Bibou le forum
Vous souhaitez réagir à ce message ? Créez un compte en quelques clics ou connectez-vous pour continuer.

Bibou Le Forum
Portail sur la sécurité
 
PortailAccueilDernières imagesRechercherS'enregistrerConnexion
Le Deal du moment : -50%
-50% sur les sacs à dos pour ordinateur ...
Voir le deal
19.99 €

 

 [Fermé] Infecté par Securitytool

Aller en bas 
3 participants
Aller à la page : 1, 2  Suivant
AuteurMessage
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 10 Oct 2010 - 18:52

Bonjour

j'aide mon cousin a désinfecter son ordinateur , il est infecter par le virus de Securitytool , un message qui s'affiche sans cesse je en sais pas par ou commencer

J'attens vos réponse Merci I
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 10 Oct 2010 - 19:12

Bonsoir m3ri3m


A mon avis, ce serait plus pratique si il s'inscrivait sur le forum.
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 10 Oct 2010 - 19:16

c'est moi qui a l'ordinateur actuellement , en gros c'est moi qui fait toutes les demarches ...

J'attens juste les ordres =D
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 10 Oct 2010 - 19:45

Ok, en attendant qu'une personne vienne t'aider, essaie de suivre ce qui est indiqué ici : http://www.bibou0007.com/aide-a-la-desinfection-f8/procedure-a-suivre-avant-de-poster-t2887.htm
Étapes 1, 2 et 4.

Bonne soirée
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 10 Oct 2010 - 20:50

je ne peux vraiment rien faire car le virus bloque tout logiciel de securité ....

je ne peux meme pas acceder au panneau de configuration ( c'est vista en cas )
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
Laddy
Admin
Admin
Laddy


Féminin
Nombre de messages : 7927
Age : 46
Localisation : suisse
Date d'inscription : 14/03/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 11 Oct 2010 - 7:44

Bonjour

Quel systeme d exploitation ?

essaie ceci
RogueKiller : tueur de rogues

  • Télécharge sur le bureau RogueKiller (par tigzy)
  • Double Clic sur l'executable pour le lancer.
  • Un rapport (RKreport.txt) a été créé sur le bureau, colle son contenu dans la réponse


Et tente de passer les outils demandés ensuite
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 11 Oct 2010 - 12:34

je ne peux vraiment rien faire
j'essaye de faire un imprim-ecran j'y arrive pas, security tool bloque tout même Paint ( vu que c'est pas mon ordinateur
on peut essayé en mode sans-échec ?!

( il bloque vraiment tout je peux rien faire .... j'ai tout essayé pour vous faire un impri-ecran ... :s)
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
Laddy
Admin
Admin
Laddy


Féminin
Nombre de messages : 7927
Age : 46
Localisation : suisse
Date d'inscription : 14/03/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 11 Oct 2010 - 12:58

tu dis que tout bloque mais à quel moment exactement ?
tu as réussi à telecharger l)outil indiqué ?
as tu essayé en le telechargeant d'un autre PC ?

le bureau arrive à se charger ou pas du tout ?
en mode sans echec avec prise en charge réseau non plus ?

Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 11 Oct 2010 - 16:19

un message d'erreur s'affiche a chaque fois que je demande quelque chose , soit d'exécuter un des logiciel demander soit de demander mes document,soit mes image soit le panneau de configuration.. tout quoi
j'ai réussi a les télécharger mais pas a les exécuter
le problème n'est pas le téléchargement mais l'exécution des logiciel
le bureau se charge complètement...
je n'ai pas encore essayé en mode sans échec je vous demande d'abord conseil ...
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
Laddy
Admin
Admin
Laddy


Féminin
Nombre de messages : 7927
Age : 46
Localisation : suisse
Date d'inscription : 14/03/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 11 Oct 2010 - 20:51

Essaie le mode sans echec.

Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 11 Oct 2010 - 20:56

et je fait quoi je lance quel logiciel ?
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
Laddy
Admin
Admin
Laddy


Féminin
Nombre de messages : 7927
Age : 46
Localisation : suisse
Date d'inscription : 14/03/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 11 Oct 2010 - 21:07

RogueKiller pour commencer
essaie de faire un rapport de diagnostic avec RSIT ou ZPHDiag si tu arrives à l'installer
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 11 Oct 2010 - 21:49

Logfile of random's system information tool 1.08 (written by random/random)
Run by Hamza at 2010-10-11 21:38:59
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 117 GB (51%) free of 228 GB
Total RAM: 2041 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:39:31, on 11/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Safe mode with network support

Running processes:
C:\windows\Explorer.EXE
C:\Users\Hamza\Downloads\RSIT.exe
C:\Program Files\trend micro\Hamza.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll
R3 - URLSearchHook: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll
O1 - Hosts: ::1 localhost
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SpiderMessenger_BHO - {ADE49752-DBBC-43A3-9498-379A82F574BF} - C:\Program Files\SpiderMessenger\SpiderMessenger.BHO.dll
O2 - BHO: EOBHO - {C10DC1F4-CCDF-4224-A24D-B23AFC3573C8} - C:\Program Files\EoRezo\EoRezoBHO.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing)
O3 - Toolbar: Messenger Plus Live France Toolbar - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [eorezo] "C:\Program Files\EoRezo\eorezo.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [SoftwareHelper] C:\Users\Hamza\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe -runonce
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [OfferBox] C:\Program Files\OfferBox\OfferBox.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpiderMessenger] "C:\Program Files\SpiderMessenger\SpiderMessenger.exe" -startrun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Logon Session Broker (ASBroker) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Local Communication Channel (ASChannel) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\windows\system32\DFSR.exe
O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate1ca58b35cf75dd0) (gupdate1ca58b35cf75dd0) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: Net Driver HPZ12 - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe
O23 - Service: BitDefender Threat Scanner (scan) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\windows\system32\SLsvc.exe
O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\windows\system32\svchost.exe

--
End of file - 26418 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
BHO_Startup Class - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2008-05-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59994074-c06d-4a75-9768-49e5a8c21264}]
Messenger Plus Live France Toolbar - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll [2010-08-31 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}]
BrowserHelper Class - C:\Program Files\SGPSA\SearchAssistant.dll [2009-10-15 123904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADE49752-DBBC-43A3-9498-379A82F574BF}]
SpiderMessenger_BHO Class - C:\Program Files\SpiderMessenger\SpiderMessenger.BHO.dll [2010-06-25 188088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}]
EOBHO Class - C:\Program Files\EoRezo\EoRezoBHO.dll [2009-11-11 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}]
EoBHO Class - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll [2008-11-18 42792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2008-05-21 58128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
Search Assistant - C:\Program Files\SGPSA\BHO.dll [2009-08-25 927232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
Fast Browser Search Toolbar Helper - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-10-18 95536]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]
{9ec204df-0e48-4c32-816e-2e928a4fd9c2} - WalterShop - C:\windows\system32\mscoree.dll [2009-11-08 297808]
{59994074-c06d-4a75-9768-49e5a8c21264} - Messenger Plus Live France Toolbar - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll [2010-08-31 2734688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712]
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-16 293168]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2008-05-08 238984]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2008-05-21 24848]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2008-05-12 318488]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1045800]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]
"File Sanitizer"=C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2008-05-02 10244096]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-05-24 197904]
"HP Software Update"=c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-09 54840]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1314816]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [2008-03-19 3842048]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-11-16 782336]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-10-18 69632]
"FBSSA"=C:\Program Files\SGPSA\ie3sh.exe [2009-08-27 765824]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-09-22 47904]
"EoEngine"=C:\Program Files\EoRezo\EoEngine.exe [2009-02-23 472872]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-03-15 233472]
"eorezo"=C:\Program Files\EoRezo\eorezo.exe [2010-04-12 667648]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-09-24 421160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SoftwareHelper"=C:\Users\Hamza\AppData\Roaming\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-18 2289664]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"Software Informer"=C:\Program Files\Software Informer\softinfo.exe [2010-04-13 2285637]
"OfferBox"=C:\Program Files\OfferBox\OfferBox.exe [2010-03-23 632464]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"SpiderMessenger"=C:\Program Files\SpiderMessenger\SpiderMessenger.exe [2010-06-25 2522808]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.scr - open - "C:\windows\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-10-11 21:38:59 ----D---- C:\rsit
2010-10-11 21:38:59 ----D---- C:\Program Files\trend micro
2010-10-11 21:25:28 ----A---- C:\windows\ntbtlog.txt
2010-10-02 09:52:39 ----D---- C:\windows\Sun
2010-09-29 17:21:08 ----A---- C:\windows\system32\tzres.dll
2010-09-29 14:29:41 ----D---- C:\Users\Hamza\AppData\Roaming\AnvSoft
2010-09-29 14:29:34 ----D---- C:\Program Files\AnvSoft
2010-09-25 10:41:22 ----D---- C:\Program Files\iPod
2010-09-25 10:41:05 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-25 10:27:50 ----D---- C:\Program Files\QuickTime
2010-09-25 10:17:27 ----D---- C:\Program Files\Bonjour
2010-09-15 13:04:35 ----A---- C:\windows\system32\usp10.dll
2010-09-15 13:04:28 ----A---- C:\windows\system32\spoolsv.exe
2010-09-15 13:04:25 ----A---- C:\windows\system32\MP4SDECD.DLL
2010-09-15 13:02:47 ----A---- C:\windows\system32\inetcomm.dll

======List of files/folders modified in the last 1 months======

2010-10-11 22:17:06 ----SHD---- C:\System Volume Information
2010-10-11 21:38:59 ----RD---- C:\Program Files
2010-10-11 21:37:13 ----D---- C:\Program Files\Mozilla Firefox
2010-10-11 21:25:28 ----D---- C:\Windows
2010-10-11 21:11:32 ----D---- C:\windows\System32
2010-10-11 21:11:11 ----D---- C:\Users\Hamza\AppData\Roaming\Skype
2010-10-11 21:10:13 ----D---- C:\Users\Hamza\AppData\Roaming\EoRezo
2010-10-11 21:06:06 ----D---- C:\windows\Temp
2010-10-11 21:05:39 ----D---- C:\Users\Hamza\AppData\Roaming\Software Informer
2010-10-11 21:05:19 ----D---- C:\windows\Microsoft.NET
2010-10-11 21:01:13 ----D---- C:\ProgramData\hpqLog
2010-10-11 21:01:01 ----D---- C:\windows\system32\drivers\etc
2010-10-10 18:02:52 ----D---- C:\Users\Hamza\AppData\Roaming\OfferBox
2010-10-10 12:23:17 ----D---- C:\Users\Hamza\AppData\Roaming\vlc
2010-10-10 12:17:16 ----SHD---- C:\windows\Installer
2010-10-10 12:02:19 ----D---- C:\Users\Hamza\AppData\Roaming\skypePM
2010-10-08 23:05:07 ----D---- C:\Users\Hamza\AppData\Roaming\LimeWire
2010-10-07 17:33:10 ----D---- C:\windows\Prefetch
2010-10-07 09:44:44 ----RSD---- C:\windows\assembly
2010-10-07 09:43:30 ----D---- C:\windows\winsxs
2010-10-07 09:43:03 ----D---- C:\windows\system32\catroot
2010-10-05 21:41:08 ----D---- C:\windows\inf
2010-10-05 21:41:08 ----A---- C:\windows\system32\PerfStringBackup.INI
2010-10-03 22:23:32 ----D---- C:\windows\system32\catroot2
2010-10-03 09:47:30 ----D---- C:\windows\system32\Tasks
2010-09-29 19:18:35 ----D---- C:\windows\rescache
2010-09-29 18:03:37 ----AD---- C:\windows\system32\fr-FR
2010-09-25 18:16:44 ----D---- C:\Program Files\EoRezo
2010-09-25 17:47:10 ----D---- C:\Program Files\Google
2010-09-25 12:04:53 ----D---- C:\Users\Hamza\AppData\Roaming\Apple Computer
2010-09-25 10:44:31 ----D---- C:\Program Files\iTunes
2010-09-25 10:41:20 ----D---- C:\Program Files\Common Files\Apple
2010-09-25 10:41:05 ----HD---- C:\ProgramData
2010-09-25 10:32:29 ----D---- C:\windows\system32\drivers
2010-09-25 10:13:36 ----D---- C:\Program Files\Safari
2010-09-18 12:10:07 ----D---- C:\windows\Minidump
2010-09-15 22:50:38 ----D---- C:\ProgramData\Microsoft Help
2010-09-15 22:48:54 ----D---- C:\Program Files\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2008-04-07 25448]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\drivers\iastor.sys [2008-04-15 312344]
R0 MegaSR;MegaSR; C:\windows\system32\drivers\megasr.sys [2008-01-21 386616]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2008-04-08 44944]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2008-05-14 108752]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2008-05-14 51376]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2008-05-14 12928]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-10-18 137224]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2008-04-07 34664]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\windows\system32\DRIVERS\bdfndisf.sys [2009-10-18 104456]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HBtnKey;HBtnKey; C:\windows\system32\DRIVERS\cpqbttn.sys [2008-04-14 9344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ; C:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2008-03-27 199472]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\windows\system32\DRIVERS\yk60x86.sys [2008-01-17 298496]
S1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2008-05-14 12496]
S1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2008-03-14 46652]
S2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [2009-10-18 82696]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2008-04-11 382464]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
S3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2008-05-08 3552256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 bdfm;BDFM; C:\windows\system32\drivers\bdfm.sys [2009-10-18 111112]
S3 bdfsfltr;bdfsfltr; C:\windows\system32\DRIVERS\bdfsfltr.sys [2009-10-18 242184]
S3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2009-10-18 8832]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-09-23 14336]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2009-10-18 13056]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2008-04-10 1804160]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2009-10-18 39808]
S3 USBAAPL;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-16 182576]
S2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2007-10-19 86016]
S2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2007-12-11 12800]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
S2 ASBroker;Logon Session Broker; C:\windows\System32\svchost.exe [2008-01-21 21504]
S2 ASChannel;Local Communication Channel; C:\windows\System32\svchost.exe [2008-01-21 21504]
S2 Ati External Event Utility;Ati External Event Utility; C:\windows\system32\Ati2evxx.exe [2008-05-08 671744]
S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
S2 gupdate1ca58b35cf75dd0;Service Google Update (gupdate1ca58b35cf75dd0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-29 133104]
S2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
S2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-05-14 34184]
S2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-05-14 256512]
S2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2008-05-02 77824]
S2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-18 354840]
S2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-18 73728]
S2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-10-18 413696]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
S2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2008-01-21 21504]
S2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-11-16 1638240]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-10-23 85096]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-04-16 165192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
S3 scan;BitDefender Threat Scanner; C:\windows\System32\svchost.exe [2008-01-21 21504]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 11 Oct 2010 - 21:50

info.txt logfile of random's system information tool 1.08 2010-10-11 21:39:34

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
ActivClient 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
Adobe Flash Player 10 ActiveX-->C:\windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\windows\system32\Macromed\Flash\uninstall_plugin.exe
Agere Systems HDA Modem-->agrsmdel
Any Audio Converter 3.0.7-->"C:\Program Files\AnvSoft\Any Audio Converter\unins000.exe"
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Mobile Device Support-->MsiExec.exe /I{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask.com Search Assistant 1.0.2-->C:\Program Files\Ask Search Assistant\uninst.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
AutoCAD 2008 - Français-->C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-040C-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
BIOS Configuration for HP ProtectTools-->MsiExec.exe /X{A1410161-F615-4B91-A019-FA33833EF00D}
BitDefender Total Security 2009-->MsiExec.exe /X{8ACF317C-CA66-4363-AEBF-A073B124AA1A}
Bonjour-->MsiExec.exe /X{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}
Catalyst Control Center - Branding-->MsiExec.exe /I{30BF4E6C-D866-46F7-A4F6-81A45E97706E}
Credential Manager for HP ProtectTools-->rundll32.exe "c:\Program Files\Hewlett-Packard\IAM\Bin\SetupHelper.dll",ExecMain /Uninstall {0F98662A-EA83-414F-8766-3FCE46A32641}
Drive Encryption for HP ProtectTools-->MsiExec.exe /I{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}
eoEngine 9.1-->"C:\Program Files\EoRezo\unins000.exe"
EoRezo 10.3-->"C:\Program Files\EoRezo\unins001.exe"
ESU for Microsoft Vista SP1-->MsiExec.exe /I{BC1DC565-8B34-4B29-9DB2-BF281C2FB56E}
File Sanitizer For HP ProtectTools-->C:\Program Files\InstallShield Installation Information\{789C97CE-9E17-4126-BDF4-11FF458BF705}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Chrome-->"C:\Program Files\Google\Chrome\Application\6.0.472.63\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP 3D DriveGuard-->MsiExec.exe /X{4C203E35-B5C7-4E35-9834-619668C0FFEE}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{420BBA1D-B275-4891-838C-EA88FE87A632}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BB128BE-2670-485D-A221-B00715BCEBCF}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}
HP JavaCard for HP ProtectTools-->MsiExec.exe /I{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}
HP ProtectTools Security Manager Suite-->C:\Windows\Installer\HPPTSuiteInstallEngine.exe /uninstall=C:\Windows\Installer\49351200.msi
HP ProtectTools Security Manager-->MsiExec.exe /I{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}
HP Quick Launch Buttons 6.40 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Software Setup 5.00.A.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x9
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0108-->MsiExec.exe /I{B79DB290-9F72-4B20-9776-848D7832705B}
HP Wallpaper-->MsiExec.exe /I{F173C2B3-296F-458C-98FF-1676A42EBA02}
HP Webcam Application-->C:\Program Files\InstallShield Installation Information\{154E4F71-DFC0-4B31-8D99-F97615031B02}\setup.exe -runfromtemp -l0x040c -removeonly
HP Webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x040c -removeonly
HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
Ma-Config.com-->MsiExec.exe /X{425FFD94-36BD-4933-881B-FE0B9DADF2B7}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Messenger_Plus_Live_France Toolbar-->C:\PROGRA~1\MESSEN~2\UNWISE.EXE /U C:\PROGRA~1\MESSEN~2\INSTALL.LOG
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {DC387AA5-94A6-4920-B004-D59846526D81}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0410-0000-0000000FF1CE} /uninstall {0A75DA12-55CB-4DE5-8B6A-74D97847204E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {89C8E56A-90D8-4598-B0E6-EB28F6270E07}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Access MUI (Italian) 2007-->MsiExec.exe /X{90120000-0015-0410-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)-->msiexec /package {90120000-0016-0410-0000-0000000FF1CE} /uninstall {9F57BDED-B51B-4D2F-B360-5B4EFAAF0F1A}
Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Excel MUI (Italian) 2007-->MsiExec.exe /X{90120000-0016-0410-0000-0000000FF1CE}
Microsoft Office Excel Viewer-->MsiExec.exe /I{95120000-003F-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)-->msiexec /package {90120000-001A-0410-0000-0000000FF1CE} /uninstall {2278E02A-AB15-4BF7-B2B4-5C0EEB4B7EEB}
Microsoft Office Outlook MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Italian) 2007-->MsiExec.exe /X{90120000-001A-0410-0000-0000000FF1CE}
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)-->msiexec /package {90120000-0018-0410-0000-0000000FF1CE} /uninstall {C76C02F1-B07F-4974-876A-A18DEC9887C8}
Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Italian) 2007-->MsiExec.exe /X{90120000-0018-0410-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Italian) 2007-->MsiExec.exe /X{90120000-002C-0410-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Italian) 2007-->MsiExec.exe /X{90120000-0019-0410-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (Italian) 2007-->MsiExec.exe /X{90120000-006E-0410-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)-->msiexec /package {90120000-001B-0410-0000-0000000FF1CE} /uninstall {E5B82DB3-DD7D-4C45-BC5E-09864B26F9BC}
Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (Italian) 2007-->MsiExec.exe /X{90120000-001B-0410-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
nCleaner second 2.3.4.0-->C:\Program Files\NKProds\nCleaner\uninstall.exe
OfferBox-->MsiExec.exe /X{2C8574B5-6935-4FCE-860E-F4E8602378FF}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Complete-->C:\Program Files\PDF Complete\uninstall.exe
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Business v10-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Business-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD-->MsiExec.exe /I{30A2A953-DEB1-466A-B660-F4399C7C6B9D}
Safari-->MsiExec.exe /I{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}
Search Guard Plus (My Tattoons)-->C:\Program Files\Search Guard Plus\uninstalSGP.exe
Search Guard Plus Updater (My Tattoons)-->C:\Program Files\Search Guard PlusU\uninstalSGPU.exe
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office Outlook 2007 (KB2288953)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8B772E1C-7C05-42D2-839D-3EC2D39EFF22}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Software Informer 1.0 BETA-->"C:\Program Files\Software Informer\unins000.exe"
SoftwareUpdate 1.0-->"C:\Users\Hamza\AppData\Roaming\eoRezo\SoftwareUpdate\unins000.exe"
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
SoundMAX-->C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x040c -removeonly
SpiderMessenger 1.0-->"C:\Program Files\SpiderMessenger\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8}
Update for Outlook 2007 Junk Email Filter (kb2291599)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {768A5B4B-2FDF-4F3D-981E-33C53724BBC8}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0407-0000-0000000FF1CE} /uninstall {F6828576-6F79-470D-AB50-69D1BBADBD30}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
Update voor Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {5CF7002F-6F49-4482-9564-5614FBE560FA}
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}
Update voor Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {A66AE6A1-8D8C-4102-BC18-38CBDE40F809}
Vista Default Settings-->MsiExec.exe /I{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WalterShop-->C:\Program Files\WalterShop.com\uninstaller.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
WinZip 14.5-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}

======Security center information======

AV: BitDefender Antivirus (disabled)
FW: BitDefender Firewall (disabled)
AS: BitDefender Antispyware (disabled)
AS: Windows Defender

======System event log======

Computer Name: PC-de-Hamza
Event Code: 1003
Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0022FAAE8D50. Il s'est produit l'erreur suivante :
Le délai de temporisation de sémaphore a expiré.. Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du serveur d'adresse réseau (DHCP).
Record Number: 221329
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20100716174655.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-Hamza
Event Code: 1000
Message: Votre ordinateur a perdu le bail de son adresse IP 78.250.113.60 sur la carte réseau d'adresse réseau 0022FAAE8D50.
Record Number: 221330
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20100716174655.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Hamza
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 221355
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100716175012.768800-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Hamza
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 221376
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20100717111136.706135-000
Event Type: Erreur
User:

Computer Name: PC-de-Hamza
Event Code: 6008
Message: L'arrêt système précédant à 13:11:50 le 17/07/2010 n'était pas prévu.
Record Number: 221392
Source Name: EventLog
Time Written: 20100717111337.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-Hamza
Event Code: 4609
Message: Le système d'événements de COM+ a détecté un code de renvoi erroné lors de son traitement interne. Le HRESULT est 8007043c à partir de la ligne 45 de d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Contactez les services de support technique Microsoft pour signaler cette erreur.
Record Number: 37927
Source Name: Microsoft-Windows-EventSystem
Time Written: 20101011192600.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Hamza
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 37930
Source Name: Microsoft-Windows-WMI
Time Written: 20101011192653.000000-000
Event Type: Erreur
User:

Computer Name: PC-DE-HAMZA
Event Code: 6000
Message: L’abonné aux notifications Winlogon n’était pas disponible pour traiter un événement de notification.
Record Number: 37935
Source Name: Microsoft-Windows-Winlogon
Time Written: 20101011193421.000000-000
Event Type: Avertissement
User:

Computer Name: PC-de-Hamza
Event Code: 4609
Message: Le système d'événements de COM+ a détecté un code de renvoi erroné lors de son traitement interne. Le HRESULT est 8007043c à partir de la ligne 45 de d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Contactez les services de support technique Microsoft pour signaler cette erreur.
Record Number: 37937
Source Name: Microsoft-Windows-EventSystem
Time Written: 20101011193434.000000-000
Event Type: Erreur
User:

Computer Name: PC-de-Hamza
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 37940
Source Name: Microsoft-Windows-WMI
Time Written: 20101011193524.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-Hamza
Event Code: 5056
Message: Un autotest de chiffrement a été effectué.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-HAMZA$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Module : ncrypt.dll

Code de retour : 0x0
Record Number: 40436
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100530101342.483491-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Hamza
Event Code: 4648
Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-HAMZA$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Compte dont les informations d’identification ont été utilisées :
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Serveur cible :
Nom du serveur cible : localhost
Informations supplémentaires : localhost

Informations sur le processus :
ID du processus : 0x2d0
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Adresse du réseau : -
Port : -

Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS.
Record Number: 40437
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100530101344.120491-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Hamza
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : PC-DE-HAMZA$
Domaine du compte : WORKGROUP
ID d’ouverture de session : 0x3e7

Type d’ouverture de session : 5

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x2d0
Nom du processus : C:\Windows\System32\services.exe

Informations sur le réseau :
Nom de la station de travail :
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : Advapi
Package d’authentification : Negotiate
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 40438
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100530101344.120491-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Hamza
Event Code: 4672
Message: Privilèges spéciaux attribués à la nouvelle ouverture de session.

Sujet :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7

Privilèges : SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 40439
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100530101344.120491-000
Event Type: Succès de l'audit
User:

Computer Name: PC-de-Hamza
Event Code: 5033
Message: Le pilote du Pare-feu Windows est correctement démarré.
Record Number: 40440
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100530101345.247491-000
Event Type: Succès de l'audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ActivIdentity\ActivClient\;c:\Program Files\Hewlett-Packard\IAM\bin;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=BNB
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"EMC_AUTOPLAY"=c:\Program Files\Common Files\Roxio Shared\
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 11 Oct 2010 - 22:53

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4796

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

11/10/2010 22:39:20
mbam-log-2010-10-11 (22-39-20).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 147469
Temps écoulé: 14 minute(s), 39 seconde(s)

Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 53

Processus mémoire infecté(s):
C:\Users\Hamza\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Unloaded process successfully.
C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Unloaded process successfully.
C:\Program Files\EoRezo\eorezo.exe (Rogue.Eorezo) -> Unloaded process successfully.
C:\Program Files\SpiderMessenger\SpiderMessenger.exe (Spyware.AgenceExclusive) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Delete on reboot.
C:\Program Files\EoRezo\EoMultiLanguage.dll (Rogue.Eorezo) -> Delete on reboot.
C:\Program Files\EoRezo\EoRezoComm.dll (Rogue.Eorezo) -> Delete on reboot.
C:\Program Files\EoRezo\EoRezoTools_30.dll (Rogue.Eorezo) -> Delete on reboot.
C:\Program Files\EoRezo\FreeImage.dll (Rogue.Eorezo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{18af7201-4f14-4bcf-93fe-45617cf259ff} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{df76e9b7-35ec-46fc-af56-5b79ded9d64f} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c10dc1f4-ccdf-4224-a24d-b23afc3573c8} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{b6acb3f1-6a83-432c-b854-3e1056f87f4e} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819db72d-1c28-4387-9778-e2ff3dc86f74} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eoengine (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eorezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spidermessenger (Spyware.AgenceExclusive) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang (Rogue.Eorezo) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\Hamza\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoEngine.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\eorezo.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\SpiderMessenger\SpiderMessenger.exe (Spyware.AgenceExclusive) -> Quarantined and deleted successfully.
C:\Users\Hamza\downloads\WebfettiSetup2.3.67.1.ZKfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\confmedia.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\eoEngine.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoMultiLanguage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoBHO.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoComm.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoImg_17.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoImg_19.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoImg_20.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoImg_21.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoImg_22.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoImg_23.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_16.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_17.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_18.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_20.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_21.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_26.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_27.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_28.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_29.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoRezoTools_30.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\FreeImage.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\Host.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\MngInstaller.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\unins000.dat (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\unins000.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\unins001.dat (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\unins001.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\user.cyp (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\atl90.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\mfc90.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.ATL.manifest (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.CRT.manifest (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.MFC.manifest (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\msvcr90.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eoclock.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eoengine.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eonet.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\ihm_eoweather.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_en.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_es.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_fr.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\lang\lang_it.xml (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Users\Hamza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMar 12 Oct 2010 - 7:24

Bonjour M3ri3m


Si tu veux bien, on continue ensemble.

Est ce que tu arrives à redémarrer normalement le pc ? Si oui :


  • Clique ici pour télécharger OTL (de Old Timer) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    Utilisateur de Vista/Seven : clic droit sur OTL puis sélectionne "Exécuter en tant qu'administrateur".
  • Coche Recherche Lop et Recherche Purity
  • Sous Personnalisation (en bas), copie/colle ceci

    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.*
    %PROGRAMFILES%\*.
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

  • Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.

    • A la fin du scan, deux rapports s'ouvriront (OTL.Txt et Extras.Txt). Copie/colle ici l'ensemble des rapports.

    PS : Les rapport sont aussi enregistrés sur le bureau



Bonne journée
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMar 12 Oct 2010 - 12:24

OTL logfile created on: 12/10/2010 12:07:19 - Run 1
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Hamza\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 116,12 Gb Free Space | 52,10% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Computer Name: PC-DE-HAMZA | User Name: Hamza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/12 12:05:57 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Hamza\Downloads\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/13 17:28:00 | 002,285,637 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/03/23 09:50:12 | 000,632,464 | ---- | M] (Secure Digital Services) -- C:\Program Files\OfferBox\OfferBox.exe
PRC - [2009/11/16 19:55:42 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2009/11/16 19:55:41 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/11/16 19:55:41 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2009/10/18 12:54:52 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/08/27 12:20:22 | 000,765,824 | ---- | M] () -- C:\Program Files\SGPSA\ie3sh.exe
PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/21 02:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
PRC - [2008/05/14 22:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/05/14 02:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/05/12 15:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/05/08 02:34:10 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008/05/02 22:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008/05/02 22:17:02 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008/04/18 15:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/18 15:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/04 17:10:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/03/31 23:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008/03/25 13:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2008/03/15 01:50:59 | 000,233,472 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/12/11 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/10/19 09:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/05/16 01:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/16 01:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/16 01:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/12 12:05:57 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Hamza\Downloads\OTL.exe
MOD - [2009/10/18 12:51:51 | 000,155,648 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_fragments.m32
MOD - [2009/10/18 12:51:51 | 000,143,360 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll
MOD - [2009/10/18 12:51:51 | 000,106,496 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_extra.m32
MOD - [2009/10/18 12:51:51 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_registry.m32
MOD - [2009/10/18 12:51:51 | 000,077,824 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_base.m32
MOD - [2009/10/18 12:51:51 | 000,073,728 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_net.m32
MOD - [2008/05/21 02:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2008/01/21 04:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 04:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/16 19:55:41 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/10/23 13:05:01 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/10/18 12:54:52 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/10/18 12:54:15 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/09/23 15:50:28 | 000,238,960 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2008/07/17 13:06:56 | 000,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2008/05/21 02:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/05/21 02:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll -- (ASChannel)
SRV - [2008/05/14 22:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/05/14 02:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/05/12 15:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/05/02 22:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008/04/18 15:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008/04/08 14:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/12/11 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/19 09:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/05/16 01:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009/10/18 12:54:51 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/10/18 12:54:51 | 000,104,456 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2009/10/18 12:54:50 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/10/18 12:54:37 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - [2009/10/18 12:54:18 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2009/10/18 12:54:17 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/10/18 12:54:17 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/10/18 12:54:15 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/09/23 15:53:20 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2008/05/14 02:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/05/14 02:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/05/14 02:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/05/14 02:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/08 14:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 08:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Pilote de carte Intel(R)
DRV - [2008/04/15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/04/14 23:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/11 16:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/10 17:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/04/07 20:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/04/07 20:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/03/27 21:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/14 08:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/02/29 18:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 04:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/21 04:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 04:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 04:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/21 04:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 04:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 04:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/17 23:28:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/06/19 02:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
IE - HKLM\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
IE - HKCU\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll (TODO: )
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/16 19:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\SpiderMessengerHelper@spidermessenger.com: C:\Program Files\SpiderMessenger [2010/10/11 22:39:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/25 10:29:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/25 10:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/10/18 12:45:16 | 000,000,000 | ---D | M]

[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions
[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/09/05 16:43:13 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions
[2009/10/22 12:45:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/16 14:56:11 | 000,000,000 | ---D | M] (Messenger Plus Live France Toolbar) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2009/11/03 01:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/10/18 14:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/15 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\fdm_ffext@freedownloadmanager.org
[2010/09/05 16:43:17 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
[2010/04/15 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@waltershop.com
[2010/09/05 16:43:32 | 000,002,247 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\alot-search.xml
[2010/08/29 14:51:16 | 000,001,681 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\ask.uk.xml
[2010/04/21 12:06:58 | 000,000,955 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\conduit.xml
[2010/04/15 11:29:38 | 000,002,321 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\durable.xml
[2009/11/03 01:11:26 | 000,005,462 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
[2010/08/23 11:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/08/23 11:29:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/11/16 19:55:42 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/08/24 21:21:51 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/08/24 21:21:51 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/08/24 21:21:51 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/06/06 09:43:32 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2010/06/06 09:43:34 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2009/08/24 21:21:51 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/08/24 21:21:51 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (SpiderMessenger_BHO Class) - {ADE49752-DBBC-43A3-9498-379A82F574BF} - C:\Program Files\SpiderMessenger\SpiderMessenger.BHO.dll (AgenceExclusive)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live France Toolbar) - {59994074-C06D-4A75-9768-49E5A8C21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [CognizanceTS] c:\Programmes\Hewlett-Packard\IAM\Bin\ASTSVCC.dll File not found
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe ()
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OfferBox] C:\Program Files\OfferBox\OfferBox.exe (Secure Digital Services)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/11 22:23:08 | 000,000,000 | ---D | C] -- C:\Users\Hamza\AppData\Roaming\Malwarebytes
[2010/10/11 22:22:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/10/11 22:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/11 22:22:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/10/11 22:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 21:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/10/11 21:38:59 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/11 21:34:59 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\Nouveau dossier (2)
[2010/10/03 19:16:21 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\sder !
[2010/10/02 09:52:39 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/09/30 18:46:31 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\house
[2010/09/29 22:38:22 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\fiançaille Bou3lam
[2010/09/29 17:21:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010/09/29 14:30:05 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Documents\Any Audio Converter
[2010/09/29 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\Hamza\AppData\Roaming\AnvSoft
[2010/09/29 14:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/09/25 10:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/25 10:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/25 10:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/25 10:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/15 13:04:25 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MP4SDECD.DLL
[2010/09/13 22:56:44 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\Présentation générale
[2010/09/12 23:39:24 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\My photos
[2010/09/12 23:38:14 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\Nouveau dossier
[2010/09/12 23:29:10 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\fete de l'aide
[2009/10/18 12:11:33 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009/10/18 12:11:32 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2010/10/12 11:59:14 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/12 11:58:48 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/12 11:58:48 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/12 11:58:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/10/12 11:58:39 | 2141,470,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/11 22:54:41 | 000,081,984 | ---- | M] () -- C:\windows\System32\bdod.bin
[2010/10/11 22:22:23 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 21:08:21 | 000,064,033 | ---- | M] () -- C:\Users\Hamza\Desktop\RogueKiller(2).exe
[2010/10/10 20:43:49 | 000,001,054 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/10 13:59:47 | 000,002,617 | ---- | M] () -- C:\Users\Hamza\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010/10/10 13:42:37 | 001,227,776 | ---- | M] () -- C:\Users\Hamza\AppData\Local\82046790.exe
[2010/10/10 12:19:24 | 000,042,496 | ---- | M] () -- C:\Users\Hamza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/05 21:41:08 | 000,717,914 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2010/10/05 21:41:08 | 000,629,724 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/10/05 21:41:08 | 000,145,622 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2010/10/05 21:41:08 | 000,119,088 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/10/03 21:58:13 | 000,029,184 | ---- | M] () -- C:\Users\Hamza\Desktop\Classeur1.xls
[2010/09/29 14:29:57 | 000,000,939 | ---- | M] () -- C:\Users\Hamza\Desktop\Any Audio Converter.lnk
[2010/09/29 14:29:09 | 000,006,944 | ---- | M] () -- C:\Users\Hamza\AppData\Local\d3d9caps.dat
[2010/09/28 17:14:02 | 000,028,672 | ---- | M] () -- C:\Users\Hamza\Desktop\projet oral.doc
[2010/09/25 18:00:22 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/25 10:44:40 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/25 10:29:04 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/25 10:12:45 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/09/25 10:12:45 | 000,001,854 | ---- | M] () -- C:\Users\Hamza\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/24 20:42:02 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/09/18 12:10:04 | 317,971,643 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/09/14 17:23:00 | 000,072,960 | ---- | M] () -- C:\Users\Hamza\Documents\LES TERRASSES.dwg
[2010/09/14 16:39:33 | 000,076,544 | ---- | M] () -- C:\Users\Hamza\Documents\LES TERRASSES.bak
[2010/09/12 22:02:06 | 000,027,028 | ---- | M] () -- C:\Users\Hamza\Documents\Organigramme SDER.xlsx
[2010/09/12 20:38:34 | 000,002,687 | ---- | M] () -- C:\Users\Hamza\Desktop\Microsoft Office Word 2007.lnk
[2010/09/12 20:36:59 | 000,002,641 | ---- | M] () -- C:\Users\Hamza\Desktop\Microsoft Office Excel 2007.lnk
[2010/09/12 18:03:29 | 000,831,597 | ---- | M] () -- C:\Users\Hamza\Documents\rapport d'activités.docx

========== Files Created - No Company Name ==========

[2010/10/11 22:22:23 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 22:07:05 | 2141,470,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/11 21:08:20 | 000,064,033 | ---- | C] () -- C:\Users\Hamza\Desktop\RogueKiller(2).exe
[2010/10/10 13:42:36 | 001,227,776 | ---- | C] () -- C:\Users\Hamza\AppData\Local\82046790.exe
[2010/09/29 22:37:35 | 000,029,184 | ---- | C] () -- C:\Users\Hamza\Desktop\Classeur1.xls
[2010/09/29 22:37:01 | 000,028,672 | ---- | C] () -- C:\Users\Hamza\Desktop\projet oral.doc
[2010/09/29 14:29:57 | 000,000,939 | ---- | C] () -- C:\Users\Hamza\Desktop\Any Audio Converter.lnk
[2010/09/25 18:00:22 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/25 10:44:40 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/25 10:29:04 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/18 12:08:17 | 317,971,643 | ---- | C] () -- C:\windows\MEMORY.DMP
[2010/09/14 17:23:00 | 000,076,544 | ---- | C] () -- C:\Users\Hamza\Documents\LES TERRASSES.bak
[2010/09/14 16:39:33 | 000,072,960 | ---- | C] () -- C:\Users\Hamza\Documents\LES TERRASSES.dwg
[2010/09/14 08:08:39 | 000,000,000 | ---- | C] () -- C:\Users\Hamza\AppData\Local\FnF4.txt
[2010/09/12 22:01:55 | 000,027,028 | ---- | C] () -- C:\Users\Hamza\Documents\Organigramme SDER.xlsx
[2009/11/28 15:09:48 | 000,006,944 | ---- | C] () -- C:\Users\Hamza\AppData\Local\d3d9caps.dat
[2009/11/21 19:28:43 | 000,000,000 | ---- | C] () -- C:\windows\System32\w32apiw.dll
[2009/10/23 13:34:11 | 000,042,496 | ---- | C] () -- C:\Users\Hamza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/18 18:37:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/18 12:15:53 | 000,000,000 | ---- | C] () -- C:\Users\Hamza\AppData\Local\QSwitch.txt
[2009/10/18 12:15:53 | 000,000,000 | ---- | C] () -- C:\Users\Hamza\AppData\Local\DSwitch.txt
[2009/10/18 12:15:53 | 000,000,000 | ---- | C] () -- C:\Users\Hamza\AppData\Local\AtStart.txt
[2009/10/18 12:11:32 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009/10/18 12:11:32 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009/10/18 12:11:32 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008/06/17 06:07:59 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008/06/17 06:07:59 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008/06/17 06:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008/06/17 06:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008/06/17 06:07:59 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008/06/17 06:07:59 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008/06/17 05:49:59 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008/05/14 02:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008/05/08 11:14:24 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2008/04/23 18:34:48 | 000,192,512 | ---- | C] () -- C:\windows\System32\txmlutil.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\windows\System32\xreglib.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005/04/04 00:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[1998/05/07 05:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

========== LOP Check ==========

[2010/09/29 14:29:41 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\AnvSoft
[2009/10/30 23:08:25 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Autodesk
[2009/10/18 12:45:30 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\BitDefender
[2010/10/11 22:16:30 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\EoRezo
[2010/02/27 11:32:02 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\InterVideo
[2010/10/08 23:05:07 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\LimeWire
[2009/11/21 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\nCleaner
[2010/10/10 18:02:52 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\OfferBox
[2010/10/12 12:02:52 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Software Informer
[2010/04/15 10:31:33 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\widestream
[2010/10/11 22:54:31 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/11/14 15:53:13 | 000,000,016 | ---- | M] () -- C:\asdict.dat
[2008/01/21 04:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/05/30 00:51:55 | 000,000,141 | ---- | M] () -- C:\dwl.dat
[2010/10/12 11:58:39 | 2141,470,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/30 00:51:55 | 000,000,132 | ---- | M] () -- C:\httpdwl.dat
[2010/10/12 11:58:37 | 2455,199,744 | -HS- | M] () -- C:\pagefile.sys
[2010/05/30 00:51:55 | 000,000,815 | ---- | M] () -- C:\rtsr_eml_sr.dat

< %PROGRAMFILES%\*.* >
[2008/01/21 04:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %PROGRAMFILES%\*. >
[2010/08/25 15:43:31 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2008/06/17 05:34:58 | 000,000,000 | ---D | M] -- C:\Program Files\ActivIdentity
[2009/10/18 12:05:19 | 000,000,000 | ---D | M] -- C:\Program Files\Analog Devices
[2010/09/29 14:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2008/06/17 05:48:02 | 000,000,000 | ---D | M] -- C:\Program Files\AOL
[2009/10/18 13:47:33 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/02/07 14:53:42 | 000,000,000 | ---D | M] -- C:\Program Files\Ask Search Assistant
[2009/10/18 12:06:04 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
[2009/10/18 12:07:19 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/10/23 13:04:53 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2008
[2009/10/23 12:58:22 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2009/10/18 12:45:24 | 000,000,000 | ---D | M] -- C:\Program Files\BitDefender
[2010/09/25 10:17:30 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/08/23 11:28:40 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2010/05/16 14:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/10/28 16:53:33 | 000,000,000 | ---D | M] -- C:\Program Files\Fast Browser Search
[2009/10/18 11:59:59 | 000,000,000 | -HSD | M] -- C:\Program Files\Fichiers communs
[2010/04/15 09:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Free Download Manager
[2010/09/25 17:47:10 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/06/17 06:25:50 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/06/17 06:22:49 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2009/10/18 12:12:20 | 000,000,000 | ---D | M] -- C:\Program Files\HP Webcam Application
[2008/06/17 05:35:05 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2009/10/18 12:12:19 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/06/17 05:30:26 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/08/12 14:04:11 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/06/17 06:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/09/25 10:41:22 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/09/25 10:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2008/06/17 06:14:21 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/11/06 22:18:10 | 000,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2009/11/21 19:03:22 | 000,000,000 | ---D | M] -- C:\Program Files\ma-config.com
[2010/10/11 22:22:26 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/18 12:30:49 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/08/29 14:51:09 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2010/08/31 18:57:29 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger_Plus_Live_France
[2009/10/18 13:41:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 14:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/10/23 12:57:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2008/06/17 05:58:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2008/06/17 05:57:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010/03/14 16:53:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2009/10/18 15:33:53 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/07/17 13:26:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/12 14:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/11 21:48:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/03/14 16:57:23 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/01/30 15:52:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2009/10/18 14:58:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/11/21 19:27:40 | 000,000,000 | ---D | M] -- C:\Program Files\NKProds
[2010/04/15 10:30:15 | 000,000,000 | ---D | M] -- C:\Program Files\OfferBox
[2008/06/17 05:45:56 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Complete
[2010/03/14 16:40:02 | 000,000,000 | ---D | M] -- C:\Program Files\PowerISO
[2010/09/25 10:29:37 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/11/02 14:35:51 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/03/14 17:02:17 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010/09/25 10:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/12/28 11:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\Search Guard Plus
[2010/03/14 17:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Search Guard PlusU
[2009/10/28 16:53:36 | 000,000,000 | ---D | M] -- C:\Program Files\SGPSA
[2009/10/18 13:37:22 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2010/04/14 17:12:08 | 000,000,000 | ---D | M] -- C:\Program Files\Software Informer
[2010/10/11 22:39:18 | 000,000,000 | ---D | M] -- C:\Program Files\SpiderMessenger
[2008/06/17 06:05:35 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/10/11 21:39:31 | 000,000,000 | ---D | M] -- C:\Program Files\trend micro
[2006/11/02 14:58:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/11/17 23:26:39 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/04/15 10:48:13 | 000,000,000 | ---D | M] -- C:\Program Files\WalterShop.com
[2010/04/15 10:42:13 | 000,000,000 | ---D | M] -- C:\Program Files\Widestream6
[2008/01/21 04:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/21 04:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/21 04:47:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/10/18 13:41:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/10/18 13:41:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/09/15 22:48:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/10/28 20:24:53 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/10/18 11:59:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/21 04:47:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/21 04:47:44 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2010/06/15 20:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009/10/18 12:14:37 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Adobe
[2010/09/29 14:29:41 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\AnvSoft
[2010/09/25 12:04:53 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Apple Computer
[2009/10/18 12:16:03 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\ATI
[2009/10/30 23:08:25 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Autodesk
[2009/10/18 12:45:30 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\BitDefender
[2010/09/01 13:42:02 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\dvdcss
[2010/10/11 22:16:30 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\EoRezo
[2009/10/18 12:14:33 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Hewlett-Packard
[2009/10/18 12:15:32 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\HPQLOG
[2009/10/18 12:15:12 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Identities
[2009/10/18 12:05:00 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\InstallShield
[2010/02/27 11:32:02 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\InterVideo
[2010/10/08 23:05:07 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\LimeWire
[2009/10/18 12:14:45 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Macromedia
[2010/10/11 22:23:08 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Malwarebytes
[2010/03/29 19:56:42 | 000,000,000 | --SD | M] -- C:\Users\Hamza\AppData\Roaming\Microsoft
[2009/10/18 12:21:26 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Mozilla
[2009/11/21 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\nCleaner
[2010/10/10 18:02:52 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\OfferBox
[2010/10/12 12:01:26 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Skype
[2010/10/12 12:01:54 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\skypePM
[2010/10/12 12:02:52 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Software Informer
[2010/10/10 12:23:17 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\vlc
[2010/04/15 10:31:33 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\widestream

< %APPDATA%\*.exe /s >
[2008/12/09 11:12:56 | 000,499,296 | ---- | M] (EoRezo) -- C:\Users\Hamza\AppData\Roaming\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
[2010/09/25 18:16:13 | 000,713,771 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\EoRezo\SoftwareUpdate\unins000.exe
[2009/11/02 18:59:47 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\Hamza\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
[2009/11/02 18:59:49 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\Hamza\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
[2009/11/02 18:59:49 | 000,014,848 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
[2009/11/02 18:59:49 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\Hamza\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
[2009/11/02 18:59:49 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\Hamza\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
[2009/11/02 18:59:49 | 000,018,432 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
[2009/11/02 18:59:50 | 000,014,336 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
[2009/11/02 18:59:50 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\Hamza\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009/11/02 18:59:50 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\Hamza\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-07 07:44:55

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMar 12 Oct 2010 - 12:25

OTL Extras logfile created on: 12/10/2010 12:07:19 - Run 1
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Hamza\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 37,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 116,12 Gb Free Space | 52,10% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Computer Name: PC-DE-HAMZA | User Name: Hamza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3541D899-4BE0-4BEB-A864-5A15977F32FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8806E38D-3E6C-4A3B-A5BF-C2B6C7C909AD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{94C330DD-1243-4CB2-B270-A77B77FA2496}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{BDC77BE2-4D51-49C4-BDF4-2657C2BE227C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C38C10DA-A36E-48CF-A163-21BD7684F178}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2173790E-FFF8-4FD7-98E8-51BFCC2714F2}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{2D97008D-3896-49FD-AE3E-7C7FBF03D65C}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |
"{87CD1FFB-9656-425A-B433-81C2FB6BB226}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A13B5A0D-FF6A-4AAC-B7EA-F03CBBFC8009}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A2A80A86-4C27-491D-8393-91B5D0A85550}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{ACC9CB87-0C31-42E3-8435-B2C20A1449C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC03CF9F-FAED-4EF3-9A75-A634A5F1021B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CE82C40D-FC90-4A0C-BDD1-5425EF978CCA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D6C9650E-FC29-4095-BA8D-428C0723A708}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{F8C24EBD-D9A5-431D-9540-959EF91921DB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FC83147B-AADF-4ED1-8A8A-73E53FAE6B64}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\maconfservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{06CB77AB-CDE1-EF6B-175D-85FA59C7F0EE}" = Catalyst Control Center Core Implementation
"{07D78C7B-2AA8-5C02-4238-EE3F39279221}" = Catalyst Control Center Localization Thai
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0AF9C2B7-2E98-8D77-3892-F8512305C6CE}" = CCC Help Turkish
"{0F98662A-EA83-414F-8766-3FCE46A32641}" = Credential Manager for HP ProtectTools
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{164280AB-98C2-FD02-EC0B-5DFBB98E89C1}" = Catalyst Control Center Localization Chinese Standard
"{173317B8-D99E-F58E-CAAE-924D8F26C435}" = CCC Help Czech
"{1779522E-BFC6-738C-E97E-39405E196FA6}" = Catalyst Control Center Localization Spanish
"{1DB44CB7-D68E-9F09-D656-0FBC7D4D9C00}" = Catalyst Control Center Localization Norwegian
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FD3DF19-EF58-2A29-222B-A4B6E237D3DD}" = Catalyst Control Center Graphics Previews Vista
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{207A8D54-51C9-48B6-80E6-CBA5403B3ED4}" = Vista Default Settings
"{2086797F-A4BA-4CD3-8104-09B8D39DA5D8}" = HP JavaCard for HP ProtectTools
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2C8574B5-6935-4FCE-860E-F4E8602378FF}" = OfferBox
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2EC294E6-2E8C-23A7-C174-4E59532B0E06}" = Catalyst Control Center Localization Korean
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{311BF3BF-6AAB-7859-1E5A-EB46644A6011}" = CCC Help French
"{32063923-8066-18D5-BF07-2B692547AEF5}" = CCC Help Korean
"{323C15C3-6DE1-05E6-B202-6F1D90BB1B06}" = Catalyst Control Center Localization Turkish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{3848DCD1-E356-ACB9-93AF-FB93485E1598}" = CCC Help Thai
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3A76F96A-637B-9A0E-F65B-AE595A49DEDA}" = ccc-core-static
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3FCFB6B6-B5DE-C5B8-825F-5998C220C24E}" = Catalyst Control Center Localization Russian
"{420BBA1D-B275-4891-838C-EA88FE87A632}" = HP Customer Experience Enhancements
"{425FFD94-36BD-4933-881B-FE0B9DADF2B7}" = Ma-Config.com
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45BA0F82-FC61-828B-A188-49A24B7B39F4}" = Catalyst Control Center Localization Swedish
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4ADB08ED-A385-21BA-3511-00EB170C9CCA}" = Catalyst Control Center Localization Greek
"{4C203E35-B5C7-4E35-9834-619668C0FFEE}" = HP 3D DriveGuard
"{500CAC18-1509-AC6C-3E91-A437F9457D5E}" = CCC Help Japanese
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE3-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.5)
"{5783F2D7-6001-040C-0002-0060B0CE6BBA}" = AutoCAD 2008 - Français
"{5B5494F7-FD30-AFAB-ACD5-345F26B6AAF4}" = Catalyst Control Center Graphics Full Existing
"{5BF2EC0B-2A01-DDEA-5645-E700BCE9CDA6}" = CCC Help Spanish
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5EF644FA-3703-3253-7372-AE46FD862588}" = ccc-utility
"{63BABF5E-B142-02F9-85E1-F0A1DBEC6D5D}" = Catalyst Control Center Localization Chinese Traditional
"{647ED1EC-1D53-9886-B5A1-234CE9D7BE3F}" = Catalyst Control Center Localization Danish
"{64F561F5-17B7-0721-8D08-78777BB91382}" = CCC Help Italian
"{65E63D8F-F763-940E-38FA-1A6B2C30ADB2}" = Catalyst Control Center Graphics Light
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B4591DF-C531-255E-BDE6-25226A5AE115}" = Skins
"{6C4592F5-A803-1740-A708-84F3578DC083}" = Catalyst Control Center Localization German
"{6DF8EB4D-F5E5-369C-38B2-4F7CD0F02AC3}" = Catalyst Control Center Localization Italian
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75D7BB3A-9AB7-4ad1-AD5E-0059B90C624B}" = HP ProtectTools Security Manager Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{789C97CE-9E17-4126-BDF4-11FF458BF705}" = File Sanitizer For HP ProtectTools
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{8ACF317C-CA66-4363-AEBF-A073B124AA1A}" = BitDefender Total Security 2009
"{8BB128BE-2670-485D-A221-B00715BCEBCF}" = HP Easy Setup - Frontend
"{8BEA3254-8719-4815-9312-69AF21B8D779}" = CCC Help Chinese Traditional
"{8BF85A3B-C2EE-2A32-DF54-B565062FBEC9}" = Catalyst Control Center Localization Japanese
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD39028-8B90-88D8-781A-AB82A9AE6662}" = CCC Help English
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91B26C13-34A4-36FA-E1F0-22664915EED1}" = Catalyst Control Center Localization Dutch
"{926F4D5F-C8FC-4FB7-8E09-BCB8A997D1C7}" = HP ProtectTools Security Manager
"{95120000-003F-040C-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{968933D6-A9FC-891C-6292-F7E68DB2C7EA}" = CCC Help Finnish
"{96DB55D1-E21F-126C-1ADD-35EAAC852C7C}" = Catalyst Control Center Localization Finnish
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{988B865E-CC06-7B3D-FBC0-52093DB75C9A}" = CCC Help Dutch
"{997F39AA-6CDC-2E23-F9C3-D59AACABAB8F}" = Catalyst Control Center Localization French
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DBD8BEE-B3EC-4D82-A81C-0F6250176DCC}" = Drive Encryption for HP ProtectTools
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A1410161-F615-4B91-A019-FA33833EF00D}" = BIOS Configuration for HP ProtectTools
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B0704448-6681-607E-D97F-A148C2E2F763}" = CCC Help Danish
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BABEDC2E-5718-1D6D-9E76-93C7EC76BBC4}" = CCC Help Greek
"{BC1DC565-8B34-4B29-9DB2-BF281C2FB56E}" = ESU for Microsoft Vista SP1
"{BD5DE09E-3C1C-1DCE-E98D-7B7BBDBE15AD}" = CCC Help Portuguese
"{BFCBCC48-9027-17B7-BD08-5214898494CC}" = CCC Help German
"{C3036710-8564-ECEA-0E19-1B7880111167}" = CCC Help Swedish
"{C7D03B2F-5B3A-A6D8-1C6C-AFCA02DDD3EC}" = Catalyst Control Center Localization Czech
"{C8A33E2B-5DDB-BF2E-24A9-95DFA1CDF56D}" = Catalyst Control Center Localization Polish
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CA144572-CEAD-5A14-A338-D28B35D9C7FF}" = Catalyst Control Center Localization Hungarian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE3020D2-1742-19F4-EFB4-4D76097C81D0}" = Catalyst Control Center Localization Portuguese
"{CF755AAE-7801-359C-E9D3-FE8572F8C760}" = Catalyst Control Center Graphics Full New
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC04644B-C7B3-AF77-610C-7F0AF59AC44D}" = ATI Catalyst Install Manager
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DE80F89F-6132-42A9-1A47-542F6C60E1A2}" = CCC Help Russian
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E979B690-80A7-8E8B-1281-C68DBEDDB491}" = CCC Help Norwegian
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F23DFEB2-A5D1-3B97-FBF3-30DC859411C0}" = CCC Help Hungarian
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FBE38124-B7F0-3EEE-98C5-D8C3AE353FF5}" = CCC Help Chinese Standard
"{FD9FAE60-2BF1-C877-9843-AABA9DA06A2B}" = CCC Help Polish
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Any Audio Converter_is1" = Any Audio Converter 3.0.7
"AOL Toolbar" = AOL Toolbar 5.0
"Ask.com Search Assistant" = Ask.com Search Assistant 1.0.2
"AutoCAD 2008 - Français" = AutoCAD 2008 - Français
"eoEngine_is1" = eoEngine 9.1
"EoRezo_is1" = EoRezo 10.3
"Google Chrome" = Google Chrome
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_France Toolbar" = Messenger_Plus_Live_France Toolbar
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"nCleaner" = nCleaner second 2.3.4.0
"PDF Complete" = PDF Complete
"PowerISO" = PowerISO
"PROHYBRIDR" = 2007 Microsoft Office system
"PROPLUS" = Microsoft Office Professional Plus 2007
"Search Guard Plus" = Search Guard Plus (My Tattoons)
"Search Guard Plus Updater" = Search Guard Plus Updater (My Tattoons)
"Software Informer_is1" = Software Informer 1.0 BETA
"SoftwareUpdate_is1" = SoftwareUpdate 1.0
"SpiderMessenger_is1" = SpiderMessenger 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"WalterShop" = WalterShop
"WinLiveSuite_Wave3" = Installation Windows Live

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/10/2010 13:01:52 | Computer Name = PC-de-Hamza | Source = Application Error | ID = 1000
Description = Application défaillante AsGHost.exe, version 3.0.0.61, horodatage
0x4833c92a, module défaillant ItSSO.dll, version 3.0.0.464, horodatage 0x4833c998,
code d’exception 0xc0000005, décalage d’erreur 0x0001f29a, ID du processus 0xc00,
heure de début de l’application 0x01cb64ae4f245c30.

Error - 05/10/2010 15:55:21 | Computer Name = PC-de-Hamza | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Une connexion existante a dû être
fermée par l'hôte distant.)

Error - 06/10/2010 07:53:31 | Computer Name = PC-de-Hamza | Source = WinMgmt | ID = 10
Description =

Error - 06/10/2010 07:55:19 | Computer Name = PC-de-Hamza | Source = .NET Runtime Optimization Service | ID = 1111
Description =

Error - 06/10/2010 07:57:56 | Computer Name = PC-de-Hamza | Source = Application Error | ID = 1000
Description = Application défaillante AppleSyncNotifier.exe, version 1.5.0.0, horodatage
0x4a5d2cf8, module défaillant CoreFoundation.dll, version 6.0.6001.18000, horodatage
0x4791a7a6, code d’exception 0xc0000135, décalage d’erreur 0x00009cac, ID du processus
0x10ec, heure de début de l’application 0x01cb654d04d7ea73.

Error - 06/10/2010 08:02:30 | Computer Name = PC-de-Hamza | Source = Application Error | ID = 1000
Description = Application défaillante AsGHost.exe, version 3.0.0.61, horodatage
0x4833c92a, module défaillant ItSSO.dll, version 3.0.0.464, horodatage 0x4833c998,
code d’exception 0xc0000005, décalage d’erreur 0x0001f29a, ID du processus 0x518,
heure de début de l’application 0x01cb654cfc36ee73.

Error - 06/10/2010 08:40:21 | Computer Name = PC-de-Hamza | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 06/10/2010 08:40:21 | Computer Name = PC-de-Hamza | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8704

Error - 06/10/2010 08:40:21 | Computer Name = PC-de-Hamza | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8704

Error - 06/10/2010 09:31:00 | Computer Name = PC-de-Hamza | Source = Application Error | ID = 1000
Description = Application défaillante AsGHost.exe, version 3.0.0.61, horodatage
0x4833c92a, module défaillant ItSSO.dll, version 3.0.0.464, horodatage 0x4833c998,
code d’exception 0xc0000005, décalage d’erreur 0x0001f29a, ID du processus 0x528,
heure de début de l’application 0x01cb655a71f44130.

[ Credential Manager Events ]
Error - 04/10/2010 12:40:53 | Computer Name = PC-de-Hamza | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utilisateur : Hamza@PC-de-Hamza
Informations
d'identification : Mot de passe Erreur : (0xC516020B) Le système n'a pas réussi
à vous connecter. Vérifiez que votre nom d'utilisateur et votre domaine sont corrects
et retapez votre mot de passe. Les lettres des mots de passe doivent être saisies
en respectant la casse. Vérifiez que la touche de verrouillage des majuscules
est désactivée.

Error - 04/10/2010 12:40:53 | Computer Name = PC-de-Hamza | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utilisateur :
Hamza@PC-de-Hamza GUID client : {Password} Erreur : 0xC516020B Hôte client : localhost

Adresse
client : 127.0.0.1 Autorité : HP Hôte serveur : localhost Protocole : HTTP

Error - 04/10/2010 12:41:35 | Computer Name = PC-de-Hamza | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utilisateur :
Hamza@PC-de-Hamza GUID client : {Password} Erreur : 0xC516020B Hôte client : localhost

Adresse
client : 127.0.0.1 Autorité : HP Hôte serveur : localhost Protocole : HTTP

Error - 04/10/2010 12:41:36 | Computer Name = PC-de-Hamza | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utilisateur : Hamza@PC-de-Hamza
Informations
d'identification : Mot de passe Erreur : (0xC516020B) Le système n'a pas réussi
à vous connecter. Vérifiez que votre nom d'utilisateur et votre domaine sont corrects
et retapez votre mot de passe. Les lettres des mots de passe doivent être saisies
en respectant la casse. Vérifiez que la touche de verrouillage des majuscules
est désactivée.

Error - 04/10/2010 12:42:26 | Computer Name = PC-de-Hamza | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. Utilisateur :
Hamza@PC-de-Hamza GUID client : {Password} Erreur : 0xC516020B Hôte client : localhost

Adresse
client : 127.0.0.1 Autorité : HP Hôte serveur : localhost Protocole : HTTP

Error - 04/10/2010 12:42:26 | Computer Name = PC-de-Hamza | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. Utilisateur : Hamza@PC-de-Hamza
Informations
d'identification : Mot de passe Erreur : (0xC516020B) Le système n'a pas réussi
à vous connecter. Vérifiez que votre nom d'utilisateur et votre domaine sont corrects
et retapez votre mot de passe. Les lettres des mots de passe doivent être saisies
en respectant la casse. Vérifiez que la touche de verrouillage des majuscules
est désactivée.

[ System Events ]
Error - 16/07/2010 13:00:04 | Computer Name = PC-de-Hamza | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.250.113.60 sur
la carte réseau d'adresse réseau 0022FAAE8D50.

Error - 16/07/2010 13:06:36 | Computer Name = PC-de-Hamza | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.250.113.60 sur
la carte réseau d'adresse réseau 0022FAAE8D50.

Error - 16/07/2010 13:13:38 | Computer Name = PC-de-Hamza | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.250.113.60 sur
la carte réseau d'adresse réseau 0022FAAE8D50.

Error - 16/07/2010 13:20:21 | Computer Name = PC-de-Hamza | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.250.113.60 sur
la carte réseau d'adresse réseau 0022FAAE8D50.

Error - 16/07/2010 13:26:56 | Computer Name = PC-de-Hamza | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.250.113.60 sur
la carte réseau d'adresse réseau 0022FAAE8D50.

Error - 16/07/2010 13:33:30 | Computer Name = PC-de-Hamza | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.250.113.60 sur
la carte réseau d'adresse réseau 0022FAAE8D50.

Error - 16/07/2010 13:40:09 | Computer Name = PC-de-Hamza | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.250.113.60 sur
la carte réseau d'adresse réseau 0022FAAE8D50.

Error - 16/07/2010 13:46:55 | Computer Name = PC-de-Hamza | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 78.250.113.60 sur
la carte réseau d'adresse réseau 0022FAAE8D50.

Error - 17/07/2010 07:11:36 | Computer Name = PC-de-Hamza | Source = HTTP | ID = 15016
Description =

Error - 17/07/2010 07:13:37 | Computer Name = PC-de-Hamza | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 13:11:50 le 17/07/2010 n'était pas prévu.


< End of report >
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMar 12 Oct 2010 - 21:35

Bonsoir M3ri3m



Désinstalle les programmes suivants, et à ne pas réinstaller :
Ask.com Search Assistant 1.0.2
eoEngine 9.1
EoRezo 10.3
Search Guard Plus (My Tattoons)
Search Guard Plus Updater (My Tattoons)
SoftwareUpdate 1.0
SpiderMessenger 1.0




Relance OTL

  • Dans le cadre Personnalisation qui est en bas, colle le contenu du cadre ci dessous :


Citation :
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
IE - HKLM\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll (TODO: )
FF - HKLM\software\mozilla\Firefox\Extensions\\SpiderMessengerHelper@spidermessenger.com: C:\Program Files\SpiderMessenger [2010/10/11 22:39:18 | 000,000,000 | ---D | M]
[2010/05/16 14:56:11 | 000,000,000 | ---D | M] (Messenger Plus Live France Toolbar) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2009/11/03 01:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/08/29 14:51:16 | 000,001,681 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\ask.uk.xml
[2010/04/21 12:06:58 | 000,000,955 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\conduit.xml
[2009/11/03 01:11:26 | 000,005,462 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
[2010/06/06 09:43:32 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2010/06/06 09:43:34 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
O2 - BHO: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (BrowserHelper Class) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll (Make The Web Better, LLC)
O2 - BHO: (SpiderMessenger_BHO Class) - {ADE49752-DBBC-43A3-9498-379A82F574BF} - C:\Program Files\SpiderMessenger\SpiderMessenger.BHO.dll (AgenceExclusive)
O2 - BHO: (Search Assistant) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll (MTWB)
O2 - BHO: (Fast Browser Search Toolbar Helper) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKLM\..\Toolbar: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Fast Browser Search Toolbar) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live France Toolbar) - {59994074-C06D-4A75-9768-49E5A8C21264} - C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe ()
[2010/10/10 13:42:37 | 001,227,776 | ---- | M] () -- C:\Users\Hamza\AppData\Local\82046790.exe
[2009/11/21 19:28:43 | 000,000,000 | ---- | C] () -- C:\windows\System32\w32apiw.dll
[2010/10/11 22:16:30 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\EoRezo
[2010/05/30 00:51:55 | 000,000,141 | ---- | M] () -- C:\dwl.dat
[2010/05/30 00:51:55 | 000,000,132 | ---- | M] () -- C:\httpdwl.dat
[2010/05/30 00:51:55 | 000,000,815 | ---- | M] () -- C:\rtsr_eml_sr.dat
[2010/02/07 14:53:42 | 000,000,000 | ---D | M] -- C:\Program Files\Ask Search Assistant
[2010/05/16 14:56:16 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/10/28 16:53:33 | 000,000,000 | ---D | M] -- C:\Program Files\Fast Browser Search
[2009/12/28 11:00:37 | 000,000,000 | ---D | M] -- C:\Program Files\Search Guard Plus
[2010/03/14 17:02:28 | 000,000,000 | ---D | M] -- C:\Program Files\Search Guard PlusU
[2009/10/28 16:53:36 | 000,000,000 | ---D | M] -- C:\Program Files\SGPSA
[2010/10/11 22:39:18 | 000,000,000 | ---D | M] -- C:\Program Files\SpiderMessenger

:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
    Puis clique sur le bouton Correction en haut.
  • Laisse OTL tourner, le pc va redémarrer.
  • Au redémarrage, un nouveau rapport va s'ouvrir, copie/colle son contenu ici svp
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMar 12 Oct 2010 - 22:02

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\First Home Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{59994074-c06d-4a75-9768-49e5a8c21264} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ deleted successfully.
C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{59994074-c06d-4a75-9768-49e5a8c21264} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ not found.
File C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}\ not found.
C:\Program Files\SGPSA\mtwb3sh.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\SpiderMessengerHelper@spidermessenger.com deleted successfully.
File C:\Program Files\SpiderMessenger not found.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\searchplugin folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\META-INF folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\lib folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\defaults folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\components folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}\chrome folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264} folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} folder moved successfully.
File C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\ask.uk.xml not found.
C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\conduit.xml moved successfully.
C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\fast.png moved successfully.
C:\Program Files\mozilla firefox\searchplugins\fast.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59994074-c06d-4a75-9768-49e5a8c21264}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ not found.
File C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}\ deleted successfully.
C:\Program Files\SGPSA\SearchAssistant.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADE49752-DBBC-43A3-9498-379A82F574BF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADE49752-DBBC-43A3-9498-379A82F574BF}\ not found.
File C:\Program Files\SpiderMessenger\SpiderMessenger.BHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.
C:\Program Files\SGPSA\BHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ deleted successfully.
File C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{59994074-c06d-4a75-9768-49e5a8c21264} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ not found.
File C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found.
File C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{59994074-C06D-4A75-9768-49E5A8C21264} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-C06D-4A75-9768-49E5A8C21264}\ not found.
File C:\Program Files\Messenger_Plus_Live_France\tbMes1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\FBSSA deleted successfully.
C:\Program Files\SGPSA\ie3sh.exe moved successfully.
C:\Users\Hamza\AppData\Local\82046790.exe moved successfully.
C:\Windows\System32\w32apiw.dll moved successfully.
C:\Users\Hamza\AppData\Roaming\EoRezo\eoStats folder moved successfully.
C:\Users\Hamza\AppData\Roaming\EoRezo\eoDesktop folder moved successfully.
C:\Users\Hamza\AppData\Roaming\EoRezo\db folder moved successfully.
C:\Users\Hamza\AppData\Roaming\EoRezo folder moved successfully.
C:\dwl.dat moved successfully.
C:\httpdwl.dat moved successfully.
C:\rtsr_eml_sr.dat moved successfully.
Folder C:\Program Files\Ask Search Assistant\ not found.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\Program Files\Fast Browser Search\IE folder moved successfully.
C:\Program Files\Fast Browser Search folder moved successfully.
C:\Program Files\Search Guard Plus folder moved successfully.
C:\Program Files\Search Guard PlusU\Tmp folder moved successfully.
C:\Program Files\Search Guard PlusU\Office Pro Plus 2007 Fr folder moved successfully.
C:\Program Files\Search Guard PlusU folder moved successfully.
C:\Program Files\SGPSA folder moved successfully.
Folder C:\Program Files\SpiderMessenger\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Hamza
->Flash cache emptied: 667 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Hamza
->Temp folder emptied: 858187 bytes
->Temporary Internet Files folder emptied: 1171312 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30546231 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 110048 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31,00 mb


OTL by OldTimer - Version 3.2.15.1 log created on 10122010_215032

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMar 12 Oct 2010 - 22:08

Re,


Relance OTL, puis clique sur Analyse rapide. Poste le rapport s'il te plait.


Clique ici pour télécharger Gmer sur ton bureau.

  • Ferme tous tes programmes et déconnecte toi d'internet.
  • Désactive tes logiciels de sécurité (antivirus, antispyware, etc).

  • Décompresse le fichier téléchargé sur ton bureau et double clique sur Gmer.exe pour le lancer.
    • Utilisateur de Vista : effectue un clic droit sur gmer.exe et sélectionne "Exécuter en tant qu'administrateur".

  • Gmer peut te demander de lancer un scan, clique sur No. Clique sur l'onglet Rootkit/Malware.
  • Sur la droite, vérifie que les cases suivantes soient décochées :
    • IAT/EAT
    • Show All

  • Clique sur le bouton Scan.
    • Laisse Gmer travailler et ne touche plus à ton ordinateur.
    • Patiente car le scan peut être long.

  • A la fin du scan, clique sur le bouton Save... pour enregistrer le rapport sur le bureau sous le nom "gmer.txt" puis copie/colle son contenu ici.
  • Quitte Gmer et réactive tes logiciels de sécurité.

Attention à ne rien tenter par toi même !!
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMar 12 Oct 2010 - 22:15

Re

Quand tu dit que le scan peut etre long c'est combien de temps ?!
et quand tu dit deconnecte toi d'internet je coupe la wifi carement ?!
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMar 12 Oct 2010 - 22:21

OTL logfile created on: 12/10/2010 22:12:54 - Run 2
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Hamza\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 115,68 Gb Free Space | 51,90% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Computer Name: PC-DE-HAMZA | User Name: Hamza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/12 12:05:57 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Hamza\Downloads\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/13 17:28:00 | 002,285,637 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2010/04/05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010/03/23 09:50:12 | 000,632,464 | ---- | M] (Secure Digital Services) -- C:\Program Files\OfferBox\OfferBox.exe
PRC - [2009/11/16 19:55:42 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2009/11/16 19:55:41 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/11/16 19:55:41 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2009/10/18 12:54:52 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/21 02:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
PRC - [2008/05/14 22:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/05/14 02:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/05/12 15:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/05/08 02:34:10 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008/05/02 22:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008/05/02 22:17:02 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008/04/18 15:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/18 15:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/04 17:10:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/03/31 23:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008/03/25 13:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2008/03/15 01:50:59 | 000,233,472 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/12/11 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/10/19 09:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/05/16 01:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/16 01:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/16 01:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/12 12:05:57 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Hamza\Downloads\OTL.exe
MOD - [2009/10/18 12:51:51 | 000,155,648 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_fragments.m32
MOD - [2009/10/18 12:51:51 | 000,143,360 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll
MOD - [2009/10/18 12:51:51 | 000,106,496 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_extra.m32
MOD - [2009/10/18 12:51:51 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_registry.m32
MOD - [2009/10/18 12:51:51 | 000,077,824 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_base.m32
MOD - [2009/10/18 12:51:51 | 000,073,728 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_net.m32
MOD - [2008/05/21 02:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2008/01/21 04:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/21 04:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/16 19:55:41 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/10/23 13:05:01 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/10/18 12:54:52 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/10/18 12:54:15 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/09/23 15:50:28 | 000,238,960 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2008/07/17 13:06:56 | 000,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2008/05/21 02:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/05/21 02:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll -- (ASChannel)
SRV - [2008/05/14 22:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/05/14 02:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/05/12 15:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/05/02 22:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008/04/18 15:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008/04/08 14:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/12/11 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/19 09:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/05/16 01:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009/10/18 12:54:51 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/10/18 12:54:51 | 000,104,456 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2009/10/18 12:54:50 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/10/18 12:54:37 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - [2009/10/18 12:54:18 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2009/10/18 12:54:17 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/10/18 12:54:17 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/10/18 12:54:15 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/09/23 15:53:20 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2008/05/14 02:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/05/14 02:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/05/14 02:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/05/14 02:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/08 14:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 08:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Pilote de carte Intel(R)
DRV - [2008/04/15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/04/14 23:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/11 16:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/10 17:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/04/07 20:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/04/07 20:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/03/27 21:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/14 08:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/02/29 18:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 04:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/21 04:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 04:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 04:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/21 04:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 04:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 04:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/17 23:28:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/06/19 02:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/16 19:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/25 10:29:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/25 10:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/10/18 12:45:16 | 000,000,000 | ---D | M]

[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions
[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/12 22:01:12 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions
[2009/10/22 12:45:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/12 22:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2010/10/12 22:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/10/18 14:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/15 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\fdm_ffext@freedownloadmanager.org
[2010/09/05 16:43:17 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
[2010/04/15 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@waltershop.com
[2010/09/05 16:43:32 | 000,002,247 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\alot-search.xml
[2010/04/15 11:29:38 | 000,002,321 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\durable.xml
[2010/10/12 22:01:15 | 000,005,413 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
[2010/08/23 11:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/08/23 11:29:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/11/16 19:55:42 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/08/24 21:21:51 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/08/24 21:21:51 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/08/24 21:21:51 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/08/24 21:21:51 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/08/24 21:21:51 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [CognizanceTS] c:\Programmes\Hewlett-Packard\IAM\Bin\ASTSVCC.dll File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OfferBox] C:\Program Files\OfferBox\OfferBox.exe (Secure Digital Services)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O4 - HKCU..\Run: [SpiderMessenger] File not found
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/12 21:50:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/11 22:23:08 | 000,000,000 | ---D | C] -- C:\Users\Hamza\AppData\Roaming\Malwarebytes
[2010/10/11 22:22:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/10/11 22:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/11 22:22:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/10/11 22:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 21:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/10/11 21:38:59 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/11 21:34:59 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\Nouveau dossier (2)
[2010/10/03 19:16:21 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\sder !
[2010/10/02 09:52:39 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/09/30 18:46:31 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\house
[2010/09/29 22:38:22 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\fiançaille Bou3lam
[2010/09/29 14:30:05 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Documents\Any Audio Converter
[2010/09/29 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\Hamza\AppData\Roaming\AnvSoft
[2010/09/29 14:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/09/25 10:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/25 10:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/25 10:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/25 10:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/13 22:56:44 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\Présentation générale
[2010/09/12 23:39:24 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\My photos
[2010/09/12 23:38:14 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\Nouveau dossier
[2010/09/12 23:29:10 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\fete de l'aide
[2010/08/29 10:57:45 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/08/27 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\les prémurs posés à partir du R+1
[2010/08/27 15:42:02 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\isolation par l'exterieur
[2010/08/27 15:41:19 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\l'aspect esthétique de la façade
[2010/08/23 11:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/18 18:33:45 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\windows\System32\agremove.exe
[2009/10/18 12:11:33 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009/10/18 12:11:32 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 90 Days ==========

[2010/10/12 22:11:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/10/12 21:54:30 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/12 21:54:09 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/12 21:54:09 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/12 21:53:55 | 2139,414,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/12 21:41:39 | 000,001,054 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/12 12:26:28 | 000,081,984 | ---- | M] () -- C:\windows\System32\bdod.bin
[2010/10/11 22:22:23 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 21:08:21 | 000,064,033 | ---- | M] () -- C:\Users\Hamza\Desktop\RogueKiller(2).exe
[2010/10/10 13:59:47 | 000,002,617 | ---- | M] () -- C:\Users\Hamza\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010/10/10 12:19:24 | 000,042,496 | ---- | M] () -- C:\Users\Hamza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/05 21:41:08 | 000,717,914 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2010/10/05 21:41:08 | 000,629,724 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/10/05 21:41:08 | 000,145,622 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2010/10/05 21:41:08 | 000,119,088 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/10/03 21:58:13 | 000,029,184 | ---- | M] () -- C:\Users\Hamza\Desktop\Classeur1.xls
[2010/09/29 14:29:57 | 000,000,939 | ---- | M] () -- C:\Users\Hamza\Desktop\Any Audio Converter.lnk
[2010/09/29 14:29:09 | 000,006,944 | ---- | M] () -- C:\Users\Hamza\AppData\Local\d3d9caps.dat
[2010/09/28 17:14:02 | 000,028,672 | ---- | M] () -- C:\Users\Hamza\Desktop\projet oral.doc
[2010/09/25 18:00:22 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/25 10:44:40 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/25 10:29:04 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/25 10:12:45 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/09/25 10:12:45 | 000,001,854 | ---- | M] () -- C:\Users\Hamza\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/24 20:42:02 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/09/18 12:10:04 | 317,971,643 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/09/14 17:23:00 | 000,072,960 | ---- | M] () -- C:\Users\Hamza\Documents\LES TERRASSES.dwg
[2010/09/14 16:39:33 | 000,076,544 | ---- | M] () -- C:\Users\Hamza\Documents\LES TERRASSES.bak
[2010/09/12 22:02:06 | 000,027,028 | ---- | M] () -- C:\Users\Hamza\Documents\Organigramme SDER.xlsx
[2010/09/12 20:38:34 | 000,002,687 | ---- | M] () -- C:\Users\Hamza\Desktop\Microsoft Office Word 2007.lnk
[2010/09/12 20:36:59 | 000,002,641 | ---- | M] () -- C:\Users\Hamza\Desktop\Microsoft Office Excel 2007.lnk
[2010/09/12 18:03:29 | 000,831,597 | ---- | M] () -- C:\Users\Hamza\Documents\rapport d'activités.docx
[2010/09/11 22:01:11 | 000,000,298 | ---- | M] () -- C:\windows\System32\BDUpdateV1.xml
[2010/09/09 21:58:32 | 003,347,483 | ---- | M] () -- C:\Users\Hamza\Documents\Rapport de stage 'CARRE BRUN'.docx
[2010/09/01 13:13:24 | 019,657,194 | ---- | M] () -- C:\Users\Hamza\Documents\vlc-1.1.4-win32.exe
[2010/08/29 13:22:32 | 001,104,224 | ---- | M] () -- C:\Users\Hamza\Desktop\Rapport de stage(2).pdf
[2010/08/23 03:00:50 | 000,000,484 | ---- | M] () -- C:\Users\Hamza\Desktop\chouaib paris.lnk
[2010/08/12 23:56:44 | 005,015,248 | ---- | M] () -- C:\Users\Hamza\Documents\P1010532.JPG
[2010/08/12 23:55:31 | 004,728,691 | ---- | M] () -- C:\Users\Hamza\Documents\P1010528.JPG
[2010/08/12 23:55:17 | 004,595,672 | ---- | M] () -- C:\Users\Hamza\Documents\P1010540.JPG
[2010/08/12 23:54:22 | 003,893,124 | ---- | M] () -- C:\Users\Hamza\Documents\P1010536.JPG
[2010/08/12 14:09:31 | 000,490,544 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/07/18 18:34:07 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\agremove.exe

========== Files Created - No Company Name ==========

[2010/10/11 22:22:23 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 22:07:05 | 2139,414,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/11 21:08:20 | 000,064,033 | ---- | C] () -- C:\Users\Hamza\Desktop\RogueKiller(2).exe
[2010/09/29 22:37:35 | 000,029,184 | ---- | C] () -- C:\Users\Hamza\Desktop\Classeur1.xls
[2010/09/29 22:37:01 | 000,028,672 | ---- | C] () -- C:\Users\Hamza\Desktop\projet oral.doc
[2010/09/29 14:29:57 | 000,000,939 | ---- | C] () -- C:\Users\Hamza\Desktop\Any Audio Converter.lnk
[2010/09/25 18:00:22 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/25 10:44:40 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/25 10:29:04 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/18 12:08:17 | 317,971,643 | ---- | C] () -- C:\windows\MEMORY.DMP
[2010/09/14 17:23:00 | 000,076,544 | ---- | C] () -- C:\Users\Hamza\Documents\LES TERRASSES.bak
[2010/09/14 16:39:33 | 000,072,960 | ---- | C] () -- C:\Users\Hamza\Documents\LES TERRASSES.dwg
[2010/09/14 08:08:39 | 000,000,000 | ---- | C] () -- C:\Users\Hamza\AppData\Local\FnF4.txt
[2010/09/12 22:01:55 | 000,027,028 | ---- | C] () -- C:\Users\Hamza\Documents\Organigramme SDER.xlsx
[2010/09/11 23:48:08 | 000,831,597 | ---- | C] () -- C:\Users\Hamza\Documents\rapport d'activités.docx
[2010/09/01 13:12:55 | 019,657,194 | ---- | C] () -- C:\Users\Hamza\Documents\vlc-1.1.4-win32.exe
[2010/08/29 15:51:33 | 003,347,483 | ---- | C] () -- C:\Users\Hamza\Documents\Rapport de stage 'CARRE BRUN'.docx
[2010/08/29 13:22:32 | 001,104,224 | ---- | C] () -- C:\Users\Hamza\Desktop\Rapport de stage(2).pdf
[2010/08/12 23:22:02 | 003,893,124 | ---- | C] () -- C:\Users\Hamza\Documents\P1010536.JPG
[2010/08/12 23:21:51 | 005,015,248 | ---- | C] () -- C:\Users\Hamza\Documents\P1010532.JPG
[2010/08/12 23:21:38 | 004,728,691 | ---- | C] () -- C:\Users\Hamza\Documents\P1010528.JPG
[2010/08/12 23:21:20 | 004,595,672 | ---- | C] () -- C:\Users\Hamza\Documents\P1010540.JPG
[2009/11/28 15:09:48 | 000,006,944 | ---- | C] () -- C:\Users\Hamza\AppData\Local\d3d9caps.dat
[2009/10/23 13:34:11 | 000,042,496 | ---- | C] () -- C:\Users\Hamza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/18 18:37:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/18 12:15:53 | 000,000,000 | ---- | C] () -- C:\Users\Hamza\AppData\Local\QSwitch.txt
[2009/10/18 12:15:53 | 000,000,000 | ---- | C] () -- C:\Users\Hamza\AppData\Local\DSwitch.txt
[2009/10/18 12:15:53 | 000,000,000 | ---- | C] () -- C:\Users\Hamza\AppData\Local\AtStart.txt
[2009/10/18 12:11:32 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009/10/18 12:11:32 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009/10/18 12:11:32 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008/06/17 06:07:59 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008/06/17 06:07:59 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008/06/17 06:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008/06/17 06:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008/06/17 06:07:59 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008/06/17 06:07:59 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008/06/17 05:49:59 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008/05/14 02:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008/05/08 11:14:24 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2008/04/23 18:34:48 | 000,192,512 | ---- | C] () -- C:\windows\System32\txmlutil.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\windows\System32\xreglib.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005/04/04 00:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[1998/05/07 05:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

========== LOP Check ==========

[2010/09/29 14:29:41 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\AnvSoft
[2009/10/30 23:08:25 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Autodesk
[2009/10/18 12:45:30 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\BitDefender
[2010/02/27 11:32:02 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\InterVideo
[2010/10/08 23:05:07 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\LimeWire
[2009/11/21 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\nCleaner
[2010/10/10 18:02:52 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\OfferBox
[2010/10/12 21:58:26 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Software Informer
[2010/04/15 10:31:33 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\widestream
[2010/10/12 21:52:44 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMar 12 Oct 2010 - 22:22

Le scan peut durer 3h ^^ fais ça plutôt demain Wink
Par couper internet, je veux dire fermer le navigateur. En fait, une fois que Gmer est lancé, ne touche plus à rien.

Bonne soirée
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMar 12 Oct 2010 - 22:38

Bon ben dans ce cas je le ferais demain apres midi

merci pour ton aide =D


merci et bonne soirée a toi aussi

a demain =D
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMar 12 Oct 2010 - 22:48

Alors au lit, bonne nuit =)
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMer 13 Oct 2010 - 17:16

Oui merci je suis passer au lit juste apres =D


Je peux lancer GMER en mode sans échec ?!! parce que a chaque fois que je le lance soit il m'affiche un message juste après le lancement disant qu'il a eu un problème soit quand je demande de me l'ouvrir il y a une page blanche sans rien d'afficher et l'ordinateur ne repond plus a rien
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMer 13 Oct 2010 - 19:14

Salut

Oui, tu peux le lancer en mode sans échec.
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMer 13 Oct 2010 - 19:15

parceque la je lai lancer et c une page blanche qui est afficher alors qu'il scan ...
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMer 13 Oct 2010 - 20:31

je n'arrive pas du tout a arriver au rapport avec GMER

il s'arrête toujours a un moment soit une page bleu d'erreur s'affiche et donc redémarrage de l'ordinateur soit un message d'erreur qui dit que GMER a cessé de fonctionner
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMer 13 Oct 2010 - 21:47

Re,


Essayons ceci à la place :

Télécharge RootRepeal en cliquant sur un des liens ci dessous et sauvegarde le sur ton bureau :

Lien 1
Lien 2


[*]Double clique sur RootRepeal pour le lancer
Vista : clique droit sur l'icône > lancer en tant qu'administrateur

[*]Clique sur l'onglet Report (en bas)
[*]Clique sur le bouton scan
[*]coche :

*Drivers
*Files
*Processes
*SSDT
*Stealth Objects
*Hidden Services
*Shadow SSDT


[*]Clique sur le bouton OK.
[*]Fenêtre suivante, sélectionne tous tes lecteurs. Clique sur OK pour lancer le scan.
Patiente le temps du scan et ne touche plus à rien

[*]A la fin, clique sur le bouton Save Report et sauvegarde le sur le bureau.

Quitte le programme
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMer 13 Oct 2010 - 22:06

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/10/13 22:04
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: 2f77710e.sys
Image Path: C:\windows\System32\Drivers\2f77710e.sys
Address: 0xA3B77000 Size: 163840 File Visible: No Signed: -
Status: -

Name: dump_iaStor.sys
Image Path: C:\windows\System32\Drivers\dump_iaStor.sys
Address: 0x93C9A000 Size: 843776 File Visible: No Signed: -
Status: -

Name: dump_SbHiber.sys
Image Path: C:\windows\System32\Drivers\dump_SbHiber.sys
Address: 0x93D68000 Size: 4096 File Visible: No Signed: -
Status: -

Name: e1f45909.sys
Image Path: C:\windows\System32\Drivers\e1f45909.sys
Address: 0xB0603000 Size: 1110016 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xB0712000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1500 Status: Locked to the Windows API!

SSDT
-------------------
#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xa3b36c90

#: 201 Function Name: NtOpenThread
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xa3b36d7e

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xa3b36bf4

#: 335 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys" at address 0xa3b36ec4

Stealth Objects
-------------------
Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 3048) Address: 0x67db0000 Size: 20480

==EOF==
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMer 13 Oct 2010 - 22:06

je pense qu'il faut que je désactive mon antivirus
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeJeu 14 Oct 2010 - 22:10

Bonsoir M3ri3m


Désolé pour le temps de réponse, du boulot.



Clique ici pour télécharger SystemLook (de jpshortstuff) sur ton bureau (autre lien)

  • Double clique sur SystemLook pour le lancer
  • Copie le texte qui se trouve dans l'encadré ci-dessous et colle le dans la fenêtre de texte de SystemLook.

Citation :
:file
C:\windows\System32\Drivers\2f77710e.sys
C:\windows\System32\Drivers\e1f45909.sys
  • Clique sur le bouton Look pour lancer le scan
  • A la fin, poste le rapport qui apparaitra dans le bloc note (le rapport se trouve aussi ici sur ton bureau sous le nom SystemLook.txt

Note: Le scan peut être plus ou moins long.




Relance OTL

  • Dans le cadre Personnalisation qui est en bas, colle le contenu du cadre ci dessous :


Citation :
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
[2010/10/12 22:00:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2010/10/12 22:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/09/05 16:43:17 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
[2010/09/05 16:43:32 | 000,002,247 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\alot-search.xml
[2010/10/12 22:01:15 | 000,005,413 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
O4 - HKCU..\Run: [SpiderMessenger] File not found

:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
    Puis clique sur le bouton Correction en haut.
  • Laisse OTL tourner, le pc va redémarrer.
  • Au redémarrage, un nouveau rapport va s'ouvrir, copie/colle son contenu ici svp





Clique ici pour télécharger AD-Remover sur ton bureau.

/!\ Déconnecte-toi et ferme toutes les applications en cours /!\
  • Double-clique sur Ad-R.exe sur ton Bureau.
    Utilisateur de Vista/Seven : clique droit sur l'icône puis sélectionne "Exécuter en tant qu'administrateur"
  • Au menu principal, choisis l'option "Scanner".
    Patiente quelques instants le temps du scan.


Poste le rapport qui apparaît à la fin. (aussi sauvegardé sous C: )

Une aide en image ici


Bonne soirée =)
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeVen 15 Oct 2010 - 17:34

Coucou

j'ai du lui rendre son ordinateur car il en a besoin pour finir un rapport de stage pour la semaine prochaine

je récupère l'ordinateur des que possible je te tien au courant en écrivant sur ce sujet ..

Merci beaucoup sa m'a vraiment aider
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeVen 15 Oct 2010 - 20:49

Salut m3ri3m

Ok ça marche.

Bonne soirée
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 17 Oct 2010 - 15:49

Salut

j'ai récupère l'ordinateur je fait ce que tu ma demander voila le scan qui a était très rapide ( bizarre)


SystemLook 04.09.10 by jpshortstuff
Log created at 15:48 on 17/10/2010 by Hamza
Administrator - Elevation successful

========== file ==========

C:\windows\System32\Drivers\2f77710e.sys - Unable to find/read file.

C:\windows\System32\Drivers\e1f45909.sys - Unable to find/read file.

-= EOF =-
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 17 Oct 2010 - 16:24

Salut

Ok, reste plus que les deux autres rapports.
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 17 Oct 2010 - 16:51

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264} folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com\META-INF folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com\gen folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com\defaults\preferences folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com\defaults folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com\components folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com\chrome folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com folder moved successfully.
C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\alot-search.xml moved successfully.
C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpiderMessenger not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Hamza
->Flash cache emptied: 17524 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: Hamza
->Temp folder emptied: 489437220 bytes
->Temporary Internet Files folder emptied: 15933513 bytes
->Java cache emptied: 8406 bytes
->FireFox cache emptied: 100898681 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 512763 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 579,00 mb


OTL by OldTimer - Version 3.2.15.1 log created on 10172010_155118

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 17 Oct 2010 - 17:12

======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 16/09/10 à 13:30
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 16:53:01 le 17/10/2010, Mode normal

Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1 (X86)
Hamza@PC-DE-HAMZA (Hewlett-Packard HP Compaq 6830s)

============== RECHERCHE ==============


0,Fichier trouvé: C:\Users\Public\MyWebTattoo.exe
0,Dossier trouvé: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\alot-toolbar
0,Dossier trouvé: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
0,Fichier trouvé: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\prefs.js.ask.bak
0,Fichier trouvé: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
0,Dossier trouvé: C:\Users\Hamza\AppData\LocalLow\Conduit
0,Dossier trouvé: C:\Users\Hamza\AppData\Local\EoRezo
0,Dossier trouvé: C:\Users\Hamza\AppData\LocalLow\PriceGong

1,Clé trouvée: HKLM\Software\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
1,Clé trouvée: HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
1,Clé trouvée: HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
1,Clé trouvée: HKLM\Software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
0,Clé trouvée: HKLM\Software\Classes\EoEngineBHO.EOBHO
0,Clé trouvée: HKLM\Software\Classes\EoEngineBHO.EOBHO.1
0,Clé trouvée: HKLM\Software\Classes\EoRezoBHO.EoBHO
0,Clé trouvée: HKLM\Software\Classes\EoRezoBHO.EoBHO.1
0,Clé trouvée: HKLM\Software\Classes\Toolbar.CT2567681
0,Clé trouvée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
1,Clé trouvée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
0,Clé trouvée: HKLM\Software\Classes\AppID\EoRezoBHO.DLL
1,Clé trouvée: HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
0,Clé trouvée: HKLM\Software\Conduit
0,Clé trouvée: HKLM\Software\EoRezo
0,Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
0,Clé trouvée: HKCU\Software\AppDataLow\Software\PriceGong
3,Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
3,Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
3,Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
3,Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE3C047B-8CE2-42fb-8D9F-9CFCE012D6FE}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.5.5 (fr)] **

========================================

** Internet Explorer Version [7.0.6001.18000] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
Default_Search_URL: hxxp://www.durable.com/recherche
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search Page: hxxp://www.durable.com/recherche
Show_ToolBar: yes
Start Page:
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search Page: hxxp://www.durable.com/recherche
Start Page: hxxp://www.durable.com/recherche
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 17/10/2010 (4075 Octet(s))

Fin à: 17:06:42, 17/10/2010

============== E.O.F ==============
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 17 Oct 2010 - 18:00

/!\ Déconnecte-toi et ferme toutes les applications en cours /!\
  • Double-clique sur Ad-R.exe sur ton Bureau.
    Utilisateur de Vista/Seven : clique droit sur l'icône puis sélectionne "Exécuter en tant qu'administrateur"
  • Au menu principal, choisis l'option "Nettoyer".
    Patiente quelques instants le temps du nettoyage.


Poste le rapport qui apparaît à la fin. (aussi sauvegardé sous C: )

Une aide en image ici
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 17 Oct 2010 - 18:57

======= RAPPORT D'AD-REMOVER 2.0.0.1,F | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 16/09/10 à 13:30
Contact: AdRemover.contact[AT]gmail.com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 18:29:32 le 17/10/2010, Mode normal

Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1 (X86)
Hamza@PC-DE-HAMZA (Hewlett-Packard HP Compaq 6830s)

============== ACTION(S) ==============


0,Fichier supprimé: C:\Users\Public\MyWebTattoo.exe
0,Dossier supprimé: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\alot-toolbar
0,Dossier supprimé: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
0,Fichier supprimé: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\prefs.js.ask.bak
0,Fichier supprimé: C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
0,Dossier supprimé: C:\Users\Hamza\AppData\LocalLow\Conduit
0,Dossier supprimé: C:\Users\Hamza\AppData\Local\EoRezo
0,Dossier supprimé: C:\Users\Hamza\AppData\LocalLow\PriceGong

(!) -- Fichiers temporaires supprimés.


1,Clé supprimée: HKLM\Software\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
1,Clé supprimée: HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
0,Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO
0,Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO.1
0,Clé supprimée: HKLM\Software\Classes\EoRezoBHO.EoBHO
0,Clé supprimée: HKLM\Software\Classes\EoRezoBHO.EoBHO.1
0,Clé supprimée: HKLM\Software\Classes\Toolbar.CT2567681
0,Clé supprimée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
1,Clé supprimée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
0,Clé supprimée: HKLM\Software\Classes\AppID\EoRezoBHO.DLL
1,Clé supprimée: HKLM\Software\Classes\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
0,Clé supprimée: HKLM\Software\Conduit
0,Clé supprimée: HKLM\Software\EoRezo
0,Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
0,Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{19F2B849-4ADE-4d4b-85F9-C31C643DBDE9}
3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
3,Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
3,Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE3C047B-8CE2-42fb-8D9F-9CFCE012D6FE}


============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [3.5.5 (fr)] **

========================================

** Internet Explorer Version [7.0.6001.18000] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 46 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 17/10/2010 (4254 Octet(s))
C:\Ad-Report-SCAN[1].txt - 17/10/2010 (4204 Octet(s))

Fin à: 18:41:42, 17/10/2010

============== E.O.F ==============
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 17 Oct 2010 - 19:38

Re,


Comment se comporte le pc ?
Est ce que tu as des fenêtres de pubs Offerbox qui s'ouvrent ?

Relance OTL, clique sur "Analyse rapide" et poste le rapport s'il te plait.
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeDim 17 Oct 2010 - 20:24

jai pas de fenetre de pub pour le moment

mon cousin a remarqué que l'ordinateur n'arrêtais pas d'afficher des page bleu et apres il redemaré


OTL logfile created on: 17/10/2010 20:13:26 - Run 3
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Hamza\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 118,33 Gb Free Space | 53,09% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Computer Name: PC-DE-HAMZA | User Name: Hamza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2010/10/12 12:05:57 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Hamza\Downloads\OTL.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/13 17:28:00 | 002,285,637 | ---- | M] (Informer Technologies, Inc.) -- C:\Program Files\Software Informer\softinfo.exe
PRC - [2010/03/23 09:50:12 | 000,632,464 | ---- | M] (Secure Digital Services) -- C:\Program Files\OfferBox\OfferBox.exe
PRC - [2009/11/16 19:55:42 | 000,442,368 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
PRC - [2009/11/16 19:55:41 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
PRC - [2009/11/16 19:55:41 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
PRC - [2009/10/18 12:54:52 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/21 02:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
PRC - [2008/05/14 22:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/05/14 02:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/05/12 15:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/05/08 02:34:10 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008/05/02 22:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008/05/02 22:17:02 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008/04/18 15:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2008/04/18 15:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/04 17:10:24 | 001,314,816 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/03/31 23:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008/03/25 13:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2008/03/15 01:50:59 | 000,233,472 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2007/12/11 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/10/19 09:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/05/16 01:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/16 01:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/16 01:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/12 12:05:57 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Hamza\Downloads\OTL.exe
MOD - [2010/08/31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2009/10/18 12:51:51 | 000,155,648 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_fragments.m32
MOD - [2009/10/18 12:51:51 | 000,143,360 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\midas32.dll
MOD - [2009/10/18 12:51:51 | 000,106,496 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_extra.m32
MOD - [2009/10/18 12:51:51 | 000,098,304 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_registry.m32
MOD - [2009/10/18 12:51:51 | 000,077,824 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_base.m32
MOD - [2009/10/18 12:51:51 | 000,073,728 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_17\plugin_net.m32
MOD - [2008/05/21 02:42:30 | 000,081,680 | ---- | M] (Bioscrypt Inc.) -- C:\Windows\System32\APSHook.dll
MOD - [2008/01/21 04:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/11/16 19:55:41 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
SRV - [2009/10/23 13:05:01 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/10/18 12:54:52 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/10/18 12:54:15 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/09/23 15:50:28 | 000,238,960 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2008/07/17 13:06:56 | 000,118,784 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3)
SRV - [2008/05/21 02:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/05/21 02:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll -- (ASChannel)
SRV - [2008/05/14 22:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/05/14 02:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/05/12 15:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/05/02 22:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008/04/18 15:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008/04/08 14:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/12/11 14:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/19 09:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/05/16 01:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007/01/05 04:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009/10/18 12:54:51 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/10/18 12:54:51 | 000,104,456 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2009/10/18 12:54:50 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/10/18 12:54:37 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
DRV - [2009/10/18 12:54:18 | 000,082,696 | ---- | M] (BitDefender S.R.L.) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys -- (BDVEDISK)
DRV - [2009/10/18 12:54:17 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/10/18 12:54:17 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/10/18 12:54:15 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/09/23 15:53:20 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2008/05/14 02:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/05/14 02:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/05/14 02:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/05/14 02:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/05/08 14:01:44 | 003,552,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 08:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Pilote de carte Intel(R)
DRV - [2008/04/15 19:53:44 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008/04/14 23:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/11 16:38:44 | 000,382,464 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008/04/10 17:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/04/07 20:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/04/07 20:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/03/27 21:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/14 08:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/02/29 18:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/01/21 04:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/21 04:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 04:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 04:32:44 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/21 04:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 04:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 04:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/17 23:28:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/06/19 02:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={15165C56-58B9-16CE-1E29-63553529985D}&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/16 19:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/25 10:29:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/25 10:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/10/18 12:45:16 | 000,000,000 | ---D | M]

[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions
[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/17 18:55:18 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions
[2009/10/22 12:45:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/17 16:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2010/10/17 16:49:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/10/18 14:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/15 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\fdm_ffext@freedownloadmanager.org
[2010/10/17 18:55:18 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
[2010/04/15 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@waltershop.com
[2010/04/15 11:29:38 | 000,002,321 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\durable.xml
[2010/10/17 18:55:26 | 000,005,413 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
[2010/08/23 11:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/08/23 11:29:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/11/16 19:55:42 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/08/24 21:21:51 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/08/24 21:21:51 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/08/24 21:21:51 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/08/24 21:21:51 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/08/24 21:21:51 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [CognizanceTS] c:\Programmes\Hewlett-Packard\IAM\Bin\ASTSVCC.dll File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OfferBox] C:\Program Files\OfferBox\OfferBox.exe (Secure Digital Services)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 16:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
[2010/10/17 15:06:25 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\les poutres CEP pour le clavetage
[2010/10/17 15:06:07 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\pregression du linéaire des voile + surface de dalle
[2010/10/13 17:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/10/12 21:50:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/11 22:23:08 | 000,000,000 | ---D | C] -- C:\Users\Hamza\AppData\Roaming\Malwarebytes
[2010/10/11 22:22:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/10/11 22:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/11 22:22:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/10/11 22:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/11 21:38:59 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/10/11 21:38:59 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/11 21:34:59 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\Nouveau dossier (2)
[2010/10/03 19:16:21 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\sder !
[2010/10/02 09:52:39 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/09/30 18:46:31 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\house
[2010/09/29 22:38:22 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\fiançaille Bou3lam
[2010/09/29 14:30:05 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Documents\Any Audio Converter
[2010/09/29 14:29:41 | 000,000,000 | ---D | C] -- C:\Users\Hamza\AppData\Roaming\AnvSoft
[2010/09/29 14:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/09/25 10:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/25 10:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/25 10:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/25 10:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/13 22:56:44 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\Présentation générale
[2010/09/12 23:39:24 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\My photos
[2010/09/12 23:38:14 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\Nouveau dossier
[2010/09/12 23:29:10 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\fete de l'aide
[2010/08/29 10:57:45 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/08/27 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\les prémurs posés à partir du R+1
[2010/08/27 15:42:02 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\isolation par l'exterieur
[2010/08/27 15:41:19 | 000,000,000 | ---D | C] -- C:\Users\Hamza\Desktop\l'aspect esthétique de la façade
[2010/08/23 11:28:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/10/18 12:11:33 | 000,180,224 | ---- | C] ( ) -- C:\windows\System32\rsnp2uvc.dll
[2009/10/18 12:11:32 | 000,176,128 | ---- | C] ( ) -- C:\windows\System32\csnp2uvc.dll

========== Files - Modified Within 90 Days ==========

[2010/10/17 20:08:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/10/17 18:44:14 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/17 18:44:00 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 18:44:00 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 18:43:40 | 2141,470,720 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 18:42:23 | 000,081,984 | ---- | M] () -- C:\windows\System32\bdod.bin
[2010/10/17 18:41:01 | 000,001,054 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/17 16:52:50 | 000,001,676 | ---- | M] () -- C:\Users\Hamza\Desktop\AD-R.lnk
[2010/10/17 15:15:18 | 000,717,914 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2010/10/17 15:15:18 | 000,629,724 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/10/17 15:15:18 | 000,145,622 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2010/10/17 15:15:18 | 000,119,088 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/10/17 00:15:14 | 000,000,450 | ---- | M] () -- C:\windows\System32\BDUpdateV1.xml
[2010/10/14 12:36:30 | 000,490,544 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/10/13 20:30:11 | 212,090,163 | ---- | M] () -- C:\windows\MEMORY.DMP
[2010/10/12 22:27:53 | 000,293,376 | ---- | M] () -- C:\Users\Hamza\Desktop\gmer.exe
[2010/10/12 22:22:09 | 000,284,915 | ---- | M] () -- C:\Users\Hamza\Desktop\gmer.zip
[2010/10/11 22:22:23 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 21:08:21 | 000,064,033 | ---- | M] () -- C:\Users\Hamza\Desktop\RogueKiller(2).exe
[2010/10/10 13:59:47 | 000,002,617 | ---- | M] () -- C:\Users\Hamza\Desktop\Microsoft Office PowerPoint 2007.lnk
[2010/10/10 12:19:24 | 000,042,496 | ---- | M] () -- C:\Users\Hamza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/03 21:58:13 | 000,029,184 | ---- | M] () -- C:\Users\Hamza\Desktop\Classeur1.xls
[2010/09/29 14:29:57 | 000,000,939 | ---- | M] () -- C:\Users\Hamza\Desktop\Any Audio Converter.lnk
[2010/09/29 14:29:09 | 000,006,944 | ---- | M] () -- C:\Users\Hamza\AppData\Local\d3d9caps.dat
[2010/09/28 17:14:02 | 000,028,672 | ---- | M] () -- C:\Users\Hamza\Desktop\projet oral.doc
[2010/09/25 18:00:22 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/25 10:44:40 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/25 10:29:04 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/25 10:12:45 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/09/25 10:12:45 | 000,001,854 | ---- | M] () -- C:\Users\Hamza\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/09/24 20:42:02 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/09/14 17:23:00 | 000,072,960 | ---- | M] () -- C:\Users\Hamza\Documents\LES TERRASSES.dwg
[2010/09/14 16:39:33 | 000,076,544 | ---- | M] () -- C:\Users\Hamza\Documents\LES TERRASSES.bak
[2010/09/12 22:02:06 | 000,027,028 | ---- | M] () -- C:\Users\Hamza\Documents\Organigramme SDER.xlsx
[2010/09/12 20:38:34 | 000,002,687 | ---- | M] () -- C:\Users\Hamza\Desktop\Microsoft Office Word 2007.lnk
[2010/09/12 20:36:59 | 000,002,641 | ---- | M] () -- C:\Users\Hamza\Desktop\Microsoft Office Excel 2007.lnk
[2010/09/12 18:03:29 | 000,831,597 | ---- | M] () -- C:\Users\Hamza\Documents\rapport d'activités.docx
[2010/09/09 21:58:32 | 003,347,483 | ---- | M] () -- C:\Users\Hamza\Documents\Rapport de stage 'CARRE BRUN'.docx
[2010/09/01 13:13:24 | 019,657,194 | ---- | M] () -- C:\Users\Hamza\Documents\vlc-1.1.4-win32.exe
[2010/08/29 13:22:32 | 001,104,224 | ---- | M] () -- C:\Users\Hamza\Desktop\Rapport de stage(2).pdf
[2010/08/23 03:00:50 | 000,000,484 | ---- | M] () -- C:\Users\Hamza\Desktop\chouaib paris.lnk
[2010/08/12 23:56:44 | 005,015,248 | ---- | M] () -- C:\Users\Hamza\Documents\P1010532.JPG
[2010/08/12 23:55:31 | 004,728,691 | ---- | M] () -- C:\Users\Hamza\Documents\P1010528.JPG
[2010/08/12 23:55:17 | 004,595,672 | ---- | M] () -- C:\Users\Hamza\Documents\P1010540.JPG
[2010/08/12 23:54:22 | 003,893,124 | ---- | M] () -- C:\Users\Hamza\Documents\P1010536.JPG

========== Files Created - No Company Name ==========

[2010/10/17 16:52:50 | 000,001,676 | ---- | C] () -- C:\Users\Hamza\Desktop\AD-R.lnk
[2010/10/13 20:30:13 | 2141,470,720 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/12 22:22:08 | 000,284,915 | ---- | C] () -- C:\Users\Hamza\Desktop\gmer.zip
[2010/10/11 22:22:23 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/11 21:08:20 | 000,064,033 | ---- | C] () -- C:\Users\Hamza\Desktop\RogueKiller(2).exe
[2010/10/03 19:16:44 | 004,087,628 | ---- | C] () -- C:\Users\Hamza\Desktop\Plan installation de chantier ind D.pdf
[2010/09/29 22:37:35 | 000,029,184 | ---- | C] () -- C:\Users\Hamza\Desktop\Classeur1.xls
[2010/09/29 22:37:01 | 000,028,672 | ---- | C] () -- C:\Users\Hamza\Desktop\projet oral.doc
[2010/09/29 14:29:57 | 000,000,939 | ---- | C] () -- C:\Users\Hamza\Desktop\Any Audio Converter.lnk
[2010/09/25 18:00:22 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/25 10:44:40 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/25 10:29:04 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/09/18 12:08:17 | 212,090,163 | ---- | C] () -- C:\windows\MEMORY.DMP
[2010/09/14 17:23:00 | 000,076,544 | ---- | C] () -- C:\Users\Hamza\Documents\LES TERRASSES.bak
[2010/09/14 16:39:33 | 000,072,960 | ---- | C] () -- C:\Users\Hamza\Documents\LES TERRASSES.dwg
[2010/09/14 08:08:39 | 000,000,000 | ---- | C] () -- C:\Users\Hamza\AppData\Local\FnF4.txt
[2010/09/12 22:01:55 | 000,027,028 | ---- | C] () -- C:\Users\Hamza\Documents\Organigramme SDER.xlsx
[2010/09/11 23:48:08 | 000,831,597 | ---- | C] () -- C:\Users\Hamza\Documents\rapport d'activités.docx
[2010/09/01 13:12:55 | 019,657,194 | ---- | C] () -- C:\Users\Hamza\Documents\vlc-1.1.4-win32.exe
[2010/08/29 15:51:33 | 003,347,483 | ---- | C] () -- C:\Users\Hamza\Documents\Rapport de stage 'CARRE BRUN'.docx
[2010/08/29 13:22:32 | 001,104,224 | ---- | C] () -- C:\Users\Hamza\Desktop\Rapport de stage(2).pdf
[2010/08/12 23:22:02 | 003,893,124 | ---- | C] () -- C:\Users\Hamza\Documents\P1010536.JPG
[2010/08/12 23:21:51 | 005,015,248 | ---- | C] () -- C:\Users\Hamza\Documents\P1010532.JPG
[2010/08/12 23:21:38 | 004,728,691 | ---- | C] () -- C:\Users\Hamza\Documents\P1010528.JPG
[2010/08/12 23:21:20 | 004,595,672 | ---- | C] () -- C:\Users\Hamza\Documents\P1010540.JPG
[2009/11/28 15:09:48 | 000,006,944 | ---- | C] () -- C:\Users\Hamza\AppData\Local\d3d9caps.dat
[2009/10/23 13:34:11 | 000,042,496 | ---- | C] () -- C:\Users\Hamza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/18 18:37:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/18 12:15:53 | 000,000,000 | ---- | C] () -- C:\Users\Hamza\AppData\Local\QSwitch.txt
[2009/10/18 12:15:53 | 000,000,000 | ---- | C] () -- C:\Users\Hamza\AppData\Local\DSwitch.txt
[2009/10/18 12:15:53 | 000,000,000 | ---- | C] () -- C:\Users\Hamza\AppData\Local\AtStart.txt
[2009/10/18 12:11:32 | 001,804,160 | ---- | C] () -- C:\windows\System32\drivers\snp2uvc.sys
[2009/10/18 12:11:32 | 000,028,160 | ---- | C] () -- C:\windows\System32\drivers\sncduvc.sys
[2009/10/18 12:11:32 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2008/06/17 06:07:59 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2008/06/17 06:07:59 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2008/06/17 06:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2008/06/17 06:07:59 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2008/06/17 06:07:59 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2008/06/17 06:07:59 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2008/06/17 05:49:59 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
[2008/05/14 02:36:18 | 000,108,752 | ---- | C] () -- C:\windows\System32\drivers\SafeBoot.sys
[2008/05/08 11:14:24 | 000,159,744 | ---- | C] () -- C:\windows\System32\atitmmxx.dll
[2008/04/23 18:34:48 | 000,192,512 | ---- | C] () -- C:\windows\System32\txmlutil.dll
[2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\windows\System32\xreglib.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[2006/03/09 11:58:00 | 001,060,424 | ---- | C] () -- C:\windows\System32\WdfCoInstaller01000.dll
[2005/04/04 00:30:00 | 000,110,592 | ---- | C] () -- C:\windows\System32\scardsyn.dll
[1998/05/07 05:10:00 | 000,069,632 | ---- | C] () -- C:\windows\System32\ODMA32.dll

========== LOP Check ==========

[2010/09/29 14:29:41 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\AnvSoft
[2009/10/30 23:08:25 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Autodesk
[2009/10/18 12:45:30 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\BitDefender
[2010/02/27 11:32:02 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\InterVideo
[2010/10/08 23:05:07 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\LimeWire
[2009/11/21 19:28:40 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\nCleaner
[2010/10/17 08:59:37 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\OfferBox
[2010/10/17 20:08:58 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\Software Informer
[2010/04/15 10:31:33 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\widestream
[2010/10/17 18:42:15 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 18 Oct 2010 - 0:03

Re,


Tu as eu des BSOD (écran bleu) depuis que tu as récupéré le pc ? (à part quand tu as essayé d'utiliser GMER)
Il reste des choses qui semblent aimer habiter sur le pc.


Désinstalle Offerbox svp.


Relance OTL

  • Dans le cadre Correction qui est en bas, colle le contenu du cadre ci dessous :

    Citation :
    :OTL
    FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
    FF - prefs.js..browser.search.order.1: "Fast Browser Search"
    FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
    FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={15165C56-58B9-16CE-1E29-63553529985D}&q="
    [2010/10/17 16:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
    [2010/10/17 16:49:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
    [2010/10/17 18:55:26 | 000,005,413 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
    O4 - HKCU..\Run: [OfferBox] C:\Program Files\OfferBox\OfferBox.exe (Secure Digital Services)
    [2010/10/17 08:59:37 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\OfferBox

    :Files
    C:\Program Files\OfferBox

    :Commands
    [emptytemp]
    Puis clique sur le bouton Correction en haut.
  • Laisse OTL tourner, le pc va redémarrer.
  • Au redémarrage, un nouveau rapport va s'ouvrir, copie/colle son contenu ici svp
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 18 Oct 2010 - 12:16

coucou

non je n'ai pas eu d'ecran bleu depuis que j'ai récupère le pc


All processes killed
========== OTL ==========
Prefs.js: "Fast Browser Search" removed from browser.search.defaultenginename
Prefs.js: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=" removed from browser.search.defaulturl
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
Prefs.js: "Fast Browser Search" removed from browser.search.selectedEngine
Prefs.js: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={15165C56-58B9-16CE-1E29-63553529985D}&q=" removed from keyword.URL
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264} folder moved successfully.
C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB} folder moved successfully.
C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OfferBox not found.
File C:\Program Files\OfferBox\OfferBox.exe not found.
C:\Users\Hamza\AppData\Roaming\OfferBox folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files\OfferBox not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Hamza
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 315844 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38337817 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29176 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37,00 mb


OTL by OldTimer - Version 3.2.15.1 log created on 10182010_120821

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 18 Oct 2010 - 20:25

Coucou


Et concernant Security Tool, ça te semble bon ?


Relance OTL puis clique sur le bouton Aucun en haut. Ensuite coche Avec liste blanche dans le cadre en bas à gauche qui s'appelle Registre:Standard, puis clique sur Analyse.

Poste le rapport s'il te plait.
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 18 Oct 2010 - 20:54

Concernant Security Tool plus aucune trace depuis le premier scan

Je lui ai rendu son ordinateur je dois le recupére soit demain soit apres demain il en a besoin ....
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
GrosBébé
Moderateurs (trices)
Moderateurs (trices)
GrosBébé


Masculin
Nombre de messages : 6878
Age : 43
Localisation : devant le pc
Date d'inscription : 18/12/2007

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeLun 18 Oct 2010 - 21:38

Ok, et bien on attend.
Tu pourras lui demander si il a encore des écrans bleus ? Et si oui, quand est ce que ça arrive ? Merki Smile

Bonne soirée M3ri3m
Revenir en haut Aller en bas
m3ri3m
Maxibibou
Maxibibou
m3ri3m


Féminin
Nombre de messages : 760
Age : 32
Localisation : Grenoble ( 38 )
Humeur : mon avatar la traduit
Date d'inscription : 29/02/2008

[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitimeMer 20 Oct 2010 - 18:39

coucou

voila le rapport

OTL logfile created on: 20/10/2010 18:34:22 - Run 4
OTL by OldTimer - Version 3.2.15.1 Folder = C:\Users\Hamza\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 117,47 Gb Free Space | 52,70% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,65 Gb Free Space | 18,30% Space Free | Partition Type: NTFS
Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32

Computer Name: PC-DE-HAMZA | User Name: Hamza | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={E63C74BC-2601-18AC-7B57-E0D2002CCABD}&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\ [2009/11/16 19:57:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/25 10:29:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/25 10:29:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2009\tbextension\ [2009/10/18 12:45:16 | 000,000,000 | ---D | M]

[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions
[2009/11/02 19:00:01 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/20 14:23:00 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions
[2009/10/22 12:45:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/18 12:14:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{59994074-c06d-4a75-9768-49e5a8c21264}
[2010/10/18 12:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2009/10/18 14:28:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/04/15 10:07:14 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\fdm_ffext@freedownloadmanager.org
[2010/10/17 18:55:18 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@alot.com
[2010/04/15 10:48:28 | 000,000,000 | ---D | M] -- C:\Users\Hamza\AppData\Roaming\mozilla\Firefox\Profiles\6ou7z3nc.default\extensions\toolbar@waltershop.com
[2010/04/15 11:29:38 | 000,002,321 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\durable.xml
[2010/10/18 12:15:04 | 000,005,413 | ---- | M] () -- C:\Users\Hamza\AppData\Roaming\Mozilla\FireFox\Profiles\6ou7z3nc.default\searchplugins\fast-browser-search.xml
[2010/08/23 11:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/08/23 11:29:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/11/16 19:55:42 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009/08/24 21:21:51 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/08/24 21:21:51 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/08/24 21:21:51 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/08/24 21:21:51 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/08/24 21:21:51 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [CognizanceTS] c:\Programmes\Hewlett-Packard\IAM\Bin\ASTSVCC.dll File not found
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Software Informer] C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.)
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.242
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hamza\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

< End of report >
Revenir en haut Aller en bas
http://www.xx-m3ri3m-xx.skyblog.com
Contenu sponsorisé





[Fermé] Infecté par Securitytool Empty
MessageSujet: Re: [Fermé] Infecté par Securitytool   [Fermé] Infecté par Securitytool Icon_minitime

Revenir en haut Aller en bas
 
[Fermé] Infecté par Securitytool
Revenir en haut 
Page 1 sur 2Aller à la page : 1, 2  Suivant
 Sujets similaires
-
» [Fermé] XP infecté
» [fermé]Infecté ou non ?
» [Fermé] suis-je infecté ?
» [Fermé] Infecté par DR/Delphi.Gen
» [Fermé] je pense que mon pc est infecté..??

Permission de ce forum:Vous ne pouvez pas répondre aux sujets dans ce forum
Bibou le forum :: 
La sécurité
 :: Aide à la désinfection :: Sujets résolus ou anciens
-
Sauter vers: