> Tous les forums > Forum Sécurité
 Live Security Platinum aussiSujet résolu
Ajouter un message à la discussion
Pages : [1] 2 3 4 ... Fin
Page 1 sur 4 [Fin]
fonkynico
  Posté le 29/07/2012 @ 14:04 
Aller en bas de la page 
Petit astucien

Bonjour

J'ai été infecté par le sus-nommé, qui a l'air à la mode. Impulsivement, j'ai lancé Malwarebytes qui a trouvé quelques indésirables et les a supprimés et ai fait de même avec TDSSkiller. Le PC est toujours infecté. J'ai lancé un scan OTL et me permets donc de solliciter vos lumières en postant le rapport infra

Merci d'avance

OTL logfile created on: 29/07/2012 13:20:15 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\soulnico\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,97 Gb Total Physical Memory | 3,14 Gb Available Physical Memory | 79,11% Memory free
7,93 Gb Paging File | 7,05 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 94,43 Gb Free Space | 48,35% Space Free | Partition Type: NTFS
Drive E: | 488,28 Gb Total Space | 25,51 Gb Free Space | 5,23% Space Free | Partition Type: NTFS
Drive F: | 270,44 Gb Total Space | 180,78 Gb Free Space | 66,84% Space Free | Partition Type: NTFS
Drive K: | 443,23 Gb Total Space | 51,86 Gb Free Space | 11,70% Space Free | Partition Type: NTFS

Computer Name: SUPERFLY | User Name: soulnico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/07/29 12:59:44 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\soulnico\Desktop\OTL.exe
PRC - [2011/12/01 17:55:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/01 17:55:05 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/01 17:55:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/27 13:44:58 | 000,236,040 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/07/28 09:19:09 | 000,056,832 | ---- | M] () -- C:\Windows\SysWOW64\chknnify.dll
MOD - [2009/07/27 13:44:58 | 000,236,040 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/01 17:55:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/01 17:55:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012/05/14 16:21:14 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/01 17:55:27 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/12/01 17:55:27 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/06/28 18:04:40 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2011/05/13 18:26:11 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/21 21:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/27 13:44:48 | 000,392,712 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 17:35:30 | 000,438,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = -
IE - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 B1 B7 B8 EF 2D CC 01 [binary data]
IE - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://google.fr"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 10:02:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/28 10:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\soulnico\AppData\Roaming\mozilla\Extensions
[2012/07/28 09:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\soulnico\AppData\Roaming\mozilla\Firefox\Profiles\jsu9atu1.default\extensions
[2012/07/28 10:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:39:12 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2012/07/14 02:39:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:39:12 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/07/14 02:39:12 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2012/07/14 02:39:12 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/07/14 02:39:12 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/12/24 16:52:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe ()
O4 - Startup: C:\Users\soulnico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avgnt.exe - Raccourci.lnk = C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B7A5286-1A4F-4E0E-8741-595521657DA0}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{990D2379-6B08-47A1-B9FE-A9E897E31987}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{990D2379-6B08-47A1-B9FE-A9E897E31987}: NameServer = 192.168.0.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: findSTAT - (C:\Windows\system32\chknnify64.dll) - File not found
O36 - AppCertDlls: OptidVol - (C:\Windows\system32\chknnify.dll) - C:\Windows\SysWOW64\chknnify.dll ()
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^soulnico^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7ED2E4FD-E323-4A1D-0D13-CD857DFB7152} - Microsoft Windows Media Player 12.0
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/07/29 12:59:43 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\soulnico\Desktop\OTL.exe
[2012/07/28 11:20:18 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\soulnico\Desktop\tdsskiller.exe
[2012/07/28 10:12:54 | 000,000,000 | ---D | C] -- C:\Users\soulnico\Desktop\RK_Quarantine
[2012/07/28 10:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/28 10:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/28 10:00:51 | 016,946,520 | ---- | C] (Mozilla) -- C:\Users\soulnico\Desktop\Firefox Setup 14.0.1.exe
[2012/07/28 09:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFB134AD821841AAACF22F875EF60
[2012/07/28 09:19:09 | 000,063,488 | -H-- | C] (FRISK Software International) -- C:\Windows\SysNative\chknnify64.dll
[2012/07/20 14:29:29 | 000,000,000 | ---D | C] -- C:\Users\soulnico\Desktop\Gintama
[2012/07/18 15:02:27 | 000,000,000 | ---D | C] -- C:\Users\soulnico\AppData\Local\Macromedia
[2012/07/09 15:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/07/09 15:53:19 | 000,000,000 | ---D | C] -- C:\Users\soulnico\AppData\Local\Google
[2012/07/09 15:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/07 17:47:42 | 000,360,448 | ---- | C] (FLV.com) -- C:\Windows\SysWow64\TubeFinder.exe
[2012/07/07 17:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2012/07/07 17:47:41 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2012/07/07 17:47:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2012/07/07 17:47:41 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PICCLP32.OCX
[2012/07/07 17:47:40 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012/07/07 17:47:40 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2012/07/07 17:47:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
[2012/07/07 17:47:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCCLPFR.DLL
[2012/07/07 17:47:40 | 000,000,000 | ---D | C] -- C:\Users\soulnico\AppData\Roaming\FreeFLVConverter
[2012/07/07 17:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2012/07/07 14:15:47 | 000,000,000 | ---D | C] -- C:\Users\soulnico\Desktop\Pusher [1996]
[2012/07/03 21:48:13 | 000,000,000 | ---D | C] -- C:\Users\soulnico\Desktop\Apocalypse Now 2001 Redux 720p BRRip x264-HDLiTE
[2012/06/30 18:24:20 | 000,000,000 | ---D | C] -- C:\Users\soulnico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dada Life
[2012/06/29 22:50:04 | 000,000,000 | ---D | C] -- C:\Users\soulnico\Desktop\Nouveau dossier (7)
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/07/29 13:03:01 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/29 12:59:53 | 000,017,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 12:59:53 | 000,017,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 12:59:44 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\soulnico\Desktop\OTL.exe
[2012/07/29 12:52:28 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/29 12:52:11 | 3193,298,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/28 11:18:48 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\soulnico\Desktop\tdsskiller.exe
[2012/07/28 10:40:17 | 001,552,384 | ---- | M] () -- C:\Users\soulnico\Desktop\RogueKiller(1).exe
[2012/07/28 10:03:09 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/28 10:01:06 | 016,946,520 | ---- | M] (Mozilla) -- C:\Users\soulnico\Desktop\Firefox Setup 14.0.1.exe
[2012/07/28 09:44:46 | 000,187,137 | ---- | M] () -- C:\Users\soulnico\Desktop\bookmarks.html
[2012/07/28 09:40:10 | 000,005,750 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/07/28 09:29:01 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 09:19:09 | 000,063,488 | -H-- | M] (FRISK Software International) -- C:\Windows\SysNative\chknnify64.dll
[2012/07/28 09:19:09 | 000,056,832 | ---- | M] () -- C:\Windows\SysWow64\chknnify.dll
[2012/07/28 09:03:34 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/28 09:03:34 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/27 22:49:34 | 000,025,356 | ---- | M] () -- C:\Users\soulnico\Desktop\Melody_Yves_DUTEIL.jpg
[2012/07/26 19:30:19 | 000,054,988 | ---- | M] () -- C:\Users\soulnico\Desktop\560997_364693726937515_886734796_n.jpg
[2012/07/26 15:01:41 | 001,408,920 | ---- | M] () -- C:\Users\soulnico\Desktop\camera_Anne_Scratches_Dirt.jpg
[2012/07/26 12:10:06 | 000,000,600 | ---- | M] () -- C:\Users\soulnico\AppData\Roaming\winscp.rnd
[2012/07/14 09:06:24 | 000,018,400 | ---- | M] () -- C:\Users\soulnico\Desktop\523914_10151030884214630_2052162377_n.jpg
[2012/07/13 19:14:42 | 634,235,700 | ---- | M] () -- C:\Users\soulnico\Desktop\Ushuaia_Nature_07.avi
[2012/07/10 19:26:33 | 001,045,315 | ---- | M] () -- C:\Users\soulnico\Desktop\14_mjm_roctavios.mp3
[2012/07/09 15:54:06 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/08 10:29:40 | 000,059,040 | ---- | M] () -- C:\Users\soulnico\Desktop\582724_10150978456604230_1164153416_n.jpg
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/07/28 10:41:44 | 001,552,384 | ---- | C] () -- C:\Users\soulnico\Desktop\RogueKiller(1).exe
[2012/07/28 10:03:09 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/28 10:03:09 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/28 09:44:46 | 000,187,137 | ---- | C] () -- C:\Users\soulnico\Desktop\bookmarks.html
[2012/07/28 09:29:01 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 09:19:09 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\chknnify.dll
[2012/07/27 22:49:34 | 000,025,356 | ---- | C] () -- C:\Users\soulnico\Desktop\Melody_Yves_DUTEIL.jpg
[2012/07/26 19:30:18 | 000,054,988 | ---- | C] () -- C:\Users\soulnico\Desktop\560997_364693726937515_886734796_n.jpg
[2012/07/26 15:01:41 | 001,408,920 | ---- | C] () -- C:\Users\soulnico\Desktop\camera_Anne_Scratches_Dirt.jpg
[2012/07/19 20:43:44 | 000,000,600 | ---- | C] () -- C:\Users\soulnico\AppData\Roaming\winscp.rnd
[2012/07/14 09:06:24 | 000,018,400 | ---- | C] () -- C:\Users\soulnico\Desktop\523914_10151030884214630_2052162377_n.jpg
[2012/07/13 18:52:01 | 634,235,700 | ---- | C] () -- C:\Users\soulnico\Desktop\Ushuaia_Nature_07.avi
[2012/07/10 19:26:33 | 001,045,315 | ---- | C] () -- C:\Users\soulnico\Desktop\14_mjm_roctavios.mp3
[2012/07/09 15:54:06 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/09 15:53:21 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/09 15:53:21 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/08 10:29:40 | 000,059,040 | ---- | C] () -- C:\Users\soulnico\Desktop\582724_10150978456604230_1164153416_n.jpg
[2012/07/07 17:47:41 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2012/07/07 17:47:41 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2012/07/07 17:47:40 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2012/05/13 16:28:28 | 000,005,750 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/17 16:48:15 | 006,640,274 | ---- | C] () -- C:\Windows\SysWow64\Modalys_for_Arturia.dll
[2012/04/06 15:06:24 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/06 18:40:39 | 000,006,918 | ---- | C] () -- C:\Users\soulnico\AppData\Local\Temp7.html
[2012/03/06 18:40:01 | 000,001,858 | ---- | C] () -- C:\Users\soulnico\AppData\Local\Temp1.html
[2011/12/27 23:44:42 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011/12/27 23:44:42 | 000,000,224 | ---- | C] () -- C:\Users\soulnico\AppData\Roaming\msregsvv.dll
[2011/12/24 16:46:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/24 16:46:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/24 16:46:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/24 16:46:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/24 16:46:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/03 13:12:20 | 000,000,005 | ---- | C] () -- C:\Windows\mggeagjd.ini
[2011/12/01 00:36:36 | 000,001,648 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/01 00:36:35 | 000,323,910 | ---- | C] () -- C:\Windows\SysWow64\perfh009.dat
[2011/12/01 00:36:35 | 000,045,992 | ---- | C] () -- C:\Windows\SysWow64\perfc009.dat
[2011/11/18 18:23:53 | 000,000,073 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2011/11/09 08:03:39 | 000,000,122 | ---- | C] () -- C:\Windows\msmmdx9.ini
[2011/11/05 14:28:10 | 000,011,667 | ---- | C] () -- C:\Users\soulnico\prefs.js
[2011/10/11 15:16:49 | 000,000,021 | ---- | C] () -- C:\Users\soulnico\AppData\Roaming\iasna_FB9AECF7-F56E-4c47-A862-8892AA545109.dll
[2011/08/11 14:41:13 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/08/11 14:41:13 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/05 18:39:01 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011/07/05 18:38:05 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011/07/05 18:38:03 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011/07/05 18:37:52 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2011/05/27 18:23:50 | 000,000,224 | ---- | C] () -- C:\ProgramData\autobk.inc
[2011/05/21 16:39:46 | 000,000,272 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011/05/15 15:26:20 | 000,007,607 | ---- | C] () -- C:\Users\soulnico\AppData\Local\Resmon.ResmonCfg
[2011/05/14 19:50:57 | 000,691,481 | ---- | C] () -- C:\Windows\unins001.exe
[2011/05/14 19:50:57 | 000,007,317 | ---- | C] () -- C:\Windows\unins001.dat
[2011/05/14 19:27:22 | 000,684,313 | ---- | C] () -- C:\Windows\unins000.exe
[2011/05/14 19:27:22 | 000,011,946 | ---- | C] () -- C:\Windows\unins000.dat
[2011/05/14 17:34:30 | 001,532,337 | ---- | C] () -- C:\Windows\SysWow64\libfftw3-3.dll
[2011/05/14 17:34:30 | 001,487,562 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2011/05/14 17:34:30 | 001,044,721 | ---- | C] () -- C:\Windows\SysWow64\libfftw3l-3.dll
[2011/05/13 17:11:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[color=#E56717]========== LOP Check ==========[/color]

[2011/12/05 17:37:13 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Applied Acoustics Systems
[2011/05/15 11:42:20 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Audio Ease
[2011/05/13 18:27:40 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\DAEMON Tools Lite
[2012/05/20 12:17:12 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\FileZilla
[2012/07/26 12:27:50 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\foobar2000
[2012/07/07 17:47:47 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\FreeFLVConverter
[2012/05/12 14:51:59 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\FXpansion
[2011/05/28 15:11:01 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\IK Multimedia
[2012/03/10 15:49:30 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\IrfanView
[2012/07/09 18:10:26 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\iZotope
[2011/05/14 17:34:30 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Kazrog LLC
[2011/11/26 13:10:33 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Music Recognition
[2011/12/18 16:35:48 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Overloud
[2012/07/09 17:47:55 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\PACE Anti-Piracy
[2012/06/17 15:07:11 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Plugin Alliance
[2011/12/24 17:02:44 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Propellerhead Software
[2011/05/14 17:34:30 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Recabinet3Presets
[2011/05/14 12:46:56 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Steinberg
[2011/08/04 14:47:06 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Stellarium
[2011/09/20 15:12:30 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Thinstall
[2012/06/03 13:25:16 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Todae
[2011/11/18 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\URSoft
[2012/07/27 15:48:35 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\uTorrent
[2011/12/11 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Voxengo
[2011/05/17 14:34:56 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\VST3 Presets
[2011/05/14 12:53:39 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Waves Audio
[2012/05/12 13:11:21 | 000,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\services.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2012/03/25 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Adobe
[2011/07/02 19:14:46 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Apple Computer
[2011/12/05 17:37:13 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Applied Acoustics Systems
[2011/05/15 11:42:20 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Audio Ease
[2012/05/13 17:25:03 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Avira
[2011/05/13 18:27:40 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\DAEMON Tools Lite
[2012/05/20 12:17:12 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\FileZilla
[2012/07/26 12:27:50 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\foobar2000
[2012/07/07 17:47:47 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\FreeFLVConverter
[2012/05/12 14:51:59 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\FXpansion
[2011/05/01 13:33:34 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Identities
[2011/05/28 15:11:01 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\IK Multimedia
[2011/05/21 16:38:59 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\InstallShield
[2012/03/10 15:49:30 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\IrfanView
[2012/07/09 18:10:26 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\iZotope
[2011/05/14 17:34:30 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Kazrog LLC
[2011/05/13 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Macromedia
[2011/09/19 21:46:26 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Malwarebytes
[2010/11/21 08:29:40 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Media Center Programs
[2012/07/23 01:15:44 | 000,000,000 | --SD | M] -- C:\Users\soulnico\AppData\Roaming\Microsoft
[2012/07/28 10:03:17 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Mozilla
[2011/11/26 13:10:33 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Music Recognition
[2011/12/18 16:35:48 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Overloud
[2012/07/09 17:47:55 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\PACE Anti-Piracy
[2012/06/17 15:07:11 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Plugin Alliance
[2011/12/24 17:02:44 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Propellerhead Software
[2011/05/14 17:34:30 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Recabinet3Presets
[2011/05/14 12:46:56 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Steinberg
[2011/08/04 14:47:06 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Stellarium
[2011/09/20 15:12:30 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Thinstall
[2012/06/03 13:25:16 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Todae
[2011/11/18 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\URSoft
[2012/07/27 15:48:35 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\uTorrent
[2012/07/28 12:58:36 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\vlc
[2011/12/11 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Voxengo
[2011/05/17 14:34:56 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\VST3 Presets
[2011/05/14 12:53:39 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Waves Audio
[2011/05/13 18:24:54 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\WinRAR

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2012/06/09 12:42:17 | 000,087,552 | ---- | M] () -- C:\Users\soulnico\AppData\Roaming\foobar2000\user-components\foo_out_asio\ASIOhost32.exe
[2012/06/09 12:42:17 | 000,098,816 | ---- | M] () -- C:\Users\soulnico\AppData\Roaming\foobar2000\user-components\foo_out_asio\ASIOhost64.exe
[2011/12/01 00:36:36 | 000,000,735 | ---- | M] () -- C:\Users\soulnico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XviD\Unwise.exe
[2011/09/20 15:13:02 | 000,126,976 | ---- | M] () -- C:\Users\soulnico\AppData\Roaming\Thinstall\Any Video Converter Professional 3.2.6\SKEL\3ab1c2ff439aa1565b32cef76663669328ae59\mencoder.exe
[2011/09/20 15:12:53 | 000,131,072 | ---- | M] () -- C:\Users\soulnico\AppData\Roaming\Thinstall\Any Video Converter Professional 3.2.6\SKEL\c9e8963266f12af044b129bee952711c4eb5fc\mplayer.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2012/07/28 09:19:09 | 000,056,832 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\chknnify.dll

[color=#A23BEC]< %systemroot%\syswow64\*.dll /lockedfiles >[/color]
[2012/07/28 09:19:09 | 000,056,832 | ---- | M] () Unable to obtain MD5 -- C:\Windows\syswow64\chknnify.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\syswow64\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/14 02:39:56 | 000,867,904 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/14 02:39:56 | 000,867,904 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/14 02:39:56 | 000,867,904 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/21 05:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/21 05:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/21 05:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/21 05:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/21 05:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/14 02:39:56 | 000,867,904 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/14 02:39:56 | 000,867,904 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/14 02:39:56 | 000,867,904 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 03:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 03:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 03:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/21 05:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/21 05:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 1201 bytes -> C:\ProgramData\Microsoft:Ed4tnOoYZG1BKqz470UTQrp
@Alternate Data Stream - 1190 bytes -> C:\ProgramData\Microsoft:FDvXBC2d8PpKAdQKyom
@Alternate Data Stream - 1135 bytes -> C:\ProgramData\Microsoft:7v2QnHLIYVrvm0swHP0Ck3mr

< End of report >

Publicité
fonkynico
 Posté le 29/07/2012 à 14:04 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Et donc le rapport Extras :

OTL Extras logfile created on: 29/07/2012 13:20:15 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\soulnico\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,97 Gb Total Physical Memory | 3,14 Gb Available Physical Memory | 79,11% Memory free
7,93 Gb Paging File | 7,05 Gb Available in Paging File | 88,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 94,43 Gb Free Space | 48,35% Space Free | Partition Type: NTFS
Drive E: | 488,28 Gb Total Space | 25,51 Gb Free Space | 5,23% Space Free | Partition Type: NTFS
Drive F: | 270,44 Gb Total Space | 180,78 Gb Free Space | 66,84% Space Free | Partition Type: NTFS
Drive K: | 443,23 Gb Total Space | 51,86 Gb Free Space | 11,70% Space Free | Partition Type: NTFS

Computer Name: SUPERFLY | User Name: soulnico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1628687916-2968926499-3287331341-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{043EEF79-513F-4666-B340-B8556AB0EADC}" = Native Instruments Studio Drummer
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{43E7798A-248E-4A3D-9969-FEA63543A462}" = Native Instruments Kontakt 4
"{4EE378E8-5B8C-4A56-837F-04986F44F14F}_is1" = T-RackS 3 White 2A version 3.5
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7F0FEB55-6D4A-4892-8A04-3E1EC9001F49}_is1" = T-RackS 3 Black 76 version 3.5
"{828A50F6-040E-46C2-8BB2-C088F1A79173}_is1" = T-RackS 3 Deluxe version 3.5
"{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1" = IK Multimedia Authorization Manager version 1.0.3
"{9CE5F7AE-9D50-4BE6-A32A-00E6914BDB71}" = M-Audio Delta Driver 6.0.2 (x64)
"{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
"{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.5.2
"{DDDE5B61-19BD-4F64-B14C-5F81DB56DF3E}" = Native Instruments George Duke Soul Treasures
"{EC015649-3B3C-4611-9C66-453F8011E944}" = Native Instruments Kontakt 4
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"bx_saturator_is1" = bx_saturator 1.0.1
"CCleaner" = CCleaner
"FreeMi UPnP Media Server" = FreeMi UPnP Media Server
"MediaInfo" = MediaInfo 0.7.52
"WhoCrashed_is1" = WhoCrashed 3.04

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2864B4E9-1186-4A57-9930-C2B307597965}" = MusicLab VeloMaster
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{81974750-D4B1-4690-B168-D31F9A599542}" = SampleTron
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.0 - Français
"{B2D9F699-B4A4-4D37-941E-1B55DF33A96D}_is1" = BREVERB 2 2.0
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BA0D0121-A3BA-487D-9C78-7AB0E676C722}" = Miroslav Philharmonik
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{EEE8DED0-8DCF-492A-865D-C20964420BE5}" = M-Tron Pro
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Addictive Drums" = Addictive Drums
"Addictive Drums ADpak Modern Jazz - Brushes_is1" = Addictive Drums ADpak Modern Jazz - Brushes
"Addictive Drums ADpak Retro_is1" = Addictive Drums ADpak Retro
"Addictive Drums Inno Setup_is1" = Addictive Drums 1.5.2
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Analog Factory_is1" = Analog Factory 2.5
"ARP2600 V2_is1" = ARP2600 V2 2.0
"AudioEase Altiverb VST RTAS_is1" = AudioEase Altiverb VST RTAS v6.10
"Avira AntiVir Desktop" = Avira Free Antivirus
"BBE Sonic Maximizer Plugin" = BBE Sonic Maximizer Plugin
"BBE Sonic Maximizer Plugin v2.0" = BBE Sonic Maximizer Plugin v2.0
"Brass 2.0.5_is1" = Brass 2.0.5
"bx_boom_is1" = bx_boom 1.2.4
"bx_control V2_is1" = bx_control V2 2.0.3
"bx_digital V2_is1" = bx_digital V2 2.1.5
"bx_XL_is1" = bx_XL 1.1.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"East West EWQLSO Gold Edition" = East West EWQLSO Gold Edition
"eLicenser Control" = eLicenser Control
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.20
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.1.13
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Garritan Jazz Big Band" = Garritan Jazz Big Band
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"iZotope Iris_is1" = iZotope Iris
"iZotope Nectar Style Pack 1_is1" = iZotope Nectar Style Pack 1
"iZotope Nectar_is1" = iZotope Nectar
"Kazrog LLC Recabinet 3 VST v3.0.1_is1" = Kazrog LLC Recabinet 3 VST v3.0.1
"Lounge Lizard EP-3" = Applied Acoustics Systems - Lounge Lizard EP-3 v3.1.2
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MediaCoder" = MediaCoder 0.6.0
"Mozilla Firefox 14.0.1 (x86 fr)" = Mozilla Firefox 14.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments George Duke Soul Treasures" = Native Instruments George Duke Soul Treasures
"Native Instruments Kontakt 4" = Native Instruments Kontakt 4
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Pro-53" = Native Instruments Pro-53
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Studio Drummer" = Native Instruments Studio Drummer
"Prophet-V2_is1" = Prophet-V2 2.0
"PSP MixPack2 2.0.3" = PSP MixPack2 2.0.3
"ReCycle_is1" = ReCycle 2.1.2
"Roger Nichols Digital FREQUAL-IZER VST RTAS_is1" = Roger Nichols Digital FREQUAL-IZER VST RTAS v1.2
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"Stellarium_is1" = Stellarium 0.11.0
"Stereoizer_is1" = Stereoizer v2.7
"Tassman 4" = Applied Acoustics Systems - Tassman 4 v4.1.3
"Tone2 ElectraX full_is1" = ElectraX full
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"Wave Arts Tube Saturator" = Wave Arts Tube Saturator
"WaveArts Panorama VST DX RTAS" = WaveArts Panorama VST DX RTAS
"WaveLabPro" = WaveLab 6
"Waves Complete V8_is1" = Waves Complete v8.0.11
"WIDI Recognition System Pro 4.03" = WIDI Recognition System Pro 4.03 (remove only)
"WinRAR archiver" = Logiciel d'archivage WinRAR
"X-treme FX" = X-treme FX
"YU2010_is1" = Your Uninstaller! 7
"ZHPDiag_is1" = ZHPDiag 1.31

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1628687916-2968926499-3287331341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 28/07/2012 05:21:02 | Computer Name = Superfly | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Impossible de lire les chaînes du compteur de performance défini pour
l’ID de langue 009. Le premier DWORD de la section Data contient le code d’erreur
Win32.

Error - 28/07/2012 05:21:02 | Computer Name = Superfly | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Impossible de lire les chaînes du compteur de performance défini pour
l’ID de langue 00C. Le premier DWORD de la section Data contient le code d’erreur
Win32.

Error - 28/07/2012 05:21:02 | Computer Name = Superfly | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Impossible de lire les chaînes du compteur de performance défini pour
l’ID de langue 009. Le premier DWORD de la section Data contient le code d’erreur
Win32.

Error - 28/07/2012 05:21:02 | Computer Name = Superfly | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Impossible de lire les chaînes du compteur de performance défini pour
l’ID de langue 00C. Le premier DWORD de la section Data contient le code d’erreur
Win32.

Error - 28/07/2012 06:43:58 | Computer Name = Superfly | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante vlc.exe, version : 2.0.1.0, horodatage
: 0x4f63d546 Nom du module défaillant : libavcodec_plugin.dll, version : 0.0.0.0,
horodatage : 0x4f63d53c Code d’exception : 0x40000015 Décalage d’erreur : 0x000ea0d9
ID
du processus défaillant : 0x950 Heure de début de l’application défaillante : 0x01cd6cade0b8535c
Chemin
d’accès de l’application défaillante : C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Chemin
d’accès du module défaillant: C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
ID
de rapport : 22497b6e-d8a1-11e1-a17b-5cd99856f3d3

Error - 29/07/2012 06:54:02 | Computer Name = Superfly | Source = WinMgmt | ID = 10
Description =

Error - 29/07/2012 06:56:34 | Computer Name = Superfly | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Impossible de lire les chaînes du compteur de performance défini pour
l’ID de langue 009. Le premier DWORD de la section Data contient le code d’erreur
Win32.

Error - 29/07/2012 06:56:34 | Computer Name = Superfly | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Impossible de lire les chaînes du compteur de performance défini pour
l’ID de langue 00C. Le premier DWORD de la section Data contient le code d’erreur
Win32.

Error - 29/07/2012 06:56:34 | Computer Name = Superfly | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Impossible de lire les chaînes du compteur de performance défini pour
l’ID de langue 009. Le premier DWORD de la section Data contient le code d’erreur
Win32.

Error - 29/07/2012 06:56:34 | Computer Name = Superfly | Source = Microsoft-Windows-LoadPerf | ID = 3006
Description = Impossible de lire les chaînes du compteur de performance défini pour
l’ID de langue 00C. Le premier DWORD de la section Data contient le code d’erreur
Win32.

[ System Events ]
Error - 28/07/2012 04:36:05 | Computer Name = Superfly | Source = Service Control Manager | ID = 7001
Description =

Error - 28/07/2012 04:36:05 | Computer Name = Superfly | Source = Service Control Manager | ID = 7003
Description =

Error - 28/07/2012 04:36:05 | Computer Name = Superfly | Source = Service Control Manager | ID = 7003
Description =

Error - 28/07/2012 04:36:06 | Computer Name = Superfly | Source = Service Control Manager | ID = 7001
Description =

Error - 28/07/2012 04:36:06 | Computer Name = Superfly | Source = Service Control Manager | ID = 7026
Description =

Error - 28/07/2012 04:36:09 | Computer Name = Superfly | Source = DCOM | ID = 10005
Description =

Error - 28/07/2012 04:36:16 | Computer Name = Superfly | Source = DCOM | ID = 10005
Description =

Error - 28/07/2012 04:36:20 | Computer Name = Superfly | Source = Service Control Manager | ID = 7001
Description =

Error - 28/07/2012 04:43:13 | Computer Name = Superfly | Source = Service Control Manager | ID = 7001
Description =

Error - 28/07/2012 04:43:32 | Computer Name = Superfly | Source = Service Control Manager | ID = 7001
Description =


< End of report >

Fill
 Posté le 29/07/2012 à 14:23 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Bonjour,

Peux-tu éditer le rapport Rogue killer, le rapport malwarebyte's et le rapport TDSSkiller ?

Fill



Modifié par Fill le 29/07/2012 14:25
fonkynico
 Posté le 29/07/2012 à 14:35 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Fichier joint : RKreport[1].txt

fonkynico
 Posté le 29/07/2012 à 14:36 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien
fonkynico
 Posté le 29/07/2012 à 14:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Navré je ne trouve pas le rapport Malwarebytes

fonkynico
 Posté le 29/07/2012 à 14:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Ah le voici (et bonjour Fill) :

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Version de la base de données: v2012.07.28.02

Windows 7 Service Pack 1 x64 NTFS (Mode sans échec/Réseau)
Internet Explorer 8.0.7601.17514
soulnico
SUPERFLY [administrateur]

28/07/2012 09:29:58
mbam-log-2012-07-28 (09-29-58).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 190283
Temps écoulé: 1 minute(s), 57 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.Lameshield) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|0C1CFB134AD821841AAACF22F875EF60 (Trojan.Lameshield) -> Données: C:\ProgramData\0C1CFB134AD821841AAACF22F875EF60\0C1CFB134AD821841AAACF22F875EF60.exe -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 3
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès

Dossier(s) détecté(s): 1
C:\Users\soulnico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 5
C:\ProgramData\0C1CFB134AD821841AAACF22F875EF60\0C1CFB134AD821841AAACF22F875EF60.exe (Trojan.Lameshield) -> Mis en quarantaine et supprimé avec succès.
C:\Users\soulnico\AppData\Local\Temp\~!#42F8.tmp (Trojan.Lameshield) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Installer\{faf4586c-aa66-c196-030f-0e2c0d2fee56}\n (Trojan.Sirefef) -> Mis en quarantaine et supprimé avec succès.
C:\Users\soulnico\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Mis en quarantaine et supprimé avec succès.
C:\Users\soulnico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Mis en quarantaine et supprimé avec succès.

(fin)

Fill
 Posté le 29/07/2012 à 16:34 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

1/

  • xécute le programme Roguekiller de Tigzy (par double-clic ou clic droit>Exécuter en tant qu'administrateur pour les versions pls récente que XP),
  • Une pré-analyse se lance et cette fenêtre s'ouvre (Si ton antivirus se manifeste, autorise la modification).
  • Clique sur le bouton "Suppression" comme indiqué ici pour que le programme corrige les éléments trouvés :


Un rapport RKreport[2] créé sur ton Bureau. Copie/colle son contenu dans ta prochaine réponse.

2/

  • Relance OTL
  • Copie-colle ceci dans la fenêtre personnalisation :

Instructions :
:OTL
[2012/07/28 09:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFB134AD821841AAACF22F875EF60
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 1201 bytes -> C:\ProgramData\Microsoft:Ed4tnOoYZG1BKqz470UTQrp
@Alternate Data Stream - 1190 bytes -> C:\ProgramData\Microsoft:FDvXBC2d8PpKAdQKyom
@Alternate Data Stream - 1135 bytes -> C:\ProgramData\Microsoft:7v2QnHLIYVrvm0swHP0Ck3mr


:files
C:\Windows\SysNative\services.exe|C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe /replace

:commands
[EmptyTemp]
[EmptyFlash]

  • Clique ensuite sur Correction et laisse l'outil travailler.
  • Poste le contenu du nouveau rapport (il s'agit d'un fichier "LOG" contenant les dates et heures du pc, sauvegardé dans le dossier %racine%\_OTL\MovedFiles) qui doit s'ouvrir avec le bloc-notes. Comme précédemment, tu peux utiliser les raccourcis clavier (CTRL+A, CTRL+C et CTRL+V)

3/

  • Peux-tu tester ceci : C:\Windows\SysNative\chknnify64.dll
  • Clique sur ce lien.
  • Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
  • Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.
  • Tu peux t'aider de ce tuto pour cela.

Tu recommences le test avec ceux-là :

C:\Windows\system32\chknnify.dll
C:\Windows\syswow64\chknnify.dll

Fill

fonkynico
 Posté le 29/07/2012 à 17:51 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Désolé j'étais sorti une heure. Voici les rapports (effectivement, avira fait des alertes pour les "chknnify") :

RogueKiller V7.6.4 [17/07/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: soulnico [Droits d'admin]
Mode: Suppression -- Date: 29/07/2012 17:32:47

¤¤¤ Processus malicieux: 1 ¤¤¤
[SUSP PATH] OTL.exe -- C:\Users\soulnico\Desktop\OTL.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{faf4586c-aa66-c196-030f-0e2c0d2fee56}\U --> REMOVED

¤¤¤ Driver: [NON CHARGE] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT725050VLA380 ATA Device +++++
--- User ---
[MBR] a86bb9e2a85a5e713b202eead81be0cf
[BSP] f0b8cd889d113146b8697f1be81991c9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19 | Size: 200000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409601696 | Size: 276935 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 56a861a2fb442deb843878ab021e9192
[BSP] 2c33d514b292c9f069ffb02f79af4935 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 499999 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1023999165 | Size: 453867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

OTL :

All processes killed
Error: Unable to interpret <Instructions :> in the current context!
========== OTL ==========
Folder C:\ProgramData\0C1CFB134AD821841AAACF22F875EF60\ not found.
ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.
ADS C:\ProgramData\Microsoft:Ed4tnOoYZG1BKqz470UTQrp deleted successfully.
ADS C:\ProgramData\Microsoft:FDvXBC2d8PpKAdQKyom deleted successfully.
ADS C:\ProgramData\Microsoft:7v2QnHLIYVrvm0swHP0Ck3mr deleted successfully.
========== FILES ==========
File C:\Windows\SysNative\services.exe successfully replaced with C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: soulnico
->Temp folder emptied: 236181 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Java cache emptied: 248747 bytes
->FireFox cache emptied: 195666091 bytes
->Flash cache emptied: 5099 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 4310 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119046867 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52362400 bytes
RecycleBin emptied: 7937 bytes

Total Files Cleaned = 351,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: soulnico
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07292012_173416

Files\Folders moved on Reboot...
C:\Users\soulnico\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\soulnico\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

SHA256: f45e073ed3dc3f716ab3ae963c640a0ed842f563d42c24933a4579b0494d3adb
SHA1: 40e0c3c934c52620a16f8eb4a523ff757531e7c4
MD5: 5a4f3f61c63f95e0d621e57d3a38fc80
File size: 62.0 KB ( 63488 bytes )
File name: chknnify64.dll
File type: Win32 DLL
Detection ratio: 6 / 41
Analysis date: 2012-07-29 15:40:01 UTC ( 1 minute ago )

SHA256: d5c1070ca4a543c773273d1f3545fcd64df275d5ffef4dea7db84ea3f548ae27
SHA1: 9cc6d129ff0bf634c6e860229a93ce1fca325fb3
MD5: 0a8075e4f533d36054c86b1c0db07143
File size: 55.5 KB ( 56832 bytes )
File name: chknnify.dll
File type: Win32 DLL
Detection ratio: 21 / 41
Analysis date: 2012-07-29 15:46:45 UTC ( 0 minute ago )
SHA256: d5c1070ca4a543c773273d1f3545fcd64df275d5ffef4dea7db84ea3f548ae27
SHA1: 9cc6d129ff0bf634c6e860229a93ce1fca325fb3
MD5: 0a8075e4f533d36054c86b1c0db07143
File size: 55.5 KB ( 56832 bytes )
File name: chknnify.dll
File type: Win32 DLL
Detection ratio: 20 / 40
Analysis date: 2012-07-29 15:48:47 UTC ( 1 minute ago )
Publicité
Fill
 Posté le 29/07/2012 à 18:15 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

Pas de souci

1/

  • Relance OTL
  • Copie-colle ceci dans la fenêtre personnalisation :

Instructions :
:files
C:\Windows\SysNative\chknnify64.dll
C:\Windows\SysWow64\chknnify.dll
C:\Windows\system32\chknnify.dll
c:\windows\installer\{faf4586c-aa66-c196-030f-0e2c0d2fee56}

:commands
[EmptyTemp]
[EmptyFlash]

  • Clique ensuite sur Correction et laisse l'outil travailler.
  • Poste le contenu du nouveau rapport (il s'agit d'un fichier "LOG" contenant les dates et heures du pc, sauvegardé dans le dossier %racine%\_OTL\MovedFiles) qui doit s'ouvrir avec le bloc-notes. Comme précédemment, tu peux utiliser les raccourcis clavier (CTRL+A, CTRL+C et CTRL+V)

2/ Relance Rogue killer en mode recherche et édite le rapport.

3/

  • Téléchargez Combofix depuis l'un des liens ci-dessous:

    Lien 1
    Lien 2

    * IMPORTANT !!! Enregistrez ComboFix.exe sur votre Bureau

  • Désactivez vos applications antivirus et anti-spyware, en général via un clic droit sur l'icône de la Zone de notification. Sinon, elles risquent d'interférer avec nos outils

  • Faites un double clic sur combofix.exe & suivez les invites.

  • Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles. Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

  • Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.



**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.


Réduction à 95% de la taille originale [ 536 x 154 ]




Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, vous devriez voir le message suivant:





Cliquez sur Oui/Yes, pour poursuivre avec la recherche de nuisibles.

Lorsque l'outil aura terminé, il vous affichera un rapport. Veuillez copier le contenu de C:\ComboFix.txt dans votre prochaine réponse.

Fill

fonkynico
 Posté le 29/07/2012 à 18:33 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Ok voici les rapports :

RogueKiller V7.6.4 [17/07/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur: soulnico [Droits d'admin]
Mode: Suppression -- Date: 29/07/2012 18:27:19

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NON CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT725050VLA380 ATA Device +++++
--- User ---
[MBR] a86bb9e2a85a5e713b202eead81be0cf
[BSP] f0b8cd889d113146b8697f1be81991c9 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 19 | Size: 200000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409601696 | Size: 276935 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 56a861a2fb442deb843878ab021e9192
[BSP] 2c33d514b292c9f069ffb02f79af4935 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 499999 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1023999165 | Size: 453867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

All processes killed
Error: Unable to interpret < Instructions :> in the current context!
========== FILES ==========
C:\Windows\SysNative\chknnify64.dll moved successfully.
C:\Windows\SysWow64\chknnify.dll moved successfully.
File\Folder C:\Windows\system32\chknnify.dll not found.
c:\windows\installer\{faf4586c-aa66-c196-030f-0e2c0d2fee56} folder moved successfully.
File\Folder :commands not found.
File\Folder [EmptyTemp] not found.
File\Folder [EmptyFlash] not found.

OTL by OldTimer - Version 3.2.55.0 log created on 07292012_182154

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Combofix me dit qu'il est incompatible avec mon OS (fontionne uniquement sur XP visiblement).

Fill
 Posté le 29/07/2012 à 18:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

Combofix me dit qu'il est incompatible avec mon OS (fontionne uniquement sur XP visiblement).

Ben non Il fonctionne sous win7 32 et 64 bits.

Tant pis, si ça ne passe pas.

1/

  • Télécharge Ccleaner Slim sur le Bureau,
  • Installe-le,
  • Ouvre ccleaner et clique sur "Lancer le nettoyage".

2/ Relance malwarebyte's, fais une mise à jour et une analyse rapide. Edite le rapport.

3/ Suis un scan en ligne comme indiqué ici et édite le rapport.

4/ Comment se comporte le pc ? Si c'est OK, je te donne les dernières consignes.

Fill

fonkynico
 Posté le 29/07/2012 à 20:14 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Maintenant le PC se comporte nickel, plus d'alerte ni redirection ni processus suspect.

Voici les derniers scans (celui en ligne trouve les virus placés en quarantaine, mais aussi deux problèmes dans Sysnative) :

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Version de la base de données: v2012.07.29.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
soulnico
SUPERFLY [administrateur]

29/07/2012 18:47:18
mbam-log-2012-07-29 (18-47-18).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 190595
Temps écoulé: 1 minute(s), 28 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

Celui en ligne :

C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\00000001.@.vir Win64/Conedex.A trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000c0.@.vir Win32/Conedex.A trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cb.@.vir Win32/Conedex.A trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cf.@.vir Win32/Conedex.A trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\80000000.@.vir Win64/Sirefef.S trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000c0.@.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000cb.@.vir Win64/Sirefef.T trojan
C:\Users\soulnico\Desktop\RK_Quarantine\80000000.@.vir Win64/Sirefef.AL trojan
C:\Users\soulnico\Desktop\RK_Quarantine\n.vir Win64/Sirefef.W trojan
C:\Windows\SysNative\consrv.dll Win64/Sirefef.J trojan
C:\Windows\SysNative\services.exe Win64/Patched.B.Gen trojan
C:\_OTL\MovedFiles\07292012_182154\C_Windows\SysWow64\chknnify.dll Win32/PSW.Papras.CE trojan

Fill
 Posté le 29/07/2012 à 20:24 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

Il en reste encore.

  • Double-clique sur OTL. Si tu es sous Vista ou 7, démarre par clic droit, exécuter en tant qu'administrateur. Assure toi d'avoir fermé le maximum de fenêtres ouvertes, avant ce qui suit.
  • Coche la case "Tous les utilisateurs",
  • Dans la fenêtre "Personnalisation", colle ces lignes :

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SAVEMBR:0
%ALLUSERSPROFILE\%Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
services.exe
winlogon.exe
wininit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Clique ensuite sur le bouton "Analyse" puis patiente pour que l'outil analyse le pc. Cela peut durer quelques minutes, selon l'état du système.
  • A la fin de l'analyse, la fenêtre du bloc-note s'ouvre. Elle s'appelle OTL.txt
  • Copie-colle ce texte dans ta prochaine réponse. Si un message d'erreur apparait, c'est parce que le rapport est trop long. Il faut alors l'éditer en plusieurs messages sans rien oublier.
  • Pour sélectionner le texte : CTRL+A
  • Pour copier le texte sélectionné : CTRL+C,
  • Pour coller le texte dans ta prochaine réponse : CRTL+V

Fill

fonkynico
 Posté le 29/07/2012 à 21:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

L'animal est perfide {#}.

Voici (en deux fois) :

OTL logfile created on: 29/07/2012 21:25:18 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\soulnico\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,97 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,97% Memory free
7,93 Gb Paging File | 6,87 Gb Available in Paging File | 86,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 93,79 Gb Free Space | 48,02% Space Free | Partition Type: NTFS
Drive E: | 488,28 Gb Total Space | 25,51 Gb Free Space | 5,23% Space Free | Partition Type: NTFS
Drive F: | 270,44 Gb Total Space | 180,78 Gb Free Space | 66,84% Space Free | Partition Type: NTFS
Drive K: | 443,23 Gb Total Space | 51,86 Gb Free Space | 11,70% Space Free | Partition Type: NTFS

Computer Name: SUPERFLY | User Name: soulnico | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/07/29 12:59:44 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\soulnico\Desktop\OTL.exe
PRC - [2011/12/01 17:55:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/12/01 17:55:05 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/12/01 17:55:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/27 13:44:58 | 000,236,040 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2009/07/27 13:44:58 | 000,236,040 | ---- | M] () -- C:\Windows\SysWOW64\DeltaIITray.exe


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/14 02:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/12/01 17:55:16 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/12/01 17:55:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012/05/14 16:21:14 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/01 17:55:27 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/12/01 17:55:27 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/06/28 18:04:40 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2011/05/13 18:26:11 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/21 21:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/27 13:44:48 | 000,392,712 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioDelta.sys -- (DELTAII)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 17:35:30 | 000,438,784 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr6164.sys -- (rt61x64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = -
IE - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 02 B1 B7 B8 EF 2D CC 01 [binary data]
IE - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://google.fr"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 10:02:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/28 10:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\soulnico\AppData\Roaming\mozilla\Extensions
[2012/07/28 09:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\soulnico\AppData\Roaming\mozilla\Firefox\Profiles\jsu9atu1.default\extensions
[2012/07/28 10:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/14 02:39:12 | 000,001,516 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2012/07/14 02:39:12 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/14 02:39:12 | 000,001,822 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/07/14 02:39:12 | 000,001,154 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2012/07/14 02:39:12 | 000,001,426 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/07/14 02:39:12 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/12/24 16:52:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe ()
O4 - Startup: C:\Users\soulnico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\avgnt.exe - Raccourci.lnk = C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1628687916-2968926499-3287331341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\System32\winrnr.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B7A5286-1A4F-4E0E-8741-595521657DA0}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{990D2379-6B08-47A1-B9FE-A9E897E31987}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{990D2379-6B08-47A1-B9FE-A9E897E31987}: NameServer = 192.168.0.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: BITS - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^soulnico^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PEVSystemStart - Service
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: procexp90.Sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Dossiers Web
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7ED2E4FD-E323-4A1D-0D13-CD857DFB7152} - Microsoft Windows Media Player 12.0
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

fonkynico
 Posté le 29/07/2012 à 21:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Suite :

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/07/29 18:52:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/29 18:51:56 | 002,322,184 | ---- | C] (ESET) -- C:\Users\soulnico\Desktop\esetsmartinstaller_enu.exe
[2012/07/29 18:29:55 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/07/29 18:19:57 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/29 17:34:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative
[2012/07/29 17:34:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/29 12:59:43 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\soulnico\Desktop\OTL.exe
[2012/07/28 11:20:18 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\soulnico\Desktop\tdsskiller.exe
[2012/07/28 10:12:54 | 000,000,000 | ---D | C] -- C:\Users\soulnico\Desktop\RK_Quarantine
[2012/07/28 10:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/28 10:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/28 09:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\0C1CFB134AD821841AAACF22F875EF60
[2012/07/20 14:29:29 | 000,000,000 | ---D | C] -- C:\Users\soulnico\Desktop\Gintama
[2012/07/18 15:02:27 | 000,000,000 | ---D | C] -- C:\Users\soulnico\AppData\Local\Macromedia
[2012/07/09 15:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/07/09 15:53:19 | 000,000,000 | ---D | C] -- C:\Users\soulnico\AppData\Local\Google
[2012/07/09 15:53:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/07 17:47:42 | 000,360,448 | ---- | C] (FLV.com) -- C:\Windows\SysWow64\TubeFinder.exe
[2012/07/07 17:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2012/07/07 17:47:41 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2012/07/07 17:47:41 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2012/07/07 17:47:41 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PICCLP32.OCX
[2012/07/07 17:47:40 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2012/07/07 17:47:40 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2012/07/07 17:47:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
[2012/07/07 17:47:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCCLPFR.DLL
[2012/07/07 17:47:40 | 000,000,000 | ---D | C] -- C:\Users\soulnico\AppData\Roaming\FreeFLVConverter
[2012/07/07 17:47:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2012/07/07 14:15:47 | 000,000,000 | ---D | C] -- C:\Users\soulnico\Desktop\Pusher [1996]
[2012/07/03 21:48:13 | 000,000,000 | ---D | C] -- C:\Users\soulnico\Desktop\Apocalypse Now 2001 Redux 720p BRRip x264-HDLiTE
[2012/06/30 18:24:20 | 000,000,000 | ---D | C] -- C:\Users\soulnico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dada Life
[2012/06/29 22:50:04 | 000,000,000 | ---D | C] -- C:\Users\soulnico\Desktop\Nouveau dossier (7)
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/07/29 21:25:57 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/07/29 21:03:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/29 18:52:00 | 002,322,184 | ---- | M] (ESET) -- C:\Users\soulnico\Desktop\esetsmartinstaller_enu.exe
[2012/07/29 18:30:11 | 000,017,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 18:30:11 | 000,017,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 18:22:57 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/29 18:22:46 | 3193,298,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 18:19:57 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/29 12:59:44 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\soulnico\Desktop\OTL.exe
[2012/07/28 11:18:48 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\soulnico\Desktop\tdsskiller.exe
[2012/07/28 10:40:17 | 001,552,384 | ---- | M] () -- C:\Users\soulnico\Desktop\RogueKiller(1).exe
[2012/07/28 10:03:09 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/28 09:44:46 | 000,187,137 | ---- | M] () -- C:\Users\soulnico\Desktop\bookmarks.html
[2012/07/28 09:40:10 | 000,005,750 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/07/28 09:29:01 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/27 22:49:34 | 000,025,356 | ---- | M] () -- C:\Users\soulnico\Desktop\Melody_Yves_DUTEIL.jpg
[2012/07/26 19:30:19 | 000,054,988 | ---- | M] () -- C:\Users\soulnico\Desktop\560997_364693726937515_886734796_n.jpg
[2012/07/26 15:01:41 | 001,408,920 | ---- | M] () -- C:\Users\soulnico\Desktop\camera_Anne_Scratches_Dirt.jpg
[2012/07/26 12:10:06 | 000,000,600 | ---- | M] () -- C:\Users\soulnico\AppData\Roaming\winscp.rnd
[2012/07/14 09:06:24 | 000,018,400 | ---- | M] () -- C:\Users\soulnico\Desktop\523914_10151030884214630_2052162377_n.jpg
[2012/07/13 19:14:42 | 634,235,700 | ---- | M] () -- C:\Users\soulnico\Desktop\Ushuaia_Nature_07.avi
[2012/07/10 19:26:33 | 001,045,315 | ---- | M] () -- C:\Users\soulnico\Desktop\14_mjm_roctavios.mp3
[2012/07/09 15:54:06 | 000,002,223 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/08 10:29:40 | 000,059,040 | ---- | M] () -- C:\Users\soulnico\Desktop\582724_10150978456604230_1164153416_n.jpg
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/07/29 21:25:57 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/07/28 10:41:44 | 001,552,384 | ---- | C] () -- C:\Users\soulnico\Desktop\RogueKiller(1).exe
[2012/07/28 10:03:09 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/28 10:03:09 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/28 09:44:46 | 000,187,137 | ---- | C] () -- C:\Users\soulnico\Desktop\bookmarks.html
[2012/07/28 09:29:01 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/27 22:49:34 | 000,025,356 | ---- | C] () -- C:\Users\soulnico\Desktop\Melody_Yves_DUTEIL.jpg
[2012/07/26 19:30:18 | 000,054,988 | ---- | C] () -- C:\Users\soulnico\Desktop\560997_364693726937515_886734796_n.jpg
[2012/07/26 15:01:41 | 001,408,920 | ---- | C] () -- C:\Users\soulnico\Desktop\camera_Anne_Scratches_Dirt.jpg
[2012/07/19 20:43:44 | 000,000,600 | ---- | C] () -- C:\Users\soulnico\AppData\Roaming\winscp.rnd
[2012/07/14 09:06:24 | 000,018,400 | ---- | C] () -- C:\Users\soulnico\Desktop\523914_10151030884214630_2052162377_n.jpg
[2012/07/13 18:52:01 | 634,235,700 | ---- | C] () -- C:\Users\soulnico\Desktop\Ushuaia_Nature_07.avi
[2012/07/10 19:26:33 | 001,045,315 | ---- | C] () -- C:\Users\soulnico\Desktop\14_mjm_roctavios.mp3
[2012/07/09 15:54:06 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/09 15:53:21 | 000,001,072 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/09 15:53:21 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/08 10:29:40 | 000,059,040 | ---- | C] () -- C:\Users\soulnico\Desktop\582724_10150978456604230_1164153416_n.jpg
[2012/07/07 17:47:41 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2012/07/07 17:47:41 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2012/07/07 17:47:40 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2012/05/13 16:28:28 | 000,005,750 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/17 16:48:15 | 006,640,274 | ---- | C] () -- C:\Windows\SysWow64\Modalys_for_Arturia.dll
[2012/04/06 15:06:24 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/03/06 18:40:39 | 000,006,918 | ---- | C] () -- C:\Users\soulnico\AppData\Local\Temp7.html
[2012/03/06 18:40:01 | 000,001,858 | ---- | C] () -- C:\Users\soulnico\AppData\Local\Temp1.html
[2011/12/27 23:44:42 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011/12/27 23:44:42 | 000,000,224 | ---- | C] () -- C:\Users\soulnico\AppData\Roaming\msregsvv.dll
[2011/12/24 16:46:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/24 16:46:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/24 16:46:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/24 16:46:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/24 16:46:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/03 13:12:20 | 000,000,005 | ---- | C] () -- C:\Windows\mggeagjd.ini
[2011/12/01 00:36:36 | 000,001,648 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/01 00:36:35 | 000,323,910 | ---- | C] () -- C:\Windows\SysWow64\perfh009.dat
[2011/12/01 00:36:35 | 000,045,992 | ---- | C] () -- C:\Windows\SysWow64\perfc009.dat
[2011/11/18 18:23:53 | 000,000,073 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2011/11/09 08:03:39 | 000,000,122 | ---- | C] () -- C:\Windows\msmmdx9.ini
[2011/11/05 14:28:10 | 000,011,667 | ---- | C] () -- C:\Users\soulnico\prefs.js
[2011/10/11 15:16:49 | 000,000,021 | ---- | C] () -- C:\Users\soulnico\AppData\Roaming\iasna_FB9AECF7-F56E-4c47-A862-8892AA545109.dll
[2011/08/11 14:41:13 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/08/11 14:41:13 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/07/05 18:39:01 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2011/07/05 18:38:05 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2011/07/05 18:38:03 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2011/07/05 18:37:52 | 000,163,840 | ---- | C] () -- C:\Windows\SysWow64\ArtFfct.dll
[2011/05/27 18:23:50 | 000,000,224 | ---- | C] () -- C:\ProgramData\autobk.inc
[2011/05/21 16:39:46 | 000,000,272 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011/05/15 15:26:20 | 000,007,607 | ---- | C] () -- C:\Users\soulnico\AppData\Local\Resmon.ResmonCfg
[2011/05/14 19:50:57 | 000,691,481 | ---- | C] () -- C:\Windows\unins001.exe
[2011/05/14 19:50:57 | 000,007,317 | ---- | C] () -- C:\Windows\unins001.dat
[2011/05/14 19:27:22 | 000,684,313 | ---- | C] () -- C:\Windows\unins000.exe
[2011/05/14 19:27:22 | 000,011,946 | ---- | C] () -- C:\Windows\unins000.dat
[2011/05/14 17:34:30 | 001,532,337 | ---- | C] () -- C:\Windows\SysWow64\libfftw3-3.dll
[2011/05/14 17:34:30 | 001,487,562 | ---- | C] () -- C:\Windows\SysWow64\libfftw3f-3.dll
[2011/05/14 17:34:30 | 001,044,721 | ---- | C] () -- C:\Windows\SysWow64\libfftw3l-3.dll
[2011/05/13 17:11:20 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

[color=#E56717]========== Custom Scans ==========[/color]
Invalid Environment Variable: ALLUSERSPROFILE\

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2012/03/25 15:51:07 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Adobe
[2011/07/02 19:14:46 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Apple Computer
[2011/12/05 17:37:13 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Applied Acoustics Systems
[2011/05/15 11:42:20 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Audio Ease
[2012/05/13 17:25:03 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Avira
[2011/05/13 18:27:40 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\DAEMON Tools Lite
[2012/05/20 12:17:12 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\FileZilla
[2012/07/26 12:27:50 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\foobar2000
[2012/07/07 17:47:47 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\FreeFLVConverter
[2012/05/12 14:51:59 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\FXpansion
[2011/05/01 13:33:34 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Identities
[2011/05/28 15:11:01 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\IK Multimedia
[2011/05/21 16:38:59 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\InstallShield
[2012/03/10 15:49:30 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\IrfanView
[2012/07/09 18:10:26 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\iZotope
[2011/05/14 17:34:30 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Kazrog LLC
[2011/05/13 17:09:39 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Macromedia
[2011/09/19 21:46:26 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Malwarebytes
[2010/11/21 08:29:40 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Media Center Programs
[2012/07/23 01:15:44 | 000,000,000 | --SD | M] -- C:\Users\soulnico\AppData\Roaming\Microsoft
[2012/07/28 10:03:17 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Mozilla
[2011/11/26 13:10:33 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Music Recognition
[2011/12/18 16:35:48 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Overloud
[2012/07/09 17:47:55 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\PACE Anti-Piracy
[2012/06/17 15:07:11 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Plugin Alliance
[2011/12/24 17:02:44 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Propellerhead Software
[2011/05/14 17:34:30 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Recabinet3Presets
[2011/05/14 12:46:56 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Steinberg
[2011/08/04 14:47:06 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Stellarium
[2011/09/20 15:12:30 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Thinstall
[2012/06/03 13:25:16 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Todae
[2011/11/18 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\URSoft
[2012/07/29 18:45:32 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\uTorrent
[2012/07/29 15:34:04 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\vlc
[2011/12/11 16:36:24 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Voxengo
[2011/05/17 14:34:56 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\VST3 Presets
[2011/05/14 12:53:39 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\Waves Audio
[2011/05/13 18:24:54 | 000,000,000 | ---D | M] -- C:\Users\soulnico\AppData\Roaming\WinRAR

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2012/06/09 12:42:17 | 000,087,552 | ---- | M] () -- C:\Users\soulnico\AppData\Roaming\foobar2000\user-components\foo_out_asio\ASIOhost32.exe
[2012/06/09 12:42:17 | 000,098,816 | ---- | M] () -- C:\Users\soulnico\AppData\Roaming\foobar2000\user-components\foo_out_asio\ASIOhost64.exe
[2011/12/01 00:36:36 | 000,000,735 | ---- | M] () -- C:\Users\soulnico\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XviD\Unwise.exe
[2011/09/20 15:13:02 | 000,126,976 | ---- | M] () -- C:\Users\soulnico\AppData\Roaming\Thinstall\Any Video Converter Professional 3.2.6\SKEL\3ab1c2ff439aa1565b32cef76663669328ae59\mencoder.exe
[2011/09/20 15:12:53 | 000,131,072 | ---- | M] () -- C:\Users\soulnico\AppData\Roaming\Thinstall\Any Video Converter Professional 3.2.6\SKEL\c9e8963266f12af044b129bee952711c4eb5fc\mplayer.exe

[color=#A23BEC]< %temp%\.exe /s >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/14 02:39:56 | 000,867,904 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/14 02:39:56 | 000,867,904 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/14 02:39:56 | 000,867,904 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/21 05:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/21 05:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/21 05:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/21 05:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/21 05:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)

[color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/14 02:39:56 | 000,867,904 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/14 02:39:56 | 000,867,904 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/14 02:39:56 | 000,867,904 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/14 02:13:42 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 03:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 03:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 03:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/21 05:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/21 05:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)

< End of report >

Fill
 Posté le 29/07/2012 à 21:58 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

1/

  • Relance OTL
  • Copie-colle ceci dans la fenêtre personnalisation :

Instructions :
:files
C:\Windows\SysNative\consrv.dll
C:\Windows\SysNative\services.exe|C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe /replace

C:\ProgramData\0C1CFB134AD821841AAACF22F875EF60


:commands
[EmptyTemp]
[EmptyFlash]

  • Clique ensuite sur Correction et laisse l'outil travailler.
  • Poste le contenu du nouveau rapport (il s'agit d'un fichier "LOG" contenant les dates et heures du pc, sauvegardé dans le dossier %racine%\_OTL\MovedFiles) qui doit s'ouvrir avec le bloc-notes. Comme précédemment, tu peux utiliser les raccourcis clavier (CTRL+A, CTRL+C et CTRL+V)

2/ Après redémarrage :

  • Peux-tu tester ceci : C:\Windows\SysNative\services.exe
  • Clique sur ce lien.
  • Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
  • Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse. Si l'automate te signale que le fichier a déjà été analysé, refais une analyse.
  • Tu peux t'aider de ce tuto pour cela.

Fill



Modifié par Fill le 29/07/2012 21:59
Publicité
fonkynico
 Posté le 29/07/2012 à 22:12 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Voila :

All processes killed
Error: Unable to interpret < Instructions :> in the current context!
========== FILES ==========
C:\Windows\SysNative\consrv.dll moved successfully.
File C:\Windows\SysNative\services.exe successfully replaced with C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
C:\ProgramData\0C1CFB134AD821841AAACF22F875EF60 folder moved successfully.
File\Folder :commands not found.
File\Folder [EmptyTemp] not found.
File\Folder [EmptyFlash] not found.

OTL by OldTimer - Version 3.2.55.0 log created on 07292012_220443

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

VirusTotal :

SHA256: e647717985bf0a1c6b3e2464d4f95d2efe3b77801c43246bde45eae908b940b8
SHA1: f9509da95286d5bc9dc8e393868d3a2b80a03f93
MD5: 014a9cb92514e27c0107614df764bc06
File size: 321.0 KB ( 328704 bytes )
File name: services.exe
File type: unknown
Detection ratio: 23 / 39
Analysis date:

2012-07-29 20:09:29 UTC ( 1 minute ago )

Fill
 Posté le 29/07/2012 à 23:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

1/

  • Téléchargesur ton Bureau le fichier présent dans mon prochain message,
  • Dézippe-le (Clic droit > Extraire ici).
  • Renomme-le en CFScript,
  • Fais un glisser/déposer de ce fichier texte CFScript.txt sur le fichier ComboFix.exe comme sur la capture

  • Patiente le temps du scan, le Bureau va disparaître à plusieurs reprises: c'est normal !
    Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Ces instructions ne concernent que cette machine. Elles ne doivent pas être appliquées sur une autre machine.

2/

Après redémarrage :

  • Peux-tu tester ceci : C:\Windows\SysNative\services.exe
  • Clique sur ce lien.
  • Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
  • Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse. Si l'automate te signale que le fichier a déjà été analysé, refais une analyse.
  • Tu peux t'aider de ce tuto pour cela.

Fill

Fill
 Posté le 29/07/2012 à 23:10 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Fichier joint : CFScript.txt

fonkynico
 Posté le 29/07/2012 à 23:21 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Mmm marche toujours pas Combofix

http://imageshack.us/photo/my-images/856/captureafv.jpg/

C'est curieux j'ai essayé les deux liens et ils indiquent bien W7.

Là je vais me coucher on finira demain si tu veux bien.

Merci pour ta patience



Modifié par fonkynico le 30/07/2012 00:04
fonkynico
 Posté le 30/07/2012 à 08:28 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Salut {#}

Après recherche, je ne suis visiblement pas le seul qui n'arrive pas à lancer Combofix sous W7 64 bits. Etrange...

Sinon je vois que dans C:\Windows\SysNative il n'y a plus que le seul fichier "services.exe" alors qu'il y avait pas mal de fichiers avant. Normal ? J'ai cru comprendre que ce dossier servait à créer des alias pour les applis 32 bits qui ne peuvent pas accéder à System32. Ils sont provisoires ?

Fill
 Posté le 30/07/2012 à 11:07 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

fonkynico a écrit :

Salut {#}

Après recherche, je ne suis visiblement pas le seul qui n'arrive pas à lancer Combofix sous W7 64 bits. Etrange...

Sinon je vois que dans C:\Windows\SysNative il n'y a plus que le seul fichier "services.exe" alors qu'il y avait pas mal de fichiers avant. Normal ? J'ai cru comprendre que ce dossier servait à créer des alias pour les applis 32 bits qui ne peuvent pas accéder à System32. Ils sont provisoires ?

Re,

Je n'ai touché à rien sous SysNative. Je cherche juste à remplacer le fichier patché.

Pour combofix, il a en partie fonctionné car il a mis des éléments dans sa quarantaine Qoobox :

C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\00000001.@.vir Win64/Conedex.A trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000c0.@.vir Win32/Conedex.A trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cb.@.vir Win32/Conedex.A trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cf.@.vir Win32/Conedex.A trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\80000000.@.vir Win64/Sirefef.S trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000c0.@.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000cb.@.vir Win64/Sirefef.T trojan

  • Relance OTL
  • Copie-colle ceci dans la fenêtre personnalisation :

Instructions :
:files

C:\Windows\SysNative\services.exe|C:\Windows\ERDNT\cache64\services.exe /replace
C:\Windows\SysNative\consrv.dll


:commands
[EmptyTemp]
[EmptyFlash]

  • Clique ensuite sur Correction et laisse l'outil travailler.
  • Poste le contenu du nouveau rapport (il s'agit d'un fichier "LOG" contenant les dates et heures du pc, sauvegardé dans le dossier %racine%\_OTL\MovedFiles) qui doit s'ouvrir avec le bloc-notes. Comme précédemment, tu peux utiliser les raccourcis clavier (CTRL+A, CTRL+C et CTRL+V)

2/ Après redémarrage :

  • Peux-tu tester ceci : C:\Windows\SysNative\services.exe
  • Clique sur ce lien.
  • Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
  • Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse. Si l'automate te signale que le fichier a déjà été analysé, refais une analyse.
  • Tu peux t'aider de ce tuto pour cela.

Fill



Modifié par Fill le 30/07/2012 11:20
fonkynico
 Posté le 30/07/2012 à 11:31 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Re

Non ce n'était pas ce que je voulais dire {#}. C'était pour ma gouverne personnelle, je voulais savoir si ce dossier se remplissait au gré de ses besoins. Je m'aperçois que le seul fichier apparaissant dans le dossier est "services.exe", alors que l'explorateur du scan en ligne en voit plein.

Pour info je dois désactiver le guard avira pour permettre à Virus Total de charger le fichier.

Voici les rapports (pas l'air content Virus Total {#}) :

All processes killed
Error: Unable to interpret < Instructions :> in the current context!
========== FILES ==========
File C:\Windows\SysNative\services.exe successfully replaced with C:\Windows\ERDNT\cache64\services.exe
File\Folder C:\Windows\SysNative\consrv.dll not found.
File\Folder :commands not found.
File\Folder [EmptyTemp] not found.
File\Folder [EmptyFlash] not found.

OTL by OldTimer - Version 3.2.55.0 log created on 07302012_112133

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

SHA256: e647717985bf0a1c6b3e2464d4f95d2efe3b77801c43246bde45eae908b940b8
SHA1: f9509da95286d5bc9dc8e393868d3a2b80a03f93
MD5: 014a9cb92514e27c0107614df764bc06
File size: 321.0 KB ( 328704 bytes )
File name: services.exe
File type: unknown
Detection ratio: 25 / 41
Analysis date: 2012-07-30 09:25:30 UTC ( 0 minute ago )
Fill
 Posté le 30/07/2012 à 11:49 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Groupe Sécurité

Re,

Le remplacement ne se fait pas. Je reviens en fin de journée, on tentera autre chose.

Fill

fonkynico
 Posté le 30/07/2012 à 11:53 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

OK ça marche. Je surveillerai, bonne journée.

Publicité
Pages : [1] 2 3 4 ... Fin
Page 1 sur 4 [Fin]

Vous devez être connecté pour participer à la discussion.
Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !
Recevoir PC Astuces par e-mail


La Lettre quotidienne +226 000 inscrits
Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

Les bonnes affaires
Une fois par semaine, un récap des meilleurs offres.

Les fonds d'écran
De jolies photos pour personnaliser votre bureau. Une fois par semaine.

Les nouveaux Bons Plans
Des notifications pour ne pas rater les bons plans publiés sur le site.

Les bons plans du moment PC Astuces

Tous les Bons Plans
78,11 €SSD Interne M.2 NVMe Samsung 970 Evo Plus 500 Go à 78,11 € livré
Valable jusqu'au 20 Janvier

Amazon Allemagne fait une promotion sur le SSD Interne M.2 NVMe Samsung 970 Evo Plus 500 Go qui passe à 73,50 €. Comptez 4,61 € pour la livraison en France, soit un total de 78,11 € livré en France. On le trouve ailleurs autour de 100 €. Ce SSD offre des taux de transfert de 3500 Mo /s en lecture et 3300 Mo/s en écriture. Une bonne affaire.

Vous pouvez utiliser votre compte Amazon France sur Amazon Allemagne et il n'y a pas de douanes. Si vous êtes perdu en allemand, vous pouvez traduire le site en anglais.


> Voir l'offre
GratuitJeu PC Star Wars Battlefront II gratuit
Valable jusqu'au 21 Janvier

Epic Game Store offre actuellement le jeu PC Star Wars Battlefront II. Mettez votre maîtrise du blaster, du sabre laser et de la Force à l'épreuve dans des batailles en ligne ou hors ligne dans STAR WARS™ Battlefront™ II: Celebration Edition. PEGI 16. Jeu en français.

Pour télécharger le jeu, connectez-vous sur votre compte Epic Game Store (créez-en un gratuitement si vous n'en n'avez pas) et cliquez sur le bouton Obtenir sur la fiche du jeu. Le jeu sera ajouté définitivement à votre bibliothèque et vous pourrez le télécharger ensuite quand vous voudrez. 


> Voir l'offre
16,54 €Webcam Elephone Ecam (FullHD, 5MP, autofocus) à 16,54 € livrée
Valable jusqu'au 21 Janvier

Gearbest fait une promotion sur la Webcam Elephone Ecam (FullHD, 5MP, autofocus) qui passe à 14,94 €. Comptez 1,60 € pour la livraison et l'assurance soit un total de 16,54 € livrée. Cette très bonne webcam à brancher sur un port USB de votre ordinateur possède un micro intégrée et un système de pose universelle qui vous permettre de la mettre sur votre écran ou sur votre bureau.

Ce marchand sérieux se trouvant en Chine, la livraison peut prendre une vingtaine de jours. Vous pouvez payer par carte bancaire ou par Paypal (conseillé pour bénéficier de la garantie Paypal).


> Voir l'offre

Sujets relatifs
Infection Live security Platinum
Virus Live Security Platinum & pc démarre plus
Infection par Live Security Platinum
virus live security platinum non supprimable
live sécurity platinum
Rogue Live Security Platinum...
Virus Live Security Platinum
Rootkit ZeroAccess, Rogue Live Security Platinum
Live Security Premium ne peut demarrer sans echec
pc infecté par live security platinium
Plus de sujets relatifs à Live Security Platinum aussi
 > Tous les forums > Forum Sécurité