Voilà le rapport OTM
All processes killed
========== SERVICES/DRIVERS ==========
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
C:\ProgramData\Base Poll Poll.jsou3 moved successfully.
File/Folder C:\Program Files\Google\Common\Google Updater not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: tomtom
->Temp folder emptied: 266386058 bytes
->Temporary Internet Files folder emptied: 5283562 bytes
->Java cache emptied: 42421587 bytes
->FireFox cache emptied: 41383730 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11792 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33936 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50540 bytes
RecycleBin emptied: 1094506 bytes
Total Files Cleaned = 340,00 mb
OTM by OldTimer - Version 3.1.5.0 log created on 01102010_223702
Files moved on Reboot…
C:\Users\tomtom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot…
Voilà le rapport RSIT:
info.txt logfile of random’s system information tool 1.06 2010-01-10 22:45:07
======Uninstall list======
µTorrent–>“C:\Program Files (x86)\uTorrent\uTorrent.exe” /UNINSTALL
Adobe Anchor Service CS3–>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3–>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3–>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting–>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0–>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps–>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific–>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings–>MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings–>MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings–>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings–>MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3–>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3–>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2–>MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX–>C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin–>C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All–>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3–>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3–>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files–>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3–>C:\Program Files (x86)\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3–>MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 9.2 - Français–>MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Adobe Setup–>MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Stock Photos CS3–>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support–>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3–>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client–>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin–>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3–>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Archiveur WinRAR–>C:\Program Files (x86)\WinRAR\uninstall.exe
ASUSUpdate–>RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe” -l0x40c
Catalyst Control Center - Branding–>MsiExec.exe /I{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}
CCleaner–>“C:\Program Files (x86)\CCleaner\uninst.exe”
Combined Community Codec Pack 2008-01-24–>“C:\Program Files (x86)\Combined Community Codec Pack\unins000.exe”
DHTML Editing Component–>MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
eMule–>“C:\Program Files (x86)\eMule\Uninstall.exe”
EPU-6 Engine–>RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{56B83336-FBC1-4C46-8613-90A9E3B440D6}\Setup.exe” -l0x40c
Glary Utilities 2.18.0.786–>“C:\Program Files (x86)\Glary Utilities\unins000.exe”
HijackThis 2.0.2–>“C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe” /uninstall
HydraVision–>MsiExec.exe /X{E7EE88BF-D287-74E1-EC9C-29746228B0D8}
IKEA Home Planner–>MsiExec.exe /I{B3276CB1-20B6-4AF9-AAEC-E72C83816495}
Installation Windows Live–>C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Installation Windows Live–>MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Internet Download Manager–>C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
Java™ 6 Update 17–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
LogMeIn–>MsiExec.exe /I{84713778-D9A9-4130-A811-DF3187827B05}
Malwarebytes’ Anti-Malware–>“C:\Program Files (x86)\Malwarebytes’ Anti-Malware\unins000.exe”
marvell 61xx–>C:\Program Files (x86)\Marvell\61xx\uninst-61xx.exe
Microsoft Choice Guard–>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable–>MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE–>MsiExec.exe /X{A1C962E2-2426-49C6-A38B-9A07E40D607C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-002A-040C-1000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
Microsoft Office 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
Microsoft Office Access MUI (French) 2007–>MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007–>MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007–>MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4–>MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook MUI (French) 2007–>MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007–>MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007–>MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007–>MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007–>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007–>MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)–>msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (French) 2007–>MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007–>MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007–>MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight–>MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053–>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148–>MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mise à jour Microsoft Office Excel 2007 Help (KB963678)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C}
Mise à jour Microsoft Office Outlook 2007 Help (KB963677)–>msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21}
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3}
Mise à jour Microsoft Office Word 2007 Help (KB963665)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223}
monAlbumPhoto–>“C:\Program Files (x86)\monAlbumPhoto\unins000.exe”
Mozilla Firefox (3.5.7)–>C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT–>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
My 7 Optimizer–>C:\Windows\Uninstal.exe
Outil de téléchargement Windows Live–>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDF Settings–>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picasa 3–>“C:\Program Files (x86)\Google\Picasa3\Uninstall.exe”
RocketDock 1.3.5–>“C:\Program Files (x86)\RocketDock\unins000.exe”
Seagate DiscWizard–>MsiExec.exe /X{81A60A13-224D-4637-8203-3EAC03B121A4}
Security Update for 2007 Microsoft Office System (KB969559)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
STREET FIGHTER IV–>MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}
SuperCopier2–>“C:\Program Files (x86)\SuperCopier2\SC2Uninst.exe”
Turbo Lister 2–>MsiExec.exe /X{8927E07C-97F7-4A54-88FB-D976F50DD46E}
Update for 2007 Microsoft Office System (KB967642)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office InfoPath 2007 (KB976416)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Word 2007 (KB974561)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Outlook 2007 Junk Email Filter (kb976884)–>msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FB60F280-C70F-4174-BADB-471412AA42F0}
Visual C++ 8.0 Runtime Setup Package (x64)–>MsiExec.exe /I{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}
VLC media player 1.0.2–>C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WBFS Manager 3.0–>C:\Program Files\WBFS\WBFS Manager 3.0\uninstall.exe
Windows Live Call–>MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform–>MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger–>MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Media Player Firefox Plugin–>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
=====HijackThis Backups=====
O2 - BHO: (no name) - {011f9246-da13-4555-9998-6e4805bd533f} - (no file) [2010-01-09]
O4 - HKLM…\Run: [16 test dupe acid] “C:\ProgramData\Live Dumb Base.4saw79g” [2010-01-09]
R3 - URLSearchHook: (no name) - {011f9246-da13-4555-9998-6e4805bd533f} - (no file) [2010-01-09]
O3 - Toolbar: (no name) - {011f9246-da13-4555-9998-6e4805bd533f} - (no file) [2010-01-09]
O4 - HKLM…\Run: [slow dale] “C:\ProgramData\Base Poll Poll.2yvz4” [2010-01-09]
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-01-09]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2010-01-09]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.whitesmokestart.com… [2010-01-09]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2010-01-10]
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background [2010-01-10]
O4 - HKLM…\Run: [slow dale] “C:\ProgramData\Base Poll Poll.3l026jx” [2010-01-10]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2010-01-10]
O4 - HKCU…\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot [2010-01-10]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2010-01-10]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) [2010-01-10]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com… [2010-01-10]
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======System event log======
Computer Name: MAISON
Event Code: 36888
Message: Lalerte fatale suivante a été générée : 10. Létat derreur interne est 10.
Record Number: 1180
Source Name: Schannel
Time Written: 20090927212921.775256-000
Event Type: Erreur
User: AUTORITE NT\Système
Computer Name: MAISON
Event Code: 36888
Message: Lalerte fatale suivante a été générée : 10. Létat derreur interne est 10.
Record Number: 1179
Source Name: Schannel
Time Written: 20090927212921.759656-000
Event Type: Erreur
User: AUTORITE NT\Système
Computer Name: MAISON
Event Code: 7024
Message: Le service Écouteur HomeGroup sest arrêté avec lerreur service particulière %%-2147023143.
Record Number: 1174
Source Name: Service Control Manager
Time Written: 20090927212827.034760-000
Event Type: Erreur
User:
Computer Name: MAISON
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk3\DR3 lors d’une opération de pagination.
Record Number: 920
Source Name: Disk
Time Written: 20090927210304.857500-000
Event Type: Avertissement
User:
Computer Name: MAISON
Event Code: 7023
Message: Le service Programme dinstallation pour les modules Windows sest arrêté avec lerreur :
Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
Record Number: 535
Source Name: Service Control Manager
Time Written: 20090927182748.905879-000
Event Type: Erreur
User:
=====Application event log=====
Computer Name: MAISON
Event Code: 1015
Message: HRESULT détaillé. hr retourné=0xC004F022, hr dorigine=0x80049E00
Record Number: 322
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20090927194744.000000-000
Event Type: Avertissement
User:
Computer Name: MAISON
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par dautres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.
DÉTAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3576373079-4147584574-2192575426-1001_Classes:
Process 272 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3576373079-4147584574-2192575426-1001_CLASSES
Record Number: 242
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090927182744.225870-000
Event Type: Avertissement
User: AUTORITE NT\Système
Computer Name: MAISON
Event Code: 1530
Message: Windows a détecté que votre fichier de Registre est toujours utilisé par dautres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.
DÉTAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-3576373079-4147584574-2192575426-1001:
Process 464 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3576373079-4147584574-2192575426-1001
Process 272 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3576373079-4147584574-2192575426-1001
Record Number: 241
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090927182743.726670-000
Event Type: Avertissement
User: AUTORITE NT\Système
Computer Name: MAISON
Event Code: 1008
Message: Le service Windows Search démarre et tente de supprimer lancien index de recherche {Raison : Réinitialisation totale de lindex}.
Record Number: 99
Source Name: Microsoft-Windows-Search
Time Written: 20090927181600.000000-000
Event Type: Avertissement
User:
Computer Name: MAISON
Event Code: 11
Message: Fuite de mémoire possible. Lapplication (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID : 116) a transmis un pointeur non NULL à RPC pour un paramètre [out] marqué [allocate(all_nodes)]. Les paramètres [allocate(all_nodes)] sont toujours réaffectés ; si le pointeur initial contenait une adresse mémoire valide, cela entraînerait une fuite de cette mémoire. Lappel provenait de linterface avec lUUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Numéro de méthode (20). Action utilisateur : contactez le fournisseur de lapplication pour obtenir une version mise à jour.
Record Number: 98
Source Name: Microsoft-Windows-RPC-Events
Time Written: 20090927181555.105835-000
Event Type: Avertissement
User: AUTORITE NT\SERVICE LOCAL
=====Security event log=====
Computer Name: 37L4247E29-32
Event Code: 4735
Message: Un groupe local dont la sécurité est activée a été modifié.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : 37L4247E29-32$
Domaine du compte : WORKGROUP
ID douverture de session : 0x3e7
Groupe :
ID de sécurité : S-1-5-32-551
Nom du groupe : Opérateurs de sauvegarde
Domaine du groupe : Builtin
Attributs modifiés :
Nom du compte SAM : -
Historique SID : -
Informations supplémentaires :
Privilèges : -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090927180844.877283-000
Event Type: Succès de laudit
User:
Computer Name: 37L4247E29-32
Event Code: 4731
Message: Un groupe local dont la sécurité est activée a été créé.
Sujet :
ID de sécurité : S-1-5-18
Nom du compte : 37L4247E29-32$
Domaine du compte : WORKGROUP
ID douverture de session : 0x3e7
Nouveau groupe :
ID de sécurité : S-1-5-32-551
Nom du groupe : Opérateurs de sauvegarde
Domaine du groupe : Builtin
Attributs :
Nom du compte SAM : Opérateurs de sauvegarde
Historique SID : -
Informations supplémentaires :
Privilèges : -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090927180844.877283-000
Event Type: Succès de laudit
User:
Computer Name: 37L4247E29-32
Event Code: 4902
Message: La table de stratégie daudit par utilisateur a été créée.
Nombre déléments : 0
ID de la stratégie : 0x32e6f
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090927180844.643282-000
Event Type: Succès de laudit
User:
Computer Name: 37L4247E29-32
Event Code: 4624
Message: Louverture de session dun compte sest correctement déroulée.
Sujet :
ID de sécurité : S-1-0-0
Nom du compte : -
Domaine du compte : -
ID douverture de session : 0x0
Type douverture de session : 0
Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : Système
Domaine du compte : AUTORITE NT
ID douverture de session : 0x3e7
GUID douverture de session : {00000000-0000-0000-0000-000000000000}
Informations sur le processus :
ID du processus : 0x4
Nom du processus :
Informations sur le réseau :
Nom de la station de travail : -
Adresse du réseau source : -
Port source : -
Informations détaillées sur lauthentification :
Processus douverture de session : -
Package dauthentification : -
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0
Cet événement est généré lors de la création dune ouverture de session. Il est généré sur lordinateur sur lequel louverture de session a été effectuée.
Le champ Objet indique le compte sur le système local qui a demandé louverture de session. Il sagit le plus souvent dun service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.
Le champ Type douverture de session indique le type douverture de session qui sest produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).
Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui sest connecté.
Les champs relatifs au réseau indiquent la provenance dune demande douverture de session à distance. Le nom de la station de travail nétant pas toujours disponible, peut être laissé vide dans certains cas.
Les champs relatifs aux informations dauthentification fournissent des détails sur cette demande douverture de session spécifique.
- Le GUID douverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande douverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session na été demandée.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090927180842.942879-000
Event Type: Succès de laudit
User:
Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows démarre.
Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système daudit est initialisé.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090927180842.896079-000
Event Type: Succès de laudit
User:
======Environment variables======
“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\PROGRA~1\DISKEE~1\DISKEE~1
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=AMD64
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
“PSModulePath”=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules
“NUMBER_OF_PROCESSORS”=4
“PROCESSOR_LEVEL”=6
“PROCESSOR_IDENTIFIER”=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
“PROCESSOR_REVISION”=170a
-----------------EOF-----------------
Logfile of random’s system information tool 1.06 (written by random/random)
Run by tomtom at 2010-01-10 22:44:23
Microsoft Windows 7 Édition Intégrale Service Pack 2
System drive C: has 438 GB (92%) free of 477 GB
Total RAM: 4095 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:04, on 10/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
D:\Incoming\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\tomtom.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = g.msn.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = My 7 IE 8
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM…\Run: [StartCCC] “C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files (x86)\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [Malwarebytes’ Anti-Malware] “C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamgui.exe” /starttray
O4 - HKCU…\Run: [SuperCopier2.exe] C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe
O4 - HKCU…\Run: [RocketDock] “C:\Program Files (x86)\RocketDock\RocketDock.exe”
O4 - HKCU…\Run: [uTorrent] “C:\Program Files (x86)\uTorrent\uTorrent.exe”
O4 - HKCU…\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘SERVICE RÉSEAU’)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr…
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE…
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
–
End of file - 6688 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\Malwarebytes’ Scheduled Scan for tomtom.job
C:\Windows\tasks\Malwarebytes’ Scheduled Update for tomtom.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2009-11-11 173488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“StartCCC”=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-10-06 98304]
“SunJavaUpdateSched”=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280]
“Malwarebytes’ Anti-Malware”=C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamgui.exe [2010-01-07 429392]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SuperCopier2.exe”=C:\Program Files (x86)\SuperCopier2\SuperCopier2.exe [2009-08-16 955392]
“RocketDock”=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]
“uTorrent”=C:\Program Files (x86)\uTorrent\uTorrent.exe [2010-01-09 289584]
“IDMan”=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2010-01-03 3171760]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
“authentication packages”=msv1_0
relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“ConsentPromptBehaviorAdmin”=0
“ConsentPromptBehaviorUser”=3
“EnableLUA”=0
“EnableUIADesktopToggle”=0
“PromptOnSecureDesktop”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoActiveDesktop”=
“ForceActiveDesktopOn”=
“NoActiveDesktopChanges”=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe “%1” %*
======List of files/folders created in the last 1 months======
2010-01-10 22:37:02 ----D---- C:_OTM
2010-01-10 20:14:24 ----A---- C:\cleannavi.txt
2010-01-10 20:11:07 ----D---- C:\Program Files (x86)\Navilog1
2010-01-10 15:54:53 ----D---- C:\rsit
2010-01-10 08:59:33 ----HD---- C:$AVG
2010-01-10 08:59:12 ----D---- C:\Program Files (x86)\AVG
2010-01-09 16:56:35 ----D---- C:\Program Files (x86)\uTorrent
2010-01-09 16:55:27 ----D---- C:\Users\tomtom\AppData\Roaming\uTorrent
2010-01-07 20:54:02 ----D---- C:\Windows\Downloaded Installations
2010-01-07 20:18:43 ----D---- C:\Program Files (x86)\SDHelper (Spybot - Search & Destroy)
2010-01-07 20:18:43 ----D---- C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy)
2010-01-07 20:18:42 ----D---- C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
2010-01-07 20:08:33 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-01-04 12:57:46 ----AD---- C:\ProgramData\TEMP
2010-01-03 18:51:24 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2010-01-03 18:49:57 ----D---- C:\Users\tomtom\AppData\Roaming\IDM
2010-01-03 18:49:52 ----D---- C:\Program Files (x86)\Internet Download Manager
2010-01-03 17:48:01 ----D---- C:\Users\tomtom\AppData\Roaming\Babylon
2010-01-03 17:48:01 ----D---- C:\ProgramData\Babylon
2010-01-02 15:31:02 ----D---- C:\Program Files (x86)\IKEA HomePlanner
2010-01-02 15:30:29 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-01-01 12:23:49 ----A---- C:\Users\tomtom\AppData\Roaming\SetValue.bat
2010-01-01 12:23:48 ----A---- C:\Users\tomtom\AppData\Roaming\GetValue.vbs
2010-01-01 12:22:41 ----A---- C:\Windows\system32\tmp.txt
2010-01-01 12:22:39 ----A---- C:\rapport.txt
2010-01-01 11:56:29 ----A---- C:\Windows\system32\WS2Fix.exe
2010-01-01 11:56:29 ----A---- C:\Windows\system32\VCCLSID.exe
2010-01-01 11:56:29 ----A---- C:\Windows\system32\swxcacls.exe
2010-01-01 11:56:29 ----A---- C:\Windows\system32\swsc.exe
2010-01-01 11:56:29 ----A---- C:\Windows\system32\swreg.exe
2010-01-01 11:56:29 ----A---- C:\Windows\system32\SrchSTS.exe
2010-01-01 11:56:29 ----A---- C:\Windows\system32\Process.exe
2010-01-01 11:56:29 ----A---- C:\Windows\system32\dumphive.exe
2009-12-31 18:01:01 ----D---- C:\Program Files (x86)\Trend Micro
2009-12-31 09:12:14 ----D---- C:\Users\tomtom\AppData\Roaming\Malwarebytes
2009-12-31 09:12:10 ----D---- C:\ProgramData\Malwarebytes
2009-12-31 09:12:10 ----D---- C:\Program Files (x86)\Malwarebytes’ Anti-Malware
2009-12-30 10:19:50 ----A---- C:\Windows\system32\D3DX9_42.dll
2009-12-30 10:19:50 ----A---- C:\Windows\system32\d3dx10_42.dll
2009-12-29 18:19:32 ----D---- C:\Program Files (x86)\CAPCOM
2009-12-29 18:19:17 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-12-29 18:19:17 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-12-29 18:19:16 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-12-29 18:19:16 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-12-29 18:19:16 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-12-29 18:19:16 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-12-29 18:18:52 ----A---- C:\Windows\system32\D3DX9_37.dll
2009-12-29 18:18:52 ----A---- C:\Windows\system32\d3dx10_37.dll
2009-12-29 18:18:52 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2009-12-29 18:18:50 ----A---- C:\Windows\system32\xinput1_3.dll
2009-12-29 18:18:33 ----D---- C:\Windows\system32\xlive
2009-12-29 18:18:33 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2009-12-29 13:30:41 ----D---- C:\Windows\pss
2009-12-29 08:37:47 ----D---- C:\ProgramData\DAEMON Tools Pro
2009-12-28 18:08:45 ----D---- C:\ProgramData\dumb tray 16 test
2009-12-28 18:08:30 ----D---- C:\ProgramData\CDROMHEARTSOFT
2009-12-28 18:08:30 ----D---- C:\Program Files (x86)\CDROMHEARTSOFT
======List of files/folders modified in the last 1 months======
2010-01-10 22:44:49 ----D---- C:\Users\tomtom\AppData\Roaming\DMCache
2010-01-10 22:44:25 ----D---- C:\Windows\Temp
2010-01-10 22:43:01 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-01-10 22:42:25 ----D---- C:\Windows
2010-01-10 22:37:03 ----HD---- C:\ProgramData
2010-01-10 22:28:38 ----D---- C:\Users\tomtom\AppData\Roaming\vlc
2010-01-10 20:20:38 ----D---- C:\Windows\System32
2010-01-10 20:11:29 ----RD---- C:\Program Files
2010-01-10 20:11:07 ----RD---- C:\Program Files (x86)
2010-01-10 17:13:20 ----D---- C:\Program Files (x86)\Common Files\InstallShield
2010-01-10 17:12:40 ----SHD---- C:\System Volume Information
2010-01-10 17:12:18 ----SHD---- C:\Windows\Installer
2010-01-10 17:12:12 ----D---- C:\Windows\SysWOW64
2010-01-10 16:53:05 ----D---- C:\Program Files (x86)\Common Files
2010-01-10 16:13:29 ----D---- C:\Windows\system32\drivers
2010-01-10 10:30:18 ----D---- C:\Windows\Tasks
2010-01-10 09:08:56 ----D---- C:\Windows\winsxs
2010-01-10 09:06:48 ----D---- C:\Users\tomtom\AppData\Roaming\dvdcss
2010-01-10 07:58:42 ----D---- C:\Program Files (x86)\LogMeIn
2010-01-08 11:00:19 ----D---- C:\Windows\inf
2010-01-08 11:00:19 ----D---- C:\Windows\Help
2009-12-29 18:18:59 ----D---- C:\Windows\Logs
2009-12-29 13:40:12 ----D---- C:\ProgramData\DAEMON Tools Lite
2009-12-29 08:42:24 ----RD---- C:\Users
2009-12-29 08:41:51 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-12-28 18:06:06 ----D---- C:\Program Files (x86)\Glary Utilities
2009-12-28 18:04:57 ----D---- C:\Windows\debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys []
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys []
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys []
R2 LMIInfo;LogMeIn Kernel Information Provider; ??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; ??\C:\Windows\system32\drivers\LMIRfsDriver.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys []
R3 1394ohci;Contrôleur dhôte compatible OHCI 1394; C:\Windows\system32\DRIVERS\1394ohci.sys []
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 CompositeBus;Pilote de lénumérateur de bus composite; C:\Windows\system32\DRIVERS\CompositeBus.sys []
R3 dc3d;MS Hardware Device Detection Driver (HID); C:\Windows\system32\DRIVERS\dc3d.sys []
R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys []
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys []
R3 MBAMProtector;MBAMProtector; ??\C:\Windows\system32\drivers\mbam.sys [2009-01-14 15504]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys []
R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys []
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys []
S3 ac2jnpj7;ac2jnpj7; C:\Windows\system32\drivers\ac2jnpj7.sys []
S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; ??\C:\Windows\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; ??\C:\Windows\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; ??\C:\Windows\system32\drivers\AWRTRD.sys []
S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys []
S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys []
S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys []
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys []
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys []
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
S3 drmkaud;Pilotes audio approuvés par Microsoft; C:\Windows\system32\drivers\drmkaud.sys []
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbda.sys []
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys []
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys []
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys []
S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys []
S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys []
S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys []
S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys []
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Proxy d’horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys []
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys []
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys []
S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys []
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys []
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2007-08-20 571160]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes’ Anti-Malware\mbamservice.exe [2010-01-07 236368]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 2297216]
R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2009-10-06 120640]
S2 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2008-08-11 57920]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe []
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe []
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-28 654848]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe []
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Et encore une fois merci, est-ce propre cette fois ci?