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[1 C:\Windows\system32\*.tmp files - C:\Windows\system32\*.tmp - ]






[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe


[2012/06/02 12:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe
[2012/05/18 00:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
[2012/06/29 06:02:52 | 000,754,784 | ---- | M] (Microsoft Corporation) MD5=1223ACBFC1093852DFF039E189599BBD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_0d45fcc9807373c2\iexplore.exe
[2010/09/08 05:36:39 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=14803EA3E5DD7CB37CB446C74CFDA38F -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe
[2012/08/24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_1787d4dfb4e386f6\iexplore.exe
[2012/05/17 23:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
[2012/10/08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2012/10/08 09:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=270A1342BD5AF95CA25A586B4C2F1522 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_178cd651b4df05a9\iexplore.exe
[2009/07/14 02:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2012/08/24 12:23:44 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=2D53C5F71653EF94E7829846405D4ED2 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16450_none_0d332a8d8082c4fb\iexplore.exe
[2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
[2010/09/08 06:37:57 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=4879CB864E290BED38C5BDB641144B1B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe
[2012/10/08 13:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Program Files\Internet Explorer\iexplore.exe
[2012/10/08 13:29:46 | 000,754,848 | ---- | M] (Microsoft Corporation) MD5=49442BA6DCE4B4E3C1CB0AB193FE29AD -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16455_none_0d382bff807e43ae\iexplore.exe
[2010/09/08 06:49:01 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=498035ABCCF1ED47AE6791D239187587 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe
[2012/05/18 03:51:05 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_0d43fc3580754114\iexplore.exe
[2010/11/04 06:54:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=58CF468D3FF4CF830339FE5E45356355 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe
[2012/08/24 11:49:07 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=5A150AFABB25BEA50CEDC8650A7B8A9E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_0dc3c95e999a1626\iexplore.exe
[2012/06/29 03:45:31 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=5D03518409F37D1483C98869D86E23FF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_0dc0c880999cca21\iexplore.exe
[2012/06/02 13:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
[2010/09/08 05:31:24 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=61EDBCE47ADF3E52AB0B9F49EE4AEBB8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe
[2012/08/24 08:49:25 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=62188720CE27B982B4285C03163C9FB3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20557_none_181873b0cdfad821\iexplore.exe
[2010/11/04 06:54:59 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=6B2258FF6D2332073FE9E90122FA4168 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe
[2010/12/18 07:17:48 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=700B40EA39DFB25517A81032F03D6D20 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe
[2010/11/20 14:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2010/12/18 07:11:10 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=8C6C32E4AF8A3D7155656F5897C504E0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe
[2011/04/20 16:48:39 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\ERDNT\cache86\iexplore.exe
[2011/04/20 16:48:39 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[2010/12/18 06:32:25 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=9321CF0D023528C71E3645F8433C86C8 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe
[2012/06/29 02:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16448_none_179aa71bb4d435bd\iexplore.exe
[2010/12/18 06:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AA08B68EF4E35EFA170CF85A44B23B70 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe
[2011/02/24 06:45:11 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=AB2BB40A5FE49AD236791AC22BD08869 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe
[2011/02/24 07:29:19 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=B4881B8F6EDB48CABD44BCC9FB5475C4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe
[2012/06/02 09:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
[2010/11/20 13:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2011/02/24 06:32:52 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C6697A46554E36541E81182B258A19D6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe
[2012/10/08 09:22:05 | 000,748,704 | ---- | M] (Microsoft Corporation) MD5=CECB15F834FC2B4B150449717ADE18DD -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_1808a252ce07755f\iexplore.exe
[2010/11/04 07:37:41 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=D8E00EA671A1EFE95C69C7566C505AD4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe
[2011/02/24 07:32:09 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E1BBDE0F187194D4B08335234A4B9FC7 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe
[2010/11/04 07:42:22 | 000,696,592 | ---- | M] (Microsoft Corporation) MD5=E220FB009F54AAF649C6A278A5156764 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe
[2012/06/29 00:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20554_none_181572d2cdfd8c1c\iexplore.exe
[2011/04/20 16:48:37 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
[2009/07/14 02:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2012/10/08 12:09:10 | 000,754,824 | ---- | M] (Microsoft Corporation) MD5=F61714ABCF9BF0CEF0A6249AD4FD490B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20562_none_0db3f80099a6b364\iexplore.exe
[2012/05/18 02:37:57 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=F8B2D47ED17C1D087D14EC747E5AC57A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_0dbdc7a2999f7e1c\iexplore.exe


[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe


[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe


[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes - C:\ProgramData\Temp:3737FC13
@Alternate Data Stream - 118 bytes - C:\ProgramData\Temp:4CF61E54

Re: suspicion d'infection

Posté : mar. 11 déc. 2012 23:23
par dédétraqué
Salut virginie24, bienvenu sur le forum


Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
http://general-changelog-team.fr/telech ... adwcleaner

Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira, poste le contenu de ce rapport.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


-----


On va vérifier le PC :

Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.

- Quitte les applications en cours afin de ne pas interrompre le scan.
- Faire double clique sur OTL.exe présent sur le bureau pour lancer le programme
Vista/Seven -- Faire un clique droit sur OTL.exe présent sur le bureau et choisir exécuter en tant qu'administrateur pour lancer le programme
- Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche "Rapport standard". Fais de même avec "Tous les utilisateurs" à coté.
- Coche également les cases à côté de "Recherche LOP" et "Recherche Purity".

[g]Ne modifie pas les autres paramètres ![/g]

Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous " Personnalisation "

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\*.exe
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.
/md5start
consrv.dll
volsnap.sys
hidserv.dll
appmgmts.dll
eventlog.dll
winlogon.exe
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
wininet.dll
wininit.exe
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
winlogon.exe
wininit.ini
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
SAVEMBR:0
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
c:\$recycle.bin\*.* /s


- Clique sur le bouton Analyse.
- Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

Utilise cjoint.com pour poster en lien tes rapports :
http://cjoint.com/

- Clique sur Parcourir pour aller chercher le rapport OTL.txt sur le bureau
- Clique sur Ouvrir ensuite sur Créer le lien Cjoint

- Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.

Après fais de même avec l'autre rapport Extras.txt


@++

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 09:47
par virginie
bonjour, merci pour votre aide, voici donc la premiere etape;

# AdwCleaner v2.100 - Rapport créé le 12/12/2012 à 09:42:10
# Mis à jour le 09/12/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : kabour - KABOURPC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\kabour\Desktop\AdwCleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files (x86)\BrightBreeze
Dossier Supprimé : C:\Program Files (x86)\Fluendo
Dossier Supprimé : C:\Program Files (x86)\Softonic_France
Dossier Supprimé : C:\Program Files (x86)\zap
Dossier Supprimé : C:\ProgramData\BabylonUpdater
Dossier Supprimé : C:\ProgramData\boost_interprocess
Dossier Supprimé : C:\ProgramData\Partner
Dossier Supprimé : C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Dossier Supprimé : C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Dossier Supprimé : C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Dossier Supprimé : C:\Users\kabour\AppData\Local\Ilivid Player
Dossier Supprimé : C:\Users\kabour\AppData\Local\moovida air
Dossier Supprimé : C:\Users\kabour\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\kabour\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\kabour\AppData\LocalLow\PriceGong
Dossier Supprimé : C:\Users\kabour\AppData\LocalLow\searchquband
Dossier Supprimé : C:\Users\kabour\AppData\LocalLow\ShoppingReport2
Dossier Supprimé : C:\Users\kabour\AppData\LocalLow\Softonic_France
Dossier Supprimé : C:\Users\kabour\AppData\LocalLow\SweetIM
Dossier Supprimé : C:\Users\kabour\AppData\LocalLow\Toolbar4
Dossier Supprimé : C:\Users\kabour\AppData\Roaming\FissaSearch
Dossier Supprimé : C:\Users\kabour\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ilivid
Dossier Supprimé : C:\Users\kabour\AppData\Roaming\moovida-1
Dossier Supprimé : C:\Users\kabour\AppData\Roaming\Mozilla\Firefox\Profiles\8d0olbyd.default\CT2542115
Dossier Supprimé : C:\Users\kabour\AppData\Roaming\Mozilla\Firefox\Profiles\8d0olbyd.default\extensions\@FissaPlugin
Dossier Supprimé : C:\Users\kabour\AppData\Roaming\Mozilla\Firefox\Profiles\8d0olbyd.default\extensions\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}
Dossier Supprimé : C:\Users\kabour\AppData\Roaming\Mozilla\Firefox\Profiles\8d0olbyd.default\extensions\{4daac69c-cba7-45e2-9bc8-1044483d3352}
Dossier Supprimé : C:\Users\kabour\AppData\Roaming\Mozilla\Firefox\Profiles\8d0olbyd.default\extensions\engine@conduit.com
Dossier Supprimé : C:\Users\kabour\AppData\Roaming\Mozilla\Firefox\Profiles\8d0olbyd.default\extensions\ffxtlbr@babylon.com
Dossier Supprimé : C:\Users\kabour\AppData\Roaming\widestream
Dossier Supprimé : C:\Users\kabour\Documents\widestream
Dossier Supprimé : C:\Windows\Installer\{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Dossier Supprimé : C:\Windows\Installer\{835525BE-63BD-4EC4-9425-00CEAD4849C2}
Dossier Supprimé : C:\Windows\SysWOW64\WNLT
Fichier Supprimé : C:\user.js
Fichier Supprimé : C:\Windows\SysWOW64\conduitEngine.tmp
Fichier Supprimé : C:\Windows\SysWOW64\Utils.dll
Supprimé au redémarrage : C:\Program Files\IB Updater

***** [Registre] *****

Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
Clé Supprimée : HKCU\Software\AppDataLow\Software\searchqutoolbar
Clé Supprimée : HKCU\Software\AppDataLow\Software\ShoppingReport2
Clé Supprimée : HKCU\Software\AppDataLow\Software\Softonic_France
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\FissaSearch
Clé Supprimée : HKCU\Software\IM
Clé Supprimée : HKCU\Software\ImInstaller
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\Spointer
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\FissaSearch
Clé Supprimée : HKLM\Software\IB Updater
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E7A0B85-FBE1-4E27-98B6-0FE5EFD31A34}
Clé Supprimée : HKLM\Software\Softonic_France
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3E7A0B85-FBE1-4E27-98B6-0FE5EFD31A34}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_France Toolbar
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A29B2641-9931-448A-8DE7-B2D63BDC1812}]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16455

Remplacé : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10016barid={F9B65162-0FCE-11E2-8779-002511506C22} -- hxxp://www.google.com

-\\ Mozilla Firefox v [Impossible d'obtenir la version]

Nom du profil : default
Fichier : C:\Users\kabour\AppData\Roaming\Mozilla\Firefox\Profiles\8d0olbyd.default\prefs.js

C:\Users\kabour\AppData\Roaming\Mozilla\Firefox\Profiles\8d0olbyd.default\user.js ... Supprimé !

Supprimée : user_pref("CT2542115.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Supprimée : user_pref("CT2542115.CTID", "CT2542115");
Supprimée : user_pref("CT2542115.CurrentServerDate", "5-7-2010");
Supprimée : user_pref("CT2542115.DialogsAlignMode", "LTR");
Supprimée : user_pref("CT2542115.EMailNotifierPollDate", "Mon Jul 05 2010 22:24:51 GMT+0200");
Supprimée : user_pref("CT2542115.FeedLastCount3702671119025834822", 381);
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189313", "Mon Jul 05 2010 21:00:54 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189319", "Mon Jul 05 2010 21:00:54 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189325", "Mon Jul 05 2010 21:00:54 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189331", "Mon Jul 05 2010 21:00:54 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189337", "Mon Jul 05 2010 21:00:54 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189343", "Mon Jul 05 2010 21:00:55 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189349", "Mon Jul 05 2010 21:00:55 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189355", "Mon Jul 05 2010 21:00:55 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189361", "Mon Jul 05 2010 21:00:55 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189367", "Mon Jul 05 2010 21:00:55 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189373", "Mon Jul 05 2010 21:00:55 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189379", "Mon Jul 05 2010 21:00:55 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189385", "Mon Jul 05 2010 21:00:55 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189391", "Mon Jul 05 2010 21:00:55 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189397", "Mon Jul 05 2010 21:00:55 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189403", "Mon Jul 05 2010 21:00:56 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189409", "Mon Jul 05 2010 21:00:56 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189415", "Mon Jul 05 2010 21:00:56 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189421", "Mon Jul 05 2010 21:00:56 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189427", "Mon Jul 05 2010 21:00:56 GMT+0200");
Supprimée : user_pref("CT2542115.FeedPollDate129212453356189433", "Mon Jul 05 2010 21:00:56 GMT+0200");
Supprimée : user_pref("CT2542115.FeedTTL129212453356189313", 30);
Supprimée : user_pref("CT2542115.FeedTTL129212453356189319", 2);
Supprimée : user_pref("CT2542115.FeedTTL129212453356189325", 2);
Supprimée : user_pref("CT2542115.FeedTTL129212453356189337", 2);
Supprimée : user_pref("CT2542115.FeedTTL129212453356189343", 30);
Supprimée : user_pref("CT2542115.FeedTTL129212453356189361", 5);
Supprimée : user_pref("CT2542115.FeedTTL129212453356189367", 5);
Supprimée : user_pref("CT2542115.FeedTTL129212453356189373", 5);
Supprimée : user_pref("CT2542115.FeedTTL129212453356189391", 5);
Supprimée : user_pref("CT2542115.FirstServerDate", "5-7-2010");
Supprimée : user_pref("CT2542115.FirstTime", true);
Supprimée : user_pref("CT2542115.FirstTimeFF3", true);
Supprimée : user_pref("CT2542115.FixPageNotFoundErrors", true);
Supprimée : user_pref("CT2542115.GroupingServerCheckInterval", 1440);
Supprimée : user_pref("CT2542115.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Supprimée : user_pref("CT2542115.Initialize", true);
Supprimée : user_pref("CT2542115.InitializeCommonPrefs", true);
Supprimée : user_pref("CT2542115.InstalledDate", "Mon Jul 05 2010 21:00:50 GMT+0200");
Supprimée : user_pref("CT2542115.InvalidateCache", false);
Supprimée : user_pref("CT2542115.IsGrouping", false);
Supprimée : user_pref("CT2542115.IsMulticommunity", false);
Supprimée : user_pref("CT2542115.IsOpenThankYouPage", false);
Supprimée : user_pref("CT2542115.IsOpenUninstallPage", true);
Supprimée : user_pref("CT2542115.LanguagePackLastCheckTime", "Mon Jul 05 2010 21:00:57 GMT+0200");
Supprimée : user_pref("CT2542115.LanguagePackReloadIntervalMM", 1440);
Supprimée : user_pref("CT2542115.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Supprimée : user_pref("CT2542115.LastLogin_2.5.8.6", "Mon Jul 05 2010 21:00:54 GMT+0200");
Supprimée : user_pref("CT2542115.LatestVersion", "2.1.0.18");
Supprimée : user_pref("CT2542115.Locale", "fr-fr");
Supprimée : user_pref("CT2542115.LoginCache", 4);
Supprimée : user_pref("CT2542115.MCDetectTooltipHeight", "83");
Supprimée : user_pref("CT2542115.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Supprimée : user_pref("CT2542115.MCDetectTooltipWidth", "295");
Supprimée : user_pref("CT2542115.RadioIsPodcast", false);
Supprimée : user_pref("CT2542115.RadioLastCheckTime", "Mon Jul 05 2010 21:00:54 GMT+0200");
Supprimée : user_pref("CT2542115.RadioLastUpdateIPServer", "3");
Supprimée : user_pref("CT2542115.RadioLastUpdateServer", "3");
Supprimée : user_pref("CT2542115.RadioMediaID", "9962");
Supprimée : user_pref("CT2542115.RadioMediaType", "Media Player");
Supprimée : user_pref("CT2542115.RadioMenuSelectedID", "EBRadioMenu_CT25421159962");
Supprimée : user_pref("CT2542115.RadioStationName", "California%20Rock");
Supprimée : user_pref("CT2542115.RadioStationURL", "hxxp://feedlive.net/california.asx");
Supprimée : user_pref("CT2542115.SHRINK_TOOLBAR", 1);
Supprimée : user_pref("CT2542115.SavedHomepage", "hxxp://radiobar.toolbarhome.com/?hp=df");
Supprimée : user_pref("CT2542115.SearchFromAddressBarIsInit", true);
Supprimée : user_pref("CT2542115.SearchInNewTabEnabled", true);
Supprimée : user_pref("CT2542115.SearchInNewTabIntervalMM", 1440);
Supprimée : user_pref("CT2542115.SearchInNewTabLastCheckTime", "Mon Jul 05 2010 21:00:54 GMT+0200");
Supprimée : user_pref("CT2542115.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Supprimée : user_pref("CT2542115.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Supprimée : user_pref("CT2542115.SettingsCheckIntervalMin", 120);
Supprimée : user_pref("CT2542115.SettingsLastCheckTime", "Mon Jul 05 2010 21:00:48 GMT+0200");
Supprimée : user_pref("CT2542115.SettingsLastUpdate", "1278066135");
Supprimée : user_pref("CT2542115.ThirdPartyComponentsInterval", 504);
Supprimée : user_pref("CT2542115.ThirdPartyComponentsLastCheck", "Mon Jul 05 2010 21:00:48 GMT+0200");
Supprimée : user_pref("CT2542115.ThirdPartyComponentsLastUpdate", "1278066135");
Supprimée : user_pref("CT2542115.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validatesoftwareProgramId=[...]
Supprimée : user_pref("CT2542115.UserID", "UN28610096213319989");
Supprimée : user_pref("CT2542115.WeatherNetwork", "");
Supprimée : user_pref("CT2542115.WeatherPollDate", "Mon Jul 05 2010 22:19:50 GMT+0200");
Supprimée : user_pref("CT2542115.WeatherUnit", "C");
Supprimée : user_pref("CT2542115.alertChannelId", "935078");
Supprimée : user_pref("CT2542115.clientLogIsEnabled", true);
Supprimée : user_pref("CT2542115.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Supprimée : user_pref("CT2542115.myStuffEnabled", true);
Supprimée : user_pref("CT2542115.myStuffPublihserMinWidth", 400);
Supprimée : user_pref("CT2542115.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERMSearchSourceOr[...]
Supprimée : user_pref("CT2542115.myStuffServiceIntervalMM", 1440);
Supprimée : user_pref("CT2542115.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Supprimée : user_pref("CT2542115.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Supprimée : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://radiobar.toolbarhome.com/search.a[...]
Supprimée : user_pref("CommunityToolbar.ToolbarsList", "CT2542115");
Supprimée : user_pref("CommunityToolbar.ToolbarsList2", "CT2542115");
Supprimée : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2542115");
Supprimée : user_pref("browser.search.defaultenginename", "SweetIM Search");
Supprimée : user_pref("browser.search.defaultthis.engineName", "Softonic_France Customized Web Search");
Supprimée : user_pref("browser.search.selectedEngine", "SweetIM Search");
Supprimée : user_pref("browser.startup.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10016barid={F9B65162-[...]
Supprimée : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://radiobar.toolbarhome.com/?hp=[...]
Supprimée : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10016barid={F9B6[...]
Supprimée : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Web Search...");
Supprimée : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Softonic_France Customized Web [...]
Supprimée : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2barid={F9B65162-0FCE-11E2-8779-[...]
Supprimée : user_pref("sweetim.toolbar.previous.keyword.URL", "");

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimée [l.16] : urls_to_restore_on_startup = [ "hxxp://safesearchr.lavasoft.com/?source=3336ca5ftbp=homep[...]
Supprimée [l.55] : search_url = "hxxp://dts.search-results.com/sr?src=crbappid=151systemid=406sr=0q={searchT[...]
Supprimée [l.1341] : urls_to_restore_on_startup = [ "hxxp://safesearchr.lavasoft.com/?source=3336ca5ftbp=homepage[...]

-\\ Opera v [Impossible d'obtenir la version]

Fichier : C:\Users\kabour\AppData\Roaming\Opera\Opera\operaprefs.ini

Supprimée : Home URL=hxxp://mystart.incredibar.com/mb165?a=6PQQ6orjLoi=26

*************************

AdwCleaner[S1].txt - [26093 octets] - [12/12/2012 09:42:10]

########## EOF - C:\AdwCleaner[S1].txt - [26154 octets] ##########

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 10:13
par virginie24

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 10:17
par virginie24
il n'y a pas de rapport extras.txt !! le seul que j'ai c'est celui de la veille !

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 17:20
par dédétraqué
Salut virginie24



Double clic sur OTL.exe pour le lancer.
(Vista/Seven -- Faire un clique droit sur OTL.exe pour lancer le programme et choisi "Exécuter en tant qu'administrateur".

* Copie la liste qui se trouve en citation ci-dessous, et colle-la dans la zone sous " Personnalisation "

:OTL
MOD - [2012/07/29 09:33:56 | 000,115,137 | ---- | M] () -- C:\Users\kabour\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
IE - HKU\S-1-5-21-1201331004-2914378652-793719002-1001\..\SearchScopes\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}: "URL" = http://gb.toolbarhome.com/search.aspx?q ... s}srch=dsp
FF - prefs.js..extensions.enabledItems: {4daac69c-cba7-45e2-9bc8-1044483d3352}:2.5.8.6
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{6c97a91e-4524-4019-86af-2aa2d567bf5c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{F9639E4A-801B-4843-AEE3-03D9DA199E77} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net ... plugin.cab (QuickTime Plugin Control)
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} https://static.impots.gouv.fr/abos/stat ... rtdgi1.cab (Reg Error: Key error.)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/fr/Core/ ... _Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0 ... ontrol.CAB (Reg Error: Key error.)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - Reg Error: Value error. File not found
[2012/11/18 15:14:02 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2012/11/18 15:14:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ARFC
[2012/11/18 15:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater
@Alternate Data Stream - 131 bytes - C:\ProgramData\Temp:3737FC13
@Alternate Data Stream - 118 bytes - C:\ProgramData\Temp:4CF61E54

:Commands
[Emptytemp]

* Clique sur " Correction " pour lancer la suppression.

* Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur Oui.

* Au redémarrage , autorise OTL a s'exécuter.

* Poste le rapport généré par OTL.


@++

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 20:12
par virginie
salut,

Heu, je lancer OTL en mode administrateur et fait exactement se que tu me demande c'est a dire copier et coller la citation dnas l espace personnalisation d OTL je lance la correction mais a un moment celui-ci ne repond plus !! je n'arrive pas a le faire foctionner ! Que dois-je faire?

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 20:18
par virginie
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\SpiderMessengerHelper@spidermessenger.com:
il se bloque a ce niveau si sa peu aider!

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 20:31
par dédétraqué
Salut virginie24


OK, j'ai modifié mon poste et enlever cette ligne, refais la correction de nouveau voir...


@++

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 21:03
par virginie24
Impeccable , voici le rapport

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1201331004-2914378652-793719002-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}\ not found.
Prefs.js: {4daac69c-cba7-45e2-9bc8-1044483d3352}:2.5.8.6 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{6c97a91e-4524-4019-86af-2aa2d567bf5c} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Starting removal of ActiveX control {02BCC737-B171-4746-94C9-0D8A0B2C0089}
C:\Windows\Downloaded Program Files\ieawsdc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BCC737-B171-4746-94C9-0D8A0B2C0089}\ not found.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
C:\Windows\Downloaded Program Files\QTPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {04CB5B64-5915-4629-B869-8945CEBADD21}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04CB5B64-5915-4629-B869-8945CEBADD21}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{04CB5B64-5915-4629-B869-8945CEBADD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04CB5B64-5915-4629-B869-8945CEBADD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{04CB5B64-5915-4629-B869-8945CEBADD21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04CB5B64-5915-4629-B869-8945CEBADD21}\ not found.
Starting removal of ActiveX control {1ABA5FAC-1417-422B-BA82-45C35E2C908B}
C:\Windows\Downloaded Program Files\2020Player_IKEA.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ABA5FAC-1417-422B-BA82-45C35E2C908B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ABA5FAC-1417-422B-BA82-45C35E2C908B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1ABA5FAC-1417-422B-BA82-45C35E2C908B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ABA5FAC-1417-422B-BA82-45C35E2C908B}\ not found.
Starting removal of ActiveX control {8100D56A-5661-482C-BEE8-AFECE305D968}
C:\Windows\Downloaded Program Files\PhotoUploader55.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8100D56A-5661-482C-BEE8-AFECE305D968}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8100D56A-5661-482C-BEE8-AFECE305D968}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {C345E174-3E87-4F41-A01C-B066A90A49B4}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C345E174-3E87-4F41-A01C-B066A90A49B4}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C345E174-3E87-4F41-A01C-B066A90A49B4}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\KiesHelper\ not found.
C:\Windows\SysNative\ImHttpComm.dll moved successfully.
C:\Windows\SysNative\ARFC folder moved successfully.
C:\Program Files\IB Updater folder moved successfully.
ADS C:\ProgramData\Temp:3737FC13 deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
-Temp folder emptied: 0 bytes

User: Default
-Temp folder emptied: 0 bytes
-Temporary Internet Files folder emptied: 0 bytes
-Flash cache emptied: 56504 bytes

User: Default User
-Temp folder emptied: 0 bytes
-Temporary Internet Files folder emptied: 0 bytes
-Flash cache emptied: 0 bytes

User: kabour
-Temp folder emptied: 47316685 bytes
-Temporary Internet Files folder emptied: 260095604 bytes
-Java cache emptied: 20046963 bytes
-FireFox cache emptied: 40090586 bytes
-Google Chrome cache emptied: 0 bytes
-Opera cache emptied: 240 bytes
-Flash cache emptied: 66391 bytes

User: Public
-Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2382279768 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68044 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 623,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12122012_205246

Files\Folders moved on Reboot...
C:\Users\kabour\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZNYGNDX9\plusone_gadget[1].htm moved successfully.
C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\S57LA6LX\xd_arbiter[1].htm moved successfully.
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N8D37O58\chatbox[1].htm not found!
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N8D37O58\chatbox[2].htm not found!
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N8D37O58\like[1].htm not found!
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N8D37O58\oauth[1].htm not found!
C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3O16PNMV\xd_arbiter[1].htm moved successfully.
C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{18CFE3E2-94BD-4F23-9177-D2065BA3E3E0}.tmp not found!
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5B38DA91-7E10-43CB-93F4-2FCE2174982A}.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 21:19
par dédétraqué
Salut virginie24


Mettre Malwarebyte's à jour et faire un scan rapide, poste le rapport...

Refais un scan avec OTL comme la première fois(mode Analyse) avec les mêmes paramètres et la même liste sous personnalisation, tu auras seulement un rapport(OTL.txt) a me poster, voir a utilisé cjoint pour poster le rapport.


@++

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 21:34
par virginie24
Malwarebytes Anti-Malware 1.65.1.1000
http://www.malwarebytes.org

Version de la base de données: v2012.12.12.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kabour :: KABOURPC [administrateur]

12/12/2012 21:28:54
mbam-log-2012-12-12 (21-28-54).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 226113
Temps écoulé: 4 minute(s), 48 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 21:57
par virginie24

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 22:05
par virginie24
et surtout merci pour le temps pris afin de regler mes soucis d ordinateur

Re: suspicion d'infection

Posté : mer. 12 déc. 2012 22:40
par virginie24
je reviendrai demain fin de journée si possible ...a bientot pour la suite merci encore

Re: suspicion d'infection

Posté : jeu. 13 déc. 2012 04:52
par dédétraqué
Salut virginie24


Double clic sur OTL.exe pour le lancer.
(Vista/Seven -- Faire un clique droit sur OTL.exe pour lancer le programme et choisi "Exécuter en tant qu'administrateur".

* Copie la liste qui se trouve en citation ci-dessous, et colle-la dans la zone sous " Personnalisation "

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"SpiderMessengerHelper@spidermessenger.com"=-
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=-

:Files
C:\Program Files\IB Updater
C:\Windows\SysNative\dmwu.exe

:Commands
[Emptytemp]

* Clique sur " Correction " pour lancer la suppression.

* Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur Oui.

* Au redémarrage , autorise OTL a s'exécuter.

* Poste le rapport généré par OTL.


@++

Re: suspicion d'infection

Posté : jeu. 13 déc. 2012 21:08
par virginie24
bonjour,

All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\\SpiderMessengerHelper@spidermessenger.com deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
========== FILES ==========
File\Folder C:\Program Files\IB Updater not found.
C:\Windows\SysNative\dmwu.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
-Temp folder emptied: 0 bytes

User: Default
-Temp folder emptied: 0 bytes
-Temporary Internet Files folder emptied: 33170 bytes
-Flash cache emptied: 0 bytes

User: Default User
-Temp folder emptied: 0 bytes
-Temporary Internet Files folder emptied: 0 bytes
-Flash cache emptied: 0 bytes

User: kabour
-Temp folder emptied: 847590 bytes
-Temporary Internet Files folder emptied: 150284642 bytes
-Java cache emptied: 0 bytes
-FireFox cache emptied: 0 bytes
-Google Chrome cache emptied: 0 bytes
-Opera cache emptied: 0 bytes
-Flash cache emptied: 612 bytes

User: Public
-Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 166736558 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 303,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12132012_205916

Files\Folders moved on Reboot...
C:\Users\kabour\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UL6MA33R\WebIMPop[1].htm moved successfully.
C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UL6MA33R\xd_arbiter[1].htm moved successfully.
C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GSLOC3RW\plusone_gadget[1].htm moved successfully.
C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GSLOC3RW\xd_arbiter[3].htm moved successfully.
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGNKA083\default[1].htm not found!
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGNKA083\EditMessageLight[1].htm not found!
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FGNKA083\RteFrame_16.2.7137.1204[1].htm not found!
C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AOP15IVY\AjaxHistoryFrame[1].htm moved successfully.
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AOP15IVY\InboxLight[1].htm not found!
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AOP15IVY\LocalStorage[1].htm not found!
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2WCAAVL8\chatbox[1].htm not found!
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2WCAAVL8\chatbox[2].htm not found!
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2WCAAVL8\like[6].htm not found!
File\Folder C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2WCAAVL8\oauth[1].htm not found!
C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2WCAAVL8\xmlProxy[3].htm moved successfully.
C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2JNH4MX7\empty[1].htm moved successfully.
C:\Users\kabour\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\MPENGINE.DLL not found!
File\Folder C:\Windows\temp\TMP0000000173E939AE82EB9418 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


merci @+

Re: suspicion d'infection

Posté : jeu. 13 déc. 2012 21:11
par dédétraqué
Salut virginie24


Cela est bon, as-tu encore des soucis?


@++

Re: suspicion d'infection

Posté : mar. 18 déc. 2012 11:09
par virginie
Non merci beaucoup je n'ai plus de souci de se coté la me reste a regler se souci d'écran bleu mais je pense que c'est sur une autre plateforme!

Merci beaucoup @+++++

Re: suspicion d'infection

Posté : mar. 18 déc. 2012 14:10
par dédétraqué
Salut virginie24


Bien de rien

On va faire un ménage des outils téléchargés pour la désinfection, télécharge Del Fix (de Xplode), sur ton bureau

http://www.general-changelog-team.fr/fr ... /26-delfix

[*]Double-clique sur l'icône delfix.exe située sur ton Bureau.
(Vista/Seven - Faire un clique droit sur l'icône delfix.exe située sur ton Bureau et choisir exécuter en tant qu'administrateur.)

[*]Sélectionne Suppression

[*]Copie/colle le contenu du rapport dans ton prochain message.

Note : Le rapport est sauvegardé à la racine du disque dur ( C:\DelFixSuppr.txt )


-----


Je te donne quelques consignes de sécurité :

Image Windows Update parfaitement à jour http://www.windowsupdate.com/
Image Pare-feu bien paramétré pour XP, je te conseil :
ZoneAlarm, Vista/Seven -- le pare de WINDOWS est suffisant.
Image Antivirus bien paramétré et mis à jour régulièrement (quotidiennement s'il le faut) avec un scan complet régulier (journalier s'il le faut).
Image Une attitude prudente vis à vis de la navigation (pas de sites douteux : cracks, warez, sexe...) et vis à vis de la messagerie (fichiers joints aux messages doivent être scannés avant d'être ouverts)
Image Pas de téléchargement illégal, qui est le principal facteur d’infection (µTorrent, BitTorrent, eMule, Limewire, etc..)
Le danger des cracks !
Les risques sécuritaires du peer-to-peer
Image Une attitude vigilante (être à l'affût d'un fonctionnement inhabituel de son système)
Image Nettoyage hebdomadaire du système (suppression des fichiers inutiles, nettoyage de la base de registre, scandisk, defrag)
Image Scan hebdomadaire antispyware ( je conseil MalwareByte's Anti-Malware)
Image Un contrôle régulier de la console JAVA pour s'assurer qu'elle est à jour http://www.java.com/en/download/help/testvm.xml
Image Faire régulièrement un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités :
http://www.malekal.com/scan_vulnerabilite.php

Bonne journée/soirée et bon surf


@++

Re: suspicion d'infection

Posté : mer. 19 déc. 2012 11:12
par virginie24
OOOOOuuupppssss ,

Je suis allée un peu trop vite voila que sa recommence, mise a jour récurrentes plusieurs fois par jour les memes a chaque fois et meme si je ne touche pas mon ordinateur j'entends la tour travaillée comme si je lui fesait faire plusieurs taches a la fois !! j'y comprend plus rien ! pouvons-nous revérifier tous cela?


merci @++

Re: suspicion d'infection

Posté : mer. 19 déc. 2012 11:12
par virginie24
# AdwCleaner v2.101 - Rapport créé le 19/12/2012 à 11:04:51
# Mis à jour le 16/12/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : kabour - KABOURPC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\kabour\Downloads\AdwCleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [Registre] *****

Clé Supprimée : HKCU\Software\WNLT
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v [Impossible d'obtenir la version]

Nom du profil : default
Fichier : C:\Users\kabour\AppData\Roaming\Mozilla\Firefox\Profiles\8d0olbyd.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v [Impossible d'obtenir la version]

Fichier : C:\Users\kabour\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Opera v [Impossible d'obtenir la version]

Fichier : C:\Users\kabour\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [26164 octets] - [12/12/2012 09:42:10]
AdwCleaner[S2].txt - [1771 octets] - [12/12/2012 23:17:06]
AdwCleaner[S3].txt - [1443 octets] - [19/12/2012 11:04:51]

########## EOF - C:\AdwCleaner[S3].txt - [1503 octets] ##########

Re: suspicion d'infection

Posté : mer. 19 déc. 2012 11:15
par virginie24
si sa peu aider ;

voila les mises a jours qui reviennent constament

Mise à jour pour Microsoft .NET Framework version 4 sous Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 et Windows Server 2008 R2 pour les systèmes x64 (KB2600217)

Date d'installation : ‎19/‎12/‎2012 10:55

État de l'installation : Réussite

Type de mise à jour : Recommandée

Cette mise à jour concerne des problèmes de stabilité, de fiabilité et de performance dans Microsoft .NET Framework 4. Une fois cet élément installé, vous serez peut-être amené à redémarrer l'ordinateur.

Plus d'informations :
http://go.microsoft.com/fwlink/?LinkId=232526

Aide et support :
http://support.microsoft.com


Mise à jour de sécurité pour Microsoft .NET Framework version 4 sous Windows XP, Server 2003, Vista, Windows 7, Server 2008 et Server 2008 R2 pour les systèmes x64 (KB2656351)

Date d'installation : ‎19/‎12/‎2012 10:59

État de l'installation : Réussite

Type de mise à jour : Important

Un problème de sécurité a été identifié. Ce problème pourrait permettre à une personne distante malveillante non authentifiée de porter atteintre à votre système et d'en prendre le contrôle. Vous pouvez renforcer la protection de votre système en installant cette mise à jour de Microsoft. Une fois cette mise à jour installée, vous serez peut-être amené à redémarrer votre système.

Plus d'informations :
http://go.microsoft.com/fwlink/?LinkID=237373

Aide et support :
http://support.microsoft.com

Re: suspicion d'infection

Posté : mer. 19 déc. 2012 11:42
par virginie
re les mises a jour je l'ai est cachées, visiblement j'avais un virus ....j'ai aussi desinstallé internet exploreur car je pense que sa peu venir de la !! donc j'ai installé firefox , spybot a trouver un adware.... enfin la totale!!! degouter

a plus!

Re: suspicion d'infection

Posté : mer. 19 déc. 2012 16:23
par dédétraqué
Salut virginie24


OK, utilise Del Fix comme mentionné dans mon dernier poste pour supprimer les outils utilisés et on va refaire un scan OTL :

Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.

- Quitte les applications en cours afin de ne pas interrompre le scan.
- Faire double clique sur OTL.exe présent sur le bureau pour lancer le programme
Vista/Seven -- Faire un clique droit sur OTL.exe présent sur le bureau et choisir exécuter en tant qu'administrateur pour lancer le programme
- Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche "Rapport standard". Fais de même avec "Tous les utilisateurs" à coté.
- Coche également les cases à côté de "Recherche LOP" et "Recherche Purity".

Ne modifie pas les autres paramètres !

Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous " Personnalisation "

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\*.exe
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.
/md5start
consrv.dll
volsnap.sys
hidserv.dll
appmgmts.dll
eventlog.dll
winlogon.exe
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
wininet.dll
wininit.exe
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
winlogon.exe
wininit.ini
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
SAVEMBR:0
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
c:\$recycle.bin\*.* /s


- Clique sur le bouton Analyse.
- Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

Utilise cjoint.com pour poster en lien tes rapports :
http://cjoint.com/

- Clique sur Parcourir pour aller chercher le rapport OTL.txt sur le bureau
- Clique sur Ouvrir ensuite sur Créer le lien Cjoint

- Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.

Après fais de même avec l'autre rapport Extras.txt


@++

Re: suspicion d'infection

Posté : jeu. 20 déc. 2012 17:55
par virginie24
bonjour,

# DelFix v6.2 - Rapport créé le 20/12/2012 à 17:54:30
# Mis à jour le 11/11/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : kabour - KABOURPC
# Exécuté depuis : C:\Users\kabour\Downloads\delfix(1).exe
# Option [Suppression]


~~~~~~ Dossier(s) ~~~~~~

Supprimé : C:\Qoobox
Supprimé : C:\Navilog1
Supprimé : C:\_OTL
Supprimé : C:\Program Files (x86)\Navilog1

~~~~~~ Fichier(s) ~~~~~~

Supprimé : C:\AdwCleaner[R1].txt
Supprimé : C:\AdwCleaner[R2].txt
Supprimé : C:\AdwCleaner[S1].txt
Supprimé : C:\AdwCleaner[S2].txt
Supprimé : C:\AdwCleaner[S3].txt
Supprimé : C:\AdwCleaner[S4].txt
Supprimé : C:\cleannavi.txt
Supprimé : C:\ComboFix.txt
Supprimé : C:\Users\kabour\Desktop\OTL.Txt
Supprimé : C:\Users\kabour\Desktop\OTL.exe
Supprimé : C:\Users\kabour\Downloads\AdwCleaner.exe
Supprimé : C:\Users\kabour\Downloads\ComboFix
Supprimé : C:\Users\kabour\Downloads\ComboFix.exe
Supprimé : C:\Users\kabour\Downloads\Extras.Txt
Supprimé : C:\Users\kabour\Downloads\HiJackThis.exe
Supprimé : C:\Users\kabour\Downloads\hijackthis.log
Supprimé : C:\Users\kabour\Downloads\Navilog1.exe
Supprimé : C:\Users\kabour\Downloads\OTL.Txt
Supprimé : C:\Users\kabour\Downloads\OTL (1).exe
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\SED.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\Zip.exe

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools
Clé Supprimée : HKLM\SOFTWARE\AdwCleaner
Clé Supprimée : HKLM\SOFTWARE\Swearware
Clé Supprimée : HKLM\SOFTWARE\TrendMicro\Hijackthis
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~~~~~~ Autres ~~~~~~

- Prefetch Vidé

*************************

DelFix[S1].txt - [2021 octets] - [20/12/2012 17:54:30]

########## EOF - C:\DelFix[S1].txt - [2145 octets] ##########

Re: suspicion d'infection

Posté : jeu. 20 déc. 2012 18:24
par virginie24

Re: suspicion d'infection

Posté : jeu. 20 déc. 2012 18:26
par virginie24

Re: suspicion d'infection

Posté : mer. 26 déc. 2012 16:44
par dédétraqué
Salut virginie24


Désolé j'ai zappé ton sujet...

Télécharge cette outil :
http://blogs.msdn.com/cfs-file.ashx/__k ... 0_tool.zip

Décompresse le fichier et exécute le fichier cleanup_tool.exe, fais un clique droit sur le fichier cleanup_tool.exe et choisir exécuter en tant qu'administrateur pour lancer le programme.

Dans la liste proposé à coté de Product to cleanup choisi . NET Framework 4 et clique dans le bas sur le bouton Cleanup Now.

Après refais les mises à jour sur le site de Microsoft :
http://www.windowsupdate.com/


@++

Re: suspicion d'infection

Posté : jeu. 27 déc. 2012 10:56
par virginie24
salut pas grave avec les fêtes j'ai pas pu trop me connecter donc t'es pardonné !! :-p

j'applique tes manips et apres ??

Re: suspicion d'infection

Posté : jeu. 27 déc. 2012 14:28
par dédétraqué
Salut virginie24


j'applique tes manips et apres ??Cette procédure devrais corriger le problème des mêmes mises à jour qui revient constamment.

Après on va faire une nouvelle analyse de ton PC...


@++

Re: suspicion d'infection

Posté : sam. 29 déc. 2012 17:21
par virginie24
cc alors voila c'est fait par contre il est devenu tres tres long pour se qui est des connections j'ai jamais vu ca!!! :-(


merci pour ton aide....@+++

Re: suspicion d'infection

Posté : sam. 29 déc. 2012 20:46
par dédétraqué
Salut virginie24


Refais un scan avec OTL comme la dernière fois(mode Analyse) avec les mêmes paramètres et la même liste sous personnalisation, tu auras seulement un rapport(OTL.txt) a me poster, voir a utilisé cjoint pour poster le rapport.


@++