ANALYSE de mon ordinateur suite à barre BigDadSearch

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

ANALYSE de mon ordinateur suite à barre BigDadSearch

Messagede BDB » 22 Juin 2009, 16:46

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2322
Windows 6.0.6001 Service Pack 1

22/06/2009 17:18:35
mbam-log-2009-06-22 (17-18-35).txt

Type de recherche: Examen rapide
Eléments examinés: 92126
Temps écoulé: 8 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597741dd-2fe7-9ae2-d42c-5c2558125af0} (Adware.AdRotator) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\program files\mozilla firefox\components\b10e6f17-4afe-6942-51aa-3e3fa010bd7e.dll (Adware.Yoog) -> Quarantined and deleted successfully.
c:\Windows\System32\dbxzenwpytsaft.dll-uninst.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
BDB
 
Messages: 21
Inscription: 22 Juin 2009, 10:35
Localisation: Pays Basque

suite de l'analyse.Merci pour aide!

Messagede BDB » 22 Juin 2009, 16:47

OTL logfile created on: 22/06/2009 17:25:59 - Run 1
OTL by OldTimer - Version 3.0.4.0 Folder = C:\Users\Brigitte\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 52,70% Memory free
4,00 Gb Paging File | 2,96 Gb Available in Paging File | 73,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,17 Gb Total Space | 56,34 Gb Free Space | 56,81% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,49 Gb Free Space | 64,92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-BRIGITTE
Current User Name: Brigitte
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/01/28 08:33:10 | 02,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2006/11/05 13:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2008/10/29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/11/03 10:42:17 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2007/06/27 12:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\STacSV.exe
PRC - [2008/11/03 10:42:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2007/04/29 07:24:30 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2006/11/05 13:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
PRC - [2009/03/03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/01/19 09:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/26 12:47:30 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/06/04 07:21:06 | 00,857,648 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/09/26 12:47:22 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007/09/26 12:47:26 | 00,129,560 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/05/31 11:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
PRC - [2006/11/05 13:22:16 | 00,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2008/05/31 09:57:02 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/01/24 22:36:34 | 00,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/03/11 22:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/06/12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2007/06/27 12:17:02 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/01/19 11:42:30 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/01/17 18:51:02 | 00,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/12/01 15:57:34 | 09,073,976 | ---- | M] (VoipDiscount) -- C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
PRC - [2006/11/03 20:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2007/03/11 22:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/02/15 22:04:43 | 02,641,920 | ---- | M] (pdfforge http://www.pdfforge.org/) -- C:\Program Files\PDFCreator\PDFCreator.exe
PRC - [2007/07/20 20:13:26 | 01,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/03/03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/01/19 09:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 09:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2007/11/13 19:57:02 | 02,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PRC - [2007/11/13 19:57:04 | 02,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
PRC - [2007/03/11 22:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2006/11/05 12:55:48 | 00,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2008/05/31 09:57:02 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/06/22 16:54:56 | 00,513,024 | ---- | M] (OldTimer Tools) -- C:\Users\Brigitte\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0276701202044605mcinstcleanup [Auto | Stopped])
SRV - [2008/01/05 13:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 09:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/03/10 17:21:08 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/01/05 13:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/05/31 09:57:02 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-022208-143751 [On_Demand | Stopped])
SRV - [2009/03/27 09:11:52 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009/01/28 08:33:10 | 02,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe -- (hasplms [Auto | Running])
SRV - [2007/03/11 22:37:52 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/03/11 23:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/01/05 13:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/11/08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/01/05 13:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/11/08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/05/31 11:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto | Running])
SRV - [2006/11/05 13:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Running])
SRV - [2006/11/05 13:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Running])
SRV - [2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2008/11/03 10:42:17 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2007/06/27 12:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2006/09/14 16:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2007/05/31 11:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto | Running])
SRV - [2008/01/19 09:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 09:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2007/04/29 07:24:30 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 11:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 11:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 11:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 11:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2009/01/16 12:42:28 | 00,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\DRIVERS\aksfridge.sys -- (aksfridge [Auto | Running])
DRV - [2009/02/02 17:04:18 | 00,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\DRIVERS\akshasp.sys -- (akshasp [On_Demand | Stopped])
DRV - [2007/07/23 15:12:44 | 00,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\DRIVERS\akshhl.sys -- (akshhl [On_Demand | Stopped])
DRV - [2009/01/28 15:53:04 | 00,020,480 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\DRIVERS\aksusb.sys -- (aksusb [On_Demand | Stopped])
DRV - [2008/01/19 19:11:14 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 11:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 11:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2007/05/11 08:40:28 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2006/11/02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/19 19:11:14 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 09:30:55 | 00,200,704 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Stopped])
DRV - [2006/11/02 09:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 11:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/22 11:01:48 | 00,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock [Auto | Running])
DRV - [2006/11/02 11:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2007/04/29 07:24:28 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/04/29 07:24:28 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2007/05/09 13:22:56 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
DRV - [2006/11/02 11:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2007/09/26 12:47:24 | 01,899,008 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008/11/03 10:41:51 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
DRV - [2008/11/03 10:41:52 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
DRV - [2008/11/03 10:41:52 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
DRV - [2006/11/02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 11:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 11:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 11:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2007/04/29 07:24:28 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/11/02 11:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2007/02/25 16:14:00 | 02,216,448 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
DRV - [2006/11/02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 11:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 11:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/11/20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/02 11:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 09:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2007/05/09 14:46:08 | 00,032,256 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2007/05/09 14:46:08 | 00,043,520 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/05/09 14:46:12 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2006/11/02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 11:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 11:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/01/28 19:13:56 | 00,716,272 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/08/17 07:45:00 | 00,058,352 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2007/06/27 12:17:04 | 00,326,656 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2007/06/04 07:21:04 | 00,182,456 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/11/02 11:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 11:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/19 19:11:14 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 11:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/04/29 07:24:28 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/04/29 07:24:30 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\S-1-5-21-1599057654-497372470-3955653617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "BigDadSearch"
FF - prefs.js..browser.search.defaulturl: "http://www.bigdadsearch.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "BigDadSearch"
FF - prefs.js..browser.startup.homepage: "http://www.bigdadsearch.com/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..keyword.URL: "http://www.bigdadsearch.com/search.php?q="

FF - user.js..browser.startup.homepage: "http://www.bigdadsearch.com/"
FF - user.js..browser.search.selectedEngine: "BigDadSearch"
FF - user.js..keyword.URL: "http://www.bigdadsearch.com/search.php?q="
FF - user.js..keyword.enabled: true
FF - user.js..browser.search.defaultenginename: "BigDadSearch"
FF - user.js..browser.search.defaulturl: "http://www.bigdadsearch.com/search.php?q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/01/24 22:26:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/22 17:18:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/19 09:34:53 | 00,000,000 | ---D | M]

[2008/06/25 13:13:58 | 00,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\mozilla\Extensions
[2008/06/25 13:13:58 | 00,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/21 18:48:54 | 00,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\mozilla\Firefox\Profiles\jp6ftkjr.default\extensions
[2008/12/10 13:18:59 | 00,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\mozilla\Firefox\Profiles\jp6ftkjr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/26 15:56:07 | 00,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\mozilla\Firefox\Profiles\jp6ftkjr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/17 20:44:55 | 00,000,249 | ---- | M] () -- C:\Users\Brigitte\AppData\Roaming\Mozilla\FireFox\Profiles\jp6ftkjr.default\searchplugins\BigDadSearch.xml
[2009/06/19 09:34:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/19 09:22:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/01/24 22:47:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/01/29 14:16:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/14 20:05:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/11/09 20:41:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/24 18:30:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/10 17:57:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/03 06:24:27 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/03 06:24:27 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/27 18:48:12 | 00,431,104 | ---- | M] () -- C:\Program Files\mozilla firefox\components\dbxzenwpytsaft.dll
[2008/05/31 09:57:02 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/12/19 14:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/06/03 06:24:27 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/01/24 22:37:15 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/01/24 22:37:29 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/01/24 22:36:46 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/01/04 17:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 20:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 17:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 11:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 21:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 20:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 17:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000..\Run: [VoipDiscount] C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe (VoipDiscount)
O4 - Startup: C:\Users\Brigitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O4 - Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmes\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll File not found
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmes\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll File not found
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programmes\Google\Google Desktop Search\GoogleDesktopNetwork3.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{061a1d6e-f6db-11dd-a3d1-b53750698359}\Shell\AutoRun\command - "" = G:\ranvrgn.exe -- File not found
O33 - MountPoints2\{061a1d6e-f6db-11dd-a3d1-b53750698359}\Shell\explore\Command - "" = G:\ranvrgn.exe -- File not found
O33 - MountPoints2\{061a1d6e-f6db-11dd-a3d1-b53750698359}\Shell\open\Command - "" = G:\ranvrgn.exe -- File not found
O33 - MountPoints2\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\Shell\AutoRun\command - "" = tmf3w3g0.com
O33 - MountPoints2\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\Shell\explore\Command - "" = tmf3w3g0.com
O33 - MountPoints2\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\Shell\open\Command - "" = tmf3w3g0.com
O33 - MountPoints2\{0ef6a41d-12c4-11de-b68b-001d09bd0feb}\Shell - "" = AutoRun
O33 - MountPoints2\{0ef6a41d-12c4-11de-b68b-001d09bd0feb}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\Shell\AutoRun\command - "" = G:\ranvrgn.exe -- File not found
O33 - MountPoints2\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\Shell\explore\Command - "" = G:\ranvrgn.exe -- File not found
O33 - MountPoints2\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\Shell\open\Command - "" = G:\ranvrgn.exe -- File not found
O33 - MountPoints2\{677446d4-adc6-11dd-a351-001d09bd0feb}\Shell - "" = AutoRun
O33 - MountPoints2\{677446d4-adc6-11dd-a351-001d09bd0feb}\Shell\AutoRun\command - "" = G:\memorybar.exe -- File not found
O33 - MountPoints2\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\Shell\AutoRun\command - "" = ie.exe
O33 - MountPoints2\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\Shell\explore\Command - "" = ie.exe
O33 - MountPoints2\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\Shell\open\Command - "" = ie.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/06/22 17:19:13 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\virus
[2009/06/22 16:58:09 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\AppData\Roaming\Malwarebytes
[2009/06/22 16:58:04 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/22 16:58:01 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/22 16:57:59 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/22 16:57:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/06/22 16:57:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/22 16:56:12 | 00,000,809 | ---- | C] () -- C:\Users\Brigitte\Desktop\OTL.exe - Raccourci.lnk
[2009/06/22 11:39:52 | 00,089,600 | ---- | C] () -- C:\Users\Brigitte\Desktop\HIJACK.doc
[2009/06/22 10:45:01 | 00,000,872 | ---- | C] () -- C:\Users\Brigitte\Desktop\HiJackThis - Raccourci.lnk
[2009/06/20 15:56:59 | 00,000,372 | ---- | C] () -- C:\Users\Brigitte\Desktop\Son - Raccourci.lnk
[2009/06/19 18:17:33 | 00,000,000 | ---- | C] () -- C:\Windows\System32\paths.bat
[2009/06/19 10:34:20 | 00,000,000 | ---D | C] -- C:\ToolBar SD
[2009/06/19 10:32:34 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\AppData\Roaming\VoipDiscount
[2009/06/19 10:24:59 | 00,000,947 | ---- | C] () -- C:\Users\Brigitte\Desktop\VoipDiscount.lnk
[2009/06/19 10:24:56 | 00,000,000 | ---D | C] -- C:\Program Files\VoipDiscount.com
[2009/06/19 10:07:48 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/06/19 10:07:46 | 00,000,000 | ---D | C] -- C:\rsit
[2009/06/19 09:22:55 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/06/19 09:20:22 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/06/17 22:06:31 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\Nouveau dossier (3)
[2009/06/17 21:10:11 | 00,000,000 | ---D | C] -- C:\ProgramData\eMule
[2009/06/17 21:09:55 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\AppData\Local\eMule
[2009/06/17 21:09:53 | 00,000,000 | ---D | C] -- C:\Program Files\eMule
[2009/06/17 20:44:44 | 00,085,640 | ---- | C] () -- C:\Windows\System32\dbe2c114-062c-53f0-1436-bedfac456417.exe
[2009/06/17 20:28:16 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\Documents\LimeWire
[2009/06/17 20:27:55 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\AppData\Roaming\LimeWire
[2009/06/17 20:26:46 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/06/17 18:31:31 | 00,063,488 | ---- | C] () -- C:\Users\Brigitte\Documents\CLE.doc
[2009/06/15 17:42:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/06/15 17:42:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/06/15 17:39:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/06/15 10:43:29 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\CCI
[2009/06/14 17:01:05 | 00,071,680 | ---- | C] () -- C:\Users\Brigitte\Desktop\FORMATIONS.doc
[2009/06/12 08:46:03 | 00,000,000 | -HSD | C] -- C:\found.001
[2009/06/11 20:11:24 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\Cluster Eco-habitat Poitou-Charentes _ Le blog » Les diaporamas de la rencontre du 5 mai_fichiers
[2009/06/11 08:22:29 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/06/11 08:22:26 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/11 08:22:19 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/06/11 08:22:14 | 03,581,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/11 08:22:09 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/11 08:22:07 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/11 08:22:06 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/11 08:22:05 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/11 08:22:04 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/11 08:22:03 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/06/11 08:22:03 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/06/11 08:22:02 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/06/11 08:22:02 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/06/11 08:22:02 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/06/11 08:22:01 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/06/11 08:22:00 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/06/11 08:21:59 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/11 08:21:58 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/10 10:03:49 | 00,103,936 | ---- | C] () -- C:\Users\Brigitte\Desktop\le bois2.xls
[2009/06/08 20:45:35 | 00,070,144 | ---- | C] () -- C:\Users\Brigitte\Documents\rôle conseil.doc
[2009/06/05 15:09:36 | 00,055,782 | ---- | C] () -- C:\Users\Brigitte\Desktop\CCI.pdf
[2009/06/03 17:31:57 | 00,071,168 | ---- | C] () -- C:\Users\Brigitte\Desktop\EMMAUS TEXTE.doc
[2009/06/03 08:48:39 | 00,075,776 | ---- | C] () -- C:\Users\Brigitte\Desktop\INIT ENVIRONNEMENT.doc
[2009/05/29 17:01:11 | 01,266,517 | ---- | C] () -- C:\Users\Brigitte\Desktop\Signé magasine0001.pdf
[2009/05/29 16:49:31 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\massif central
[2009/05/25 11:34:04 | 00,091,648 | ---- | C] () -- C:\Users\Brigitte\Desktop\LEXIQUE BOIS.doc
[2009/04/23 17:18:32 | 00,755,712 | ---- | C] () -- C:\Windows\System32\ApiRes.dll
[2009/04/23 17:18:31 | 00,504,320 | ---- | C] () -- C:\Windows\System32\ApiInt30.dll
[2009/04/23 17:18:31 | 00,478,208 | ---- | C] () -- C:\Windows\System32\ApiSMS.dll
[2009/04/23 17:18:31 | 00,106,496 | ---- | C] () -- C:\Windows\System32\Dlsbar32.dll
[2009/04/23 17:18:31 | 00,060,848 | ---- | C] () -- C:\Windows\System32\Dlsbar2.dll
[2009/04/23 17:18:29 | 00,122,880 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll
[2009/04/23 17:18:29 | 00,092,672 | ---- | C] () -- C:\Windows\System32\Lffpx90n.dll
[2009/04/23 17:18:28 | 00,344,064 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll
[2008/04/18 11:10:12 | 00,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/01/27 23:06:26 | 00,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/01/19 19:11:52 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/01/19 19:11:52 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/01/19 19:11:51 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/01/19 19:11:51 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/01/19 19:11:45 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/19 19:11:33 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/07 20:38:09 | 05,779,456 | ---- | C] () -- C:\Windows\System32\WDFEABE4.dll
[2007/10/07 20:38:09 | 02,306,048 | ---- | C] () -- C:\Windows\System32\WDFEABP4.dll
[2007/10/07 20:38:09 | 00,282,624 | ---- | C] () -- C:\Windows\System32\WDFEEBE6.dll
[2006/11/07 21:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 12:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 12:23:31 | 00,000,276 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 01:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== Files - Modified Within 30 Days ==========

[2009/06/22 17:23:54 | 00,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/06/22 17:21:16 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/22 17:21:16 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/22 17:21:07 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/22 17:21:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/22 17:20:54 | 21,351,21920 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/22 17:19:59 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/06/22 17:19:51 | 03,630,011 | -H-- | M] () -- C:\Users\Brigitte\AppData\Local\IconCache.db
[2009/06/22 16:58:04 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/22 16:56:12 | 00,000,809 | ---- | M] () -- C:\Users\Brigitte\Desktop\OTL.exe - Raccourci.lnk
[2009/06/22 11:39:55 | 00,089,600 | ---- | M] () -- C:\Users\Brigitte\Desktop\HIJACK.doc
[2009/06/22 10:45:01 | 00,000,872 | ---- | M] () -- C:\Users\Brigitte\Desktop\HiJackThis - Raccourci.lnk
[2009/06/20 15:56:59 | 00,000,372 | ---- | M] () -- C:\Users\Brigitte\Desktop\Son - Raccourci.lnk
[2009/06/19 18:17:33 | 00,000,000 | ---- | M] () -- C:\Windows\System32\paths.bat
[2009/06/19 10:24:59 | 00,000,947 | ---- | M] () -- C:\Users\Brigitte\Desktop\VoipDiscount.lnk
[2009/06/19 09:22:55 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/06/19 09:20:30 | 00,001,787 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2009/06/17 20:44:44 | 00,085,640 | ---- | M] () -- C:\Windows\System32\dbe2c114-062c-53f0-1436-bedfac456417.exe
[2009/06/17 18:31:34 | 00,063,488 | ---- | M] () -- C:\Users\Brigitte\Documents\CLE.doc
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/16 10:59:19 | 01,271,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/06/16 10:59:19 | 00,669,566 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/06/16 10:59:19 | 00,389,722 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/06/16 10:59:19 | 00,123,556 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/06/16 10:59:19 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/06/15 17:42:59 | 00,000,764 | ---- | M] () -- C:\Users\Brigitte\Documents\Mes dossiers de partage.lnk
[2009/06/14 18:23:59 | 00,016,896 | ---- | M] () -- C:\Users\Brigitte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/14 17:36:02 | 00,071,680 | ---- | M] () -- C:\Users\Brigitte\Desktop\FORMATIONS.doc
[2009/06/12 08:48:35 | 00,345,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/06/10 10:03:49 | 00,103,936 | ---- | M] () -- C:\Users\Brigitte\Desktop\le bois2.xls
[2009/06/08 20:45:37 | 00,070,144 | ---- | M] () -- C:\Users\Brigitte\Documents\rôle conseil.doc
[2009/06/08 08:28:37 | 00,066,048 | ---- | M] () -- C:\Users\Brigitte\Desktop\programme bois.doc
[2009/06/05 19:43:56 | 21,442,1581 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/06/05 15:09:37 | 00,055,782 | ---- | M] () -- C:\Users\Brigitte\Desktop\CCI.pdf
[2009/06/03 17:31:59 | 00,071,168 | ---- | M] () -- C:\Users\Brigitte\Desktop\EMMAUS TEXTE.doc
[2009/06/03 09:01:18 | 00,075,776 | ---- | M] () -- C:\Users\Brigitte\Desktop\INIT ENVIRONNEMENT.doc
[2009/06/01 18:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/05/29 17:01:48 | 01,266,517 | ---- | M] () -- C:\Users\Brigitte\Desktop\Signé magasine0001.pdf
[2009/05/25 11:34:06 | 00,091,648 | ---- | M] () -- C:\Users\Brigitte\Desktop\LEXIQUE BOIS.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
<End>
BDB
 
Messages: 21
Inscription: 22 Juin 2009, 10:35
Localisation: Pays Basque

ET ENFIN ANALYSE DE HIJACKTHIS

Messagede BDB » 22 Juin 2009, 17:03

, si qq peut m'aider c'est vraiment super, merci!!!!!!!!!!!!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:58, on 22/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\hasplms.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brigitte\Downloads\HiJackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fourni par Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VoipDiscount] "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0276701202044605) (0276701202044605mcinstcleanup) - Unknown owner - C:\Users\Brigitte\AppData\Local\Temp\027670~1.EXE (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\Windows\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11236 bytes
BDB
 
Messages: 21
Inscription: 22 Juin 2009, 10:35
Localisation: Pays Basque

Messagede nickW » 23 Juin 2009, 00:30

Bonsoir,


C'est fou ce que j'adoooore les gens qui savent écrire Bonjour/Bonsoir et expliquer clairement leur problème!


Tu devras impérativement choisir entre Assiste et CCM!
http://www.commentcamarche.net/forum/af ... gdadsearch


Le log HijackThis que tu as envoyé est totalement inutile!


Nouvelle recherche car ton PC a été infecté via une clé USB:

Note préliminaire importante
UsbFix est détecté par certains antivirus comme étant un RiskTool (outil à risque).
Ceci est exact puisque certains de ses composants, s'ils étaient mis entre de mauvaises mains, pourraient effectuer des actions dangereuses.
Dans le cas de UsbFix, il faut les laisser s'exécuter, et, si nécessaire, désactiver temporairement les programmes de protection en temps réel (lors du téléchargement et de l'exécution de l'outil).



Étape 1: Contrôle des comptes utilisateurs, désactivation
Désactiver l'UAC - User Account Control - contrôle des comptes utilisateurs:
Note importante: Ne pas oublier de le réactiver après la désinfection.
  • Démarrer ----> Panneau de Configuration
  • En mode d'affichage par défaut, cliquer sur Comptes d'utilisateurs; cliquer de nouveau sur Comptes d'utilisateurs
  • En mode d'affichage "Classique", faire un double clic sur Comptes d'utilisateurs
  • Cliquer sur Activer ou désactiver le contrôle des comptes d'utilisateurs (en bas)
  • Décocher la case située devant Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur
    Note: Si l'UAC était déjà désactivé, cliquer sur Annuler, quitter le Panneau de configuration et passer au téléchargement - pas de redémarrage requis
  • Cliquer sur OK pour valider.
  • Un message prévient que l'ordinateur doit redémarrer; cliquer sur OK. L'ordinateur doit maintenant redémarrer.



Étape 2: UsbFix (de Chiquitine29, C_XX ^& Chimay8), Installation
Télécharger UsbFix par un clic droit sur le lien ci-dessous:
http://sd-1.archive-host.com/membres/up ... UsbFix.exe
Enregistrer le fichier sur le Bureau.
Fermer toutes les applications actives (comme traitement de texte, navigateur).
Faire un double clic sur UsbFix.exe pour lancer l'installation (lire la licence, cocher le bouton-radio "Je suis d'accord ...", cliquer 2 fois sur Suivant, puis sur Démarrer; enfin cliquer sur Quitter).


Étape 3: UsbFix (de Chiquitine29, C_XX ^& Chimay8), Option 1
Fermer toutes les applications actives (comme traitement de texte, navigateur).

Brancher tous les périphériques externes susceptibles d'avoir été infectés sans les ouvrir (clés USB, disque dur externe, etc...).

Faire un clic droit sur le raccourci de UsbFix présent sur le Bureau puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

Sur le menu principal, choisir l'option 1. Recherche de fichiers infectieux. et valider par Entrée.
(ne pas choisir d'autre option sans mon avis/accord)

Laisser l'outil travailler (il y a affichage des fichiers/clés de Registre analysés).

Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant le rapport.
Fermer le Bloc-notes.


Étape 4: Contrôle des comptes utilisateurs, réactivation
Réactiver le contrôle des comptes utilisateurs (UAC-User Account Control).


Étape 5: Résultat
Envoyer en réponse:
*- le rapport de UsbFix, Option 1 (contenu du fichier SystemDrive\UsbFix.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede BDB » 23 Juin 2009, 15:51

Avant le démarrage du grand chantier, MERCI et encore MERCI!
Désolée , j'ai comme perdu mes repères sur ce site où l'on parle si bien informatique...
c'est d'autant plus super de donner une réponse, et en plus si vite
je vais essayer de faire tout cela tranquillement et espère être à la hauteur.
Bonsoir et encore un grand merci nickW, je te tiens au courant
BDB
 
Messages: 21
Inscription: 22 Juin 2009, 10:35
Localisation: Pays Basque

RAPPORT USBFIX.TEXT

Messagede BDB » 24 Juin 2009, 09:30

Bonjour,
Voici le rapport: j'espère avoir tout bien fait, en tout cas tes explications étaient très claires.
CCM: je n'ai pas su comment supprimer ma demande (je n'avais pas eu de réponse?...) j'ai laissé un message d'annulation
Encore un grand merci pour le service que ce forum et ses adeptes nous apporte!

############################## [ UsbFix V3.033 ]

# User : Brigitte (Administrateurs) # PC-DE-BRIGITTE
# Update on 15/06/09 by C_XX
# Start at: 09:13:42 | 24/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html

# Intel(R) Core(TM)2 Duo CPU T5470 @ 1.60GHz
# Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Enabled

# C:\ # Disque fixe local # 99,17 Go (55,77 Go free) [OS] # NTFS
# D:\ # Disque fixe local # 10 Go (6,49 Go free) [RECOVERY] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque amovible # 3,75 Go (16,66 Mo free) # FAT32
# H:\ # Disque amovible

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\hasplms.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Registre Startup ]

HKCU_Main: "Local Page"="C:\\Windows\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
HKCU_Main: "Start Page"="http://www.google.fr"
HKCU_Main: "Window Title"="Internet Explorer fourni par Dell"
HKLM_logon: "Userinit"="C:\\Windows\\system32\\userinit.exe,"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""

HKLM_Run: Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM_Run: ECenter=C:\Dell\E-Center\EULALauncher.exe
HKLM_Run: SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM_Run: IgfxTray=C:\Windows\system32\igfxtray.exe
HKLM_Run: HotKeysCmds=C:\Windows\system32\hkcmd.exe
HKLM_Run: Persistence=C:\Windows\system32\igfxpers.exe
HKLM_Run: Windows Mobile Device Center=%windir%\WindowsMobile\wmdc.exe
HKLM_Run: ISUSScheduler="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
HKLM_Run: RoxWatchTray="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
HKLM_Run: Google Desktop Search="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM_Run: TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKLM_Run: HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
HKLM_Run: Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: SigmatelSysTrayApp=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: ISTray="C:\Program Files\Spyware Doctor\pctsTray.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU_Run: DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
HKCU_Run: msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: VoipDiscount="C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized


################## [ Fichiers # Dossiers infectieux ]

Présent ! C:\Windows\system32\autorun.inf
Présent ! G:\autorun.inf

################## [ Registre # Clés Run infectieuses ]


################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\I\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{061a1d6e-f6db-11dd-a3d1-b53750698359}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{061a1d6e-f6db-11dd-a3d1-b53750698359}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{061a1d6e-f6db-11dd-a3d1-b53750698359}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{0ef6a41d-12c4-11de-b68b-001d09bd0feb}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{677446d4-adc6-11dd-a351-001d09bd0feb}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\Shell\open\Command

################## [ ! Fin du rapport # UsbFix V3.033 ! ]
BDB
 
Messages: 21
Inscription: 22 Juin 2009, 10:35
Localisation: Pays Basque

Messagede nickW » 24 Juin 2009, 20:58

Bonsoir,

Premiers nettoyages:

Étape 1: OTL (de OldTimer), nettoyage
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Tous les programmes---->Accessoires---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:otl
FF - prefs.js..browser.search.defaultenginename: "BigDadSearch"
FF - prefs.js..browser.search.defaulturl: "http://www.bigdadsearch.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "BigDadSearch"
FF - prefs.js..browser.startup.homepage: "http://www.bigdadsearch.com/"
FF - prefs.js..keyword.URL: "http://www.bigdadsearch.com/search.php?q="
FF - user.js..browser.startup.homepage: "http://www.bigdadsearch.com/"
FF - user.js..browser.search.selectedEngine: "BigDadSearch"
FF - user.js..keyword.URL: "http://www.bigdadsearch.com/search.php?q="
FF - user.js..browser.search.defaultenginename: "BigDadSearch"
FF - user.js..browser.search.defaulturl: "http://www.bigdadsearch.com/search.php?q="
[2009/05/27 18:48:12 | 00,431,104 | ---- | M] () -- C:\Program Files\mozilla firefox\components\dbxzenwpytsaft.dll
O33 - MountPoints2\{061a1d6e-f6db-11dd-a3d1-b53750698359}\Shell\AutoRun\command - "" = G:\ranvrgn.exe -- File not found
O33 - MountPoints2\{061a1d6e-f6db-11dd-a3d1-b53750698359}\Shell\explore\Command - "" = G:\ranvrgn.exe -- File not found
O33 - MountPoints2\{061a1d6e-f6db-11dd-a3d1-b53750698359}\Shell\open\Command - "" = G:\ranvrgn.exe -- File not found
O33 - MountPoints2\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\Shell\AutoRun\command - "" = tmf3w3g0.com
O33 - MountPoints2\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\Shell\explore\Command - "" = tmf3w3g0.com
O33 - MountPoints2\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\Shell\open\Command - "" = tmf3w3g0.com
O33 - MountPoints2\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\Shell\AutoRun\command - "" = G:\ranvrgn.exe -- File not found
O33 - MountPoints2\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\Shell\explore\Command - "" = G:\ranvrgn.exe -- File not found
O33 - MountPoints2\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\Shell\open\Command - "" = G:\ranvrgn.exe -- File not found
O33 - MountPoints2\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\Shell\AutoRun\command - "" = ie.exe
O33 - MountPoints2\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\Shell\explore\Command - "" = ie.exe
O33 - MountPoints2\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\Shell\open\Command - "" = ie.exe

:Commands
[start explorer]
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTL-1.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Contrôle des comptes utilisateurs, désactivation
Vérifier que l'UAC - User Account Control - contrôle des comptes utilisateurs - est bien désactivé.


Étape 3: UsbFix (de Chiquitine29, C_XX ^& Chimay8), Option 2
Fermer toutes les applications actives (comme traitement de texte, navigateur).

Brancher tous les périphériques externes susceptibles d'avoir été infectés sans les ouvrir (clés USB, disque dur externe, etc...).

Faire un clic droit sur le raccourci de UsbFix présent sur le Bureau puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.
Sur le menu principal, choisir l'option 2. Suppression des fichiers infectieux. et valider par Entrée.

Le Bureau va disparaître et le PC va redémarrer.
Laisser l'outil travailler.

Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant le rapport.
Fermer le Bloc-notes.


Étape 4: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image Spyware Doctor: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), clic sur "Désactiver l'IntelliGuard" puis choisir 15 minutes


Étape 5: OTL (de OldTimer), nettoyage
Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.
Ouvrir le fichier OTL-1.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTL, faire un clic droit dans la fenêtre située en bas nommée "Custom Scans/Fixes" Image et choisir Coller.

Cliquer sur le bouton Run Fix: Image

Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Étape 6: Contrôle des comptes utilisateurs, réactivation
Réactiver le contrôle des comptes utilisateurs (UAC-User Account Control).


Étape 7: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 8: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users: Image

Puis cliquer sur le bouton Run Scan: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 9: Résultat
Envoyer en réponse:
*- le rapport de UsbFix, Option 2 (contenu du fichier SystemDrive\UsbFix.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede BDB » 25 Juin 2009, 11:28

Bonjour,
La barre Bigdadsearch n'apparaît plus, les choses semblent aller bien mieux.
Voici le rapport USBFIX
All processes killed
Error: Unable to interpret <rien> in the current context!
========== PROCESSES ==========
No active process named explorer.exe was found!
========== OTL ==========
Prefs.js: "BigDadSearch" removed from browser.search.defaultenginename
Prefs.js: "http://www.bigdadsearch.com/search.php?q=" removed from browser.search.defaulturl
Prefs.js: "BigDadSearch" removed from browser.search.selectedEngine
Prefs.js: "http://www.bigdadsearch.com/" removed from browser.startup.homepage
Prefs.js: "http://www.bigdadsearch.com/search.php?q=" removed from keyword.URL
File C:\Program Files\mozilla firefox\components\dbxzenwpytsaft.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{061a1d6e-f6db-11dd-a3d1-b53750698359}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{061a1d6e-f6db-11dd-a3d1-b53750698359}\ not found.
File G:\ranvrgn.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{061a1d6e-f6db-11dd-a3d1-b53750698359}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{061a1d6e-f6db-11dd-a3d1-b53750698359}\ not found.
File G:\ranvrgn.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{061a1d6e-f6db-11dd-a3d1-b53750698359}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{061a1d6e-f6db-11dd-a3d1-b53750698359}\ not found.
File G:\ranvrgn.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\ not found.
File tmf3w3g0.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\ not found.
File tmf3w3g0.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b789299-e14a-11dc-8aa5-001d09bd0feb}\ not found.
File tmf3w3g0.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\ not found.
File G:\ranvrgn.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\ not found.
File G:\ranvrgn.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2dbfc7b8-3baf-11de-924f-001d09bd0feb}\ not found.
File G:\ranvrgn.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\ not found.
File ie.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\ not found.
File ie.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfc9a1e0-f00a-11dc-b69a-001d09bd0feb}\ not found.
File ie.exe not found.
========== COMMANDS ==========
Error: Unable to interpret <start> in the current context!

[EMPTYTEMP]

User: All Users

User: Brigitte
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 824855 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Default
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Invité
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\hlktmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 8409489 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 8,81 mb


OTL by OldTimer - Version 3.0.5.2 log created on 06252009_111240

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...
BDB
 
Messages: 21
Inscription: 22 Juin 2009, 10:35
Localisation: Pays Basque

Messagede BDB » 25 Juin 2009, 11:29

et le rapport OTL
OTL logfile created on: 25/06/2009 11:31:20 - Run 3
OTL by OldTimer - Version 3.0.5.2 Folder = C:\Users\Brigitte\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,99 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,24% Memory free
4,00 Gb Paging File | 2,89 Gb Available in Paging File | 72,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,17 Gb Total Space | 58,02 Gb Free Space | 58,51% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,49 Gb Free Space | 64,92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 3,75 Gb Total Space | 0,02 Gb Free Space | 0,43% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-BRIGITTE
Current User Name: Brigitte
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/01/28 08:33:10 | 02,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe
PRC - [2006/11/05 13:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
PRC - [2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2008/11/03 10:42:17 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2007/06/27 12:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\STacSV.exe
PRC - [2007/04/29 07:24:30 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2008/10/29 08:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/19 09:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 09:33:40 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2006/11/05 13:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
PRC - [2008/01/19 09:33:15 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2008/01/19 09:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 09:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2007/06/04 07:21:06 | 00,857,648 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/09/26 12:47:22 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007/09/26 12:47:26 | 00,129,560 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/05/31 11:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
PRC - [2006/11/05 13:22:16 | 00,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2008/05/31 09:57:02 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/01/24 22:36:34 | 00,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/03/11 22:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/06/12 02:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2007/06/27 12:17:02 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/26 12:47:30 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/11/03 10:42:36 | 01,168,264 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2008/01/19 11:42:30 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/01/17 18:51:02 | 00,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/12/01 15:57:34 | 09,073,976 | ---- | M] (VoipDiscount) -- C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
PRC - [2006/11/03 20:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2007/03/11 22:26:24 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/02/15 22:04:43 | 02,641,920 | ---- | M] (pdfforge http://www.pdfforge.org/) -- C:\Program Files\PDFCreator\PDFCreator.exe
PRC - [2007/07/20 20:13:26 | 01,180,952 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/11/13 19:57:02 | 02,359,296 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
PRC - [2009/03/03 04:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2007/11/13 19:57:04 | 02,510,848 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
PRC - [2006/11/05 12:55:48 | 00,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2008/05/31 09:57:02 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2007/03/11 22:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/06/25 10:19:26 | 00,512,512 | ---- | M] (OldTimer Tools) -- C:\Users\Brigitte\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0276701202044605mcinstcleanup [Auto | Stopped])
SRV - [2008/01/05 13:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 09:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/03/10 17:21:08 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/01/05 13:21:53 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/05/31 09:57:02 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-022208-143751 [On_Demand | Stopped])
SRV - [2009/03/27 09:11:52 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2009/01/28 08:33:10 | 02,790,400 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\hasplms.exe -- (hasplms [Auto | Running])
SRV - [2007/03/11 22:37:52 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/03/11 23:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/10/22 05:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/01/05 13:21:39 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/11/08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/01/05 13:21:39 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/11/08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/05/31 11:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr [Auto | Running])
SRV - [2006/11/05 13:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Running])
SRV - [2006/11/05 13:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Running])
SRV - [2008/06/13 15:29:14 | 00,356,920 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2008/11/03 10:42:17 | 01,079,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2007/06/27 12:17:00 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2006/09/14 16:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2007/05/31 11:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm [Auto | Running])
SRV - [2008/01/19 09:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 09:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2007/04/29 07:24:30 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 11:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 11:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 11:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 11:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 11:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2009/01/16 12:42:28 | 00,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\DRIVERS\aksfridge.sys -- (aksfridge [Auto | Running])
DRV - [2009/02/02 17:04:18 | 00,238,208 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\DRIVERS\akshasp.sys -- (akshasp [On_Demand | Stopped])
DRV - [2007/07/23 15:12:44 | 00,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\DRIVERS\akshhl.sys -- (akshhl [On_Demand | Stopped])
DRV - [2009/01/28 15:53:04 | 00,020,480 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\DRIVERS\aksusb.sys -- (aksusb [On_Demand | Stopped])
DRV - [2008/01/19 19:11:14 | 00,017,592 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 11:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 11:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2007/05/11 08:40:28 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2006/11/02 10:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 10:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 10:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 10:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 10:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 10:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008/01/19 19:11:14 | 00,019,128 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2006/11/02 09:30:55 | 00,200,704 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Stopped])
DRV - [2006/11/02 09:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 11:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/11/22 11:01:48 | 00,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock [Auto | Running])
DRV - [2006/11/02 11:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2007/04/29 07:24:28 | 00,986,624 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/04/29 07:24:28 | 00,206,848 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2007/05/09 13:22:56 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastor.sys -- (iaStor [Boot | Running])
DRV - [2006/11/02 11:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Boot | Running])
DRV - [2007/09/26 12:47:24 | 01,899,008 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 11:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2008/11/03 10:41:51 | 00,040,840 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec [Boot | Running])
DRV - [2008/11/03 10:41:52 | 00,066,952 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt [System | Running])
DRV - [2008/11/03 10:41:52 | 00,081,288 | ---- | M] (PCTools Research Pty Ltd.) -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec [System | Running])
DRV - [2006/11/02 11:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 11:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 11:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 11:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 11:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2007/04/29 07:24:28 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/11/02 11:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 11:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2007/02/25 16:14:00 | 02,216,448 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
DRV - [2006/11/02 11:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 09:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 11:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 11:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/11/20 21:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/02 11:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 11:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006/11/02 09:36:43 | 02,028,032 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2007/05/09 14:46:08 | 00,032,256 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2007/05/09 14:46:08 | 00,043,520 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/05/09 14:46:12 | 00,037,376 | ---- | M] (REDC) -- C:\Windows\System32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2006/11/02 08:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 11:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 11:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/01/28 19:13:56 | 00,716,272 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005/08/17 07:45:00 | 00,058,352 | ---- | M] (MCCI) -- C:\Windows\System32\DRIVERS\sscdbus.sys -- (sscdbus [On_Demand | Stopped])
DRV - [2007/06/27 12:17:04 | 00,326,656 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA [On_Demand | Running])
DRV - [2006/11/02 11:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 11:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 11:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2007/06/04 07:21:04 | 00,182,456 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/11/02 11:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 11:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 11:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/19 19:11:14 | 00,020,152 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 11:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/04/29 07:24:28 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/04/29 07:24:30 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\S-1-5-21-1599057654-497372470-3955653617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/01/24 22:26:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/25 10:21:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/19 09:34:53 | 00,000,000 | ---D | M]

[2008/06/25 13:13:58 | 00,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\mozilla\Extensions
[2008/06/25 13:13:58 | 00,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/24 09:34:22 | 00,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\mozilla\Firefox\Profiles\jp6ftkjr.default\extensions
[2008/12/10 13:18:59 | 00,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\mozilla\Firefox\Profiles\jp6ftkjr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/26 15:56:07 | 00,000,000 | ---D | M] -- C:\Users\Brigitte\AppData\Roaming\mozilla\Firefox\Profiles\jp6ftkjr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/17 20:44:55 | 00,000,249 | ---- | M] () -- C:\Users\Brigitte\AppData\Roaming\Mozilla\FireFox\Profiles\jp6ftkjr.default\searchplugins\BigDadSearch.xml
[2009/06/19 09:34:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/19 09:22:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/01/24 22:47:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/01/29 14:16:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/14 20:05:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/11/09 20:41:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/24 18:30:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/10 17:57:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/03 06:24:27 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/03 06:24:27 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/05/31 09:57:02 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2007/12/19 14:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/06/03 06:24:27 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/01/24 22:37:15 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/01/24 22:37:29 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/01/24 22:36:46 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2008/01/04 17:36:50 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2006/07/05 20:47:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/01/04 17:36:50 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/03/08 11:35:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/09/22 21:14:04 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/04/16 06:08:20 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/03/28 20:11:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/01/04 17:36:50 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000..\Run: [VoipDiscount] C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe (VoipDiscount)
O4 - Startup: C:\Users\Brigitte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O4 - Startup: C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1599057654-497372470-3955653617-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 86.65.151.2 80.118.192.100
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmes\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll File not found
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmes\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll File not found
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programmes\Google\Google Desktop Search\GoogleDesktopNetwork3.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/06/25 09:03:19 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/06/25 09:03:19 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/06/25 09:03:20 | 00,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/06/25 10:21:44 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/06/25 09:03:19 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/06/24 09:18:09 | 00,082,432 | ---- | C] () -- C:\Users\Brigitte\Desktop\texte.doc
[2009/06/24 09:12:59 | 00,001,374 | ---- | C] () -- C:\Users\Brigitte\Desktop\UsbFix.lnk
[2009/06/24 09:08:31 | 00,000,000 | ---D | C] -- C:\UsbFix
[2009/06/24 09:06:19 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/06/22 17:19:13 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\virus
[2009/06/22 16:58:09 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\AppData\Roaming\Malwarebytes
[2009/06/22 16:58:04 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/22 16:58:01 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/22 16:57:59 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/22 16:57:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/06/22 16:57:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/22 11:39:52 | 00,089,600 | ---- | C] () -- C:\Users\Brigitte\Desktop\HIJACK.doc
[2009/06/20 15:56:59 | 00,000,372 | ---- | C] () -- C:\Users\Brigitte\Desktop\Son - Raccourci.lnk
[2009/06/19 18:17:33 | 00,000,000 | ---- | C] () -- C:\Windows\System32\paths.bat
[2009/06/19 10:34:20 | 00,000,000 | ---D | C] -- C:\ToolBar SD
[2009/06/19 10:32:34 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\AppData\Roaming\VoipDiscount
[2009/06/19 10:24:59 | 00,000,947 | ---- | C] () -- C:\Users\Brigitte\Desktop\VoipDiscount.lnk
[2009/06/19 10:24:56 | 00,000,000 | ---D | C] -- C:\Program Files\VoipDiscount.com
[2009/06/19 10:07:48 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/06/19 09:22:55 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/06/19 09:20:22 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/06/17 22:06:31 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\Nouveau dossier (3)
[2009/06/17 21:10:11 | 00,000,000 | ---D | C] -- C:\ProgramData\eMule
[2009/06/17 21:09:55 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\AppData\Local\eMule
[2009/06/17 21:09:53 | 00,000,000 | ---D | C] -- C:\Program Files\eMule
[2009/06/17 20:44:44 | 00,085,640 | ---- | C] () -- C:\Windows\System32\dbe2c114-062c-53f0-1436-bedfac456417.exe
[2009/06/17 20:28:16 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\Documents\LimeWire
[2009/06/17 20:27:55 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\AppData\Roaming\LimeWire
[2009/06/17 20:26:46 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/06/17 18:31:31 | 00,063,488 | ---- | C] () -- C:\Users\Brigitte\Documents\CLE.doc
[2009/06/15 17:42:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/06/15 17:42:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/06/15 17:39:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/06/15 10:43:29 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\CCI
[2009/06/14 17:01:05 | 00,071,680 | ---- | C] () -- C:\Users\Brigitte\Desktop\FORMATIONS.doc
[2009/06/12 08:46:03 | 00,000,000 | -HSD | C] -- C:\found.001
[2009/06/11 20:11:24 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\Cluster Eco-habitat Poitou-Charentes _ Le blog » Les diaporamas de la rencontre du 5 mai_fichiers
[2009/06/11 08:22:29 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/06/11 08:22:26 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/11 08:22:19 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/06/11 08:22:14 | 03,581,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/11 08:22:09 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/11 08:22:07 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/11 08:22:06 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/11 08:22:05 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/11 08:22:04 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/11 08:22:03 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/06/11 08:22:03 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/06/11 08:22:02 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/06/11 08:22:02 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/06/11 08:22:02 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/06/11 08:22:01 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/06/11 08:22:00 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/06/11 08:21:59 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/11 08:21:58 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/08 20:45:35 | 00,070,144 | ---- | C] () -- C:\Users\Brigitte\Documents\rôle conseil.doc
[2009/06/03 17:31:57 | 00,071,168 | ---- | C] () -- C:\Users\Brigitte\Desktop\EMMAUS TEXTE.doc
[2009/06/03 08:48:39 | 00,075,776 | ---- | C] () -- C:\Users\Brigitte\Desktop\INIT ENVIRONNEMENT.doc
[2009/05/29 17:01:11 | 01,266,517 | ---- | C] () -- C:\Users\Brigitte\Desktop\Signé magasine0001.pdf
[2009/05/29 16:49:31 | 00,000,000 | ---D | C] -- C:\Users\Brigitte\Desktop\massif central
[2009/04/23 17:18:32 | 00,755,712 | ---- | C] () -- C:\Windows\System32\ApiRes.dll
[2009/04/23 17:18:31 | 00,504,320 | ---- | C] () -- C:\Windows\System32\ApiInt30.dll
[2009/04/23 17:18:31 | 00,478,208 | ---- | C] () -- C:\Windows\System32\ApiSMS.dll
[2009/04/23 17:18:31 | 00,106,496 | ---- | C] () -- C:\Windows\System32\Dlsbar32.dll
[2009/04/23 17:18:31 | 00,060,848 | ---- | C] () -- C:\Windows\System32\Dlsbar2.dll
[2009/04/23 17:18:29 | 00,122,880 | ---- | C] () -- C:\Windows\System32\Lfkodak.dll
[2009/04/23 17:18:29 | 00,092,672 | ---- | C] () -- C:\Windows\System32\Lffpx90n.dll
[2009/04/23 17:18:28 | 00,344,064 | ---- | C] () -- C:\Windows\System32\Lffpx7.dll
[2008/04/18 11:10:12 | 00,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008/01/27 23:06:26 | 00,716,272 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/01/19 19:11:52 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/01/19 19:11:52 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2008/01/19 19:11:51 | 01,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/01/19 19:11:51 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/01/19 19:11:45 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/01/19 19:11:33 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/10/07 20:38:09 | 05,779,456 | ---- | C] () -- C:\Windows\System32\WDFEABE4.dll
[2007/10/07 20:38:09 | 02,306,048 | ---- | C] () -- C:\Windows\System32\WDFEABP4.dll
[2007/10/07 20:38:09 | 00,282,624 | ---- | C] () -- C:\Windows\System32\WDFEEBE6.dll
[2006/11/07 21:25:58 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 12:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 12:23:31 | 00,000,276 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 01:36:50 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== Files - Modified Within 30 Days ==========

[2009/06/25 11:28:43 | 00,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/06/25 11:26:06 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/06/25 11:26:06 | 00,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/06/25 11:26:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/25 11:25:53 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/25 11:25:50 | 21,371,94496 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/25 11:25:02 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/06/25 11:24:53 | 03,584,376 | -H-- | M] () -- C:\Users\Brigitte\AppData\Local\IconCache.db
[2009/06/24 09:18:12 | 00,082,432 | ---- | M] () -- C:\Users\Brigitte\Desktop\texte.doc
[2009/06/24 09:13:17 | 00,669,566 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2009/06/24 09:13:16 | 01,271,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/06/24 09:13:16 | 00,389,722 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/06/24 09:13:16 | 00,123,556 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2009/06/24 09:13:16 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/06/24 09:12:59 | 00,001,374 | ---- | M] () -- C:\Users\Brigitte\Desktop\UsbFix.lnk
[2009/06/22 16:58:04 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/22 11:39:55 | 00,089,600 | ---- | M] () -- C:\Users\Brigitte\Desktop\HIJACK.doc
[2009/06/20 15:56:59 | 00,000,372 | ---- | M] () -- C:\Users\Brigitte\Desktop\Son - Raccourci.lnk
[2009/06/19 18:17:33 | 00,000,000 | ---- | M] () -- C:\Windows\System32\paths.bat
[2009/06/19 10:24:59 | 00,000,947 | ---- | M] () -- C:\Users\Brigitte\Desktop\VoipDiscount.lnk
[2009/06/19 09:22:55 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/06/19 09:20:30 | 00,001,787 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2009/06/17 20:44:44 | 00,085,640 | ---- | M] () -- C:\Windows\System32\dbe2c114-062c-53f0-1436-bedfac456417.exe
[2009/06/17 18:31:34 | 00,063,488 | ---- | M] () -- C:\Users\Brigitte\Documents\CLE.doc
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/06/15 17:42:59 | 00,000,764 | ---- | M] () -- C:\Users\Brigitte\Documents\Mes dossiers de partage.lnk
[2009/06/14 18:23:59 | 00,016,896 | ---- | M] () -- C:\Users\Brigitte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/14 17:36:02 | 00,071,680 | ---- | M] () -- C:\Users\Brigitte\Desktop\FORMATIONS.doc
[2009/06/12 08:48:35 | 00,345,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/06/08 20:45:37 | 00,070,144 | ---- | M] () -- C:\Users\Brigitte\Documents\rôle conseil.doc
[2009/06/05 19:43:56 | 21,442,1581 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/06/03 17:31:59 | 00,071,168 | ---- | M] () -- C:\Users\Brigitte\Desktop\EMMAUS TEXTE.doc
[2009/06/03 09:01:18 | 00,075,776 | ---- | M] () -- C:\Users\Brigitte\Desktop\INIT ENVIRONNEMENT.doc
[2009/06/01 18:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/05/29 17:01:48 | 01,266,517 | ---- | M] () -- C:\Users\Brigitte\Desktop\Signé magasine0001.pdf

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:DFC5A2B2
<End>
BDB
 
Messages: 21
Inscription: 22 Juin 2009, 10:35
Localisation: Pays Basque

Messagede nickW » 27 Juin 2009, 21:46

Bonsoir,

Il reste une ligne à supprimer:

Étape 1: OTL (de OldTimer), nettoyage
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Tous les programmes---->Accessoires---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien
:Processes
explorer.exe

:otl
[2009/06/17 20:44:55 | 00,000,249 | ---- | M] () -- C:\Users\Brigitte\AppData\Roaming\Mozilla\FireFox\Profiles\jp6ftkjr.default\searchplugins\BigDadSearch.xml

:Commands
[start explorer]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTL-2.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: BDB.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Contrôle des comptes utilisateurs, désactivation
Vérifier que l'UAC - User Account Control - contrôle des comptes utilisateurs - est bien désactivé.


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image Spyware Doctor: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), clic sur "Désactiver l'IntelliGuard" puis choisir 15 minutes


Étape 4: OTL (de OldTimer), nettoyage
Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.
Ouvrir le fichier OTL-2.txt dans le Bloc-notes.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Sélectionner tout.
Dans le Bloc-notes, cliquer sur le menu Edition (en haut) et choisir Copier.

Retourner dans la fenêtre de OTL, faire un clic droit dans la fenêtre située en bas nommée "Custom Scans/Fixes" Image et choisir Coller.

Cliquer sur le bouton Run Fix: Image

Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Fix Complete! Click OK to open the fix log". Cliquer sur OK puis fermer OTL.


Étape 5: Contrôle des comptes utilisateurs, réactivation
Réactiver le contrôle des comptes utilisateurs (UAC-User Account Control).


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 7: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 17 invités