Demande d'analyse après contamination Backdoor.Bot

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Demande d'analyse après contamination Backdoor.Bot

Messagede Corsica58 » 03 Juil 2009, 16:54

Bonjour

Serait il possible d'obtenir une analyse de log après éradication difficile de Backdoor.bot sur mon PC ; MalwareBytes semble ne plus le détecter et le Pc se comporte normalement mais deux précautions valent mieux qu'une
Merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:41, on 03/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
F:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\SetPoint\x86\SetPoint32.exe
M:\eMule\emule.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
F:\Trend Micro\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_5_1_0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - F:\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 8942 bytes
Corsica58
 
Messages: 12
Inscription: 02 Avr 2009, 11:47

Messagede nickW » 04 Juil 2009, 00:10

Bonsoir,

Arf, HijackThis ne peut pas montrer grand chose sur un système 64bit!


Peux-tu utiliser un autre outil:


Étape 1: OTL (de OldTimer), téléchargement
Télécharger OTL.exe depuis http://oldtimer.geekstogo.com/OTL.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Vérifier que la case située devant "Include 64Bit Scans" est cochée (en haut).

Si ce n'est déjà fait, dans le paragraphe Extra Registry, cocher le bouton-radio Use SafeList:
Image

Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Le second rapport est visible dans la Barre des tâches. Le fermer également.
Fermer la fenêtre de OTL.


Étape 3: Résultats
Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les deux rapports de OTL (contenu des fichiers OTL.Txt et Extras.Txt situés sur le Bureau).
Les rapports envoyés sur le forum doivent se terminer par une ligne contenant <End>. Si ce n'est pas le cas, ils sont incomplets, et doivent alors être découpés en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Corsica58 » 04 Juil 2009, 13:25

Bonjour Nickw

Désolé pour ce retard mais je rencontre des problèmes pour générer les deux rapports ; je n'ai pas su faire une copie d'écran pour expliquer le problème et je te fais parvenir le message d'erreur ainsi qu'un log sur les deux puisque OTL ne peut arriver au terme ; merci d'avance de vous occuper de mon cas
message : Access violation at address 00528BB9 in module OTL.exe Read of address 00000014

OTL logfile created on: 04/07/2009 14:13:38 - Run 1
OTL by OldTimer - Version 3.0.6.4 Folder = C:\Users\Philippe\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,24% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 9,03 Gb Free Space | 18,49% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 48,51 Gb Free Space | 99,35% Space Free | Partition Type: NTFS
Drive E: | 82,03 Gb Total Space | 77,18 Gb Free Space | 94,09% Space Free | Partition Type: NTFS
Drive F: | 82,03 Gb Total Space | 65,85 Gb Free Space | 80,28% Space Free | Partition Type: NTFS
Drive G: | 85,20 Gb Total Space | 32,37 Gb Free Space | 37,99% Space Free | Partition Type: NTFS
Drive H: | 5,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 56,87 Gb Total Space | 37,92 Gb Free Space | 66,69% Space Free | Partition Type: NTFS
Drive J: | 86,43 Gb Total Space | 86,34 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive K: | 89,58 Gb Total Space | 89,48 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive M: | 44,39 Gb Total Space | 43,79 Gb Free Space | 98,65% Space Free | Partition Type: NTFS
Drive N: | 46,52 Gb Total Space | 46,42 Gb Free Space | 99,80% Space Free | Partition Type: NTFS

Computer Name: PC-DE-PHILIPPE
Current User Name: Philippe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2007/08/23 16:05:18 | 00,045,056 | ---- | M] () -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/08/08 10:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008/12/28 15:59:01 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- F:\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/24 19:53:16 | 00,613,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
PRC - [2009/03/05 17:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- F:\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/27 18:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
PRC - [2007/08/28 15:23:16 | 01,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/02/19 05:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\SetPoint\x86\SetPoint32.exe
PRC - [2009/03/08 23:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/03/08 23:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/03/08 23:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/04 08:45:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2007/06/07 01:41:54 | 00,089,088 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters [Auto | Running])
SRV:64bit: - [2009/02/19 01:39:26 | 00,160,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV:64bit: - [2008/11/18 15:48:16 | 01,711,104 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
SRV:64bit: - [2008/10/31 15:24:30 | 00,236,032 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan [On_Demand | Running])
SRV:64bit: - [2008/07/03 22:51:30 | 00,497,920 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV:64bit: - [2008/05/29 09:28:54 | 00,035,072 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV:64bit: - [2008/08/29 15:47:36 | 01,968,640 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe -- (VSSERV [Auto | Running])
SRV:64bit: - [2008/01/19 10:06:50 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV:64bit: - [2008/01/19 10:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV:64bit: - [2007/11/27 16:46:10 | 00,099,840 | ---- | M] (BitDefender) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- (XCOMM [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/29 21:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/29 21:39:56 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/01/19 10:00:14 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/19 10:00:14 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 17:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/02/18 11:40:06 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/03/13 02:23:18 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/03/13 02:23:18 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/02/18 11:39:12 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2006/11/02 11:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Running])
SRV - [2009/05/29 17:13:20 | 00,234,864 | ---- | M] (CybelSoft) -- C:\Program Files (x86)\ma-config.com\maconfservice.exe -- (maconfservice [On_Demand | Stopped])
SRV - [2007/08/23 16:05:18 | 00,045,056 | ---- | M] () -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine [Auto | Running])
SRV - [2006/11/02 15:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2007/08/08 10:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2009/04/10 23:28:24 | 00,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2007/08/03 13:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/12/28 15:59:01 | 00,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- F:\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/05/04 15:21:17 | 00,087,288 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
SRV - [2008/05/29 09:28:54 | 00,028,416 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\SysWow64\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2006/11/02 08:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 08:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2007/08/29 04:44:38 | 00,435,200 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV:64bit: - [2008/10/27 20:29:58 | 00,312,480 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV:64bit: - [2008/06/02 15:15:58 | 00,077,320 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\DRIVERS\bdfndisf.sys -- (Bdfndisf [On_Demand | Running])
DRV:64bit: - [2008/01/07 17:41:20 | 00,234,000 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
DRV:64bit: - [2008/01/25 15:41:04 | 00,169,488 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
DRV:64bit: - [2009/03/19 16:34:18 | 00,029,544 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV:64bit: - [2006/11/02 07:28:10 | 00,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV:64bit: - [2006/02/07 13:53:22 | 00,008,704 | ---- | M] (JMicron ) -- C:\Windows\SysNative\DRIVERS\JGOGO.sys -- (JGOGO [Boot | Stopped])
DRV:64bit: - [2008/02/27 17:48:46 | 00,089,488 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID [Boot | Running])
DRV:64bit: - [2008/12/19 00:46:36 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV:64bit: - [2008/12/19 00:47:10 | 00,055,312 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV:64bit: - [2008/10/27 20:29:58 | 00,043,168 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV:64bit: - [2008/12/19 00:47:18 | 00,057,872 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV:64bit: - [2006/11/01 01:23:42 | 00,015,680 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV:64bit: - [2008/06/27 09:40:36 | 00,399,360 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\DRIVERS\RTL8187.sys -- (RTL8187 [On_Demand | Running])
DRV:64bit: - [2007/04/02 11:56:42 | 00,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys -- (RtlProt [System | Running])
DRV:64bit: - [2009/04/28 13:08:22 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV:64bit: - [2009/03/26 15:23:46 | 00,044,544 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64 [On_Demand | Stopped])
DRV:64bit: - [2008/01/19 08:47:12 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV:64bit: - [2009/04/21 10:09:00 | 00,406,528 | ---- | M] (Marvell) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Running])
DRV - [2007/12/18 02:14:12 | 00,014,392 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys -- (AsIO [System | Running])
DRV - [2009/05/29 17:16:48 | 00,015,872 | ---- | M] (CybelSoft) -- C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64 [On_Demand | Stopped])
DRV - [2008/09/06 14:10:24 | 00,162,432 | ---- | M] () -- C:\Windows\SysWow64\DRIVERS\ithsgt.sys -- (ithsgt [Auto | Stopped])
DRV - [2009/04/28 13:17:33 | 00,012,032 | ---- | M] () -- C:\Windows\SysWow64\DRIVERS\lilsgt.sys -- (lilsgt [Auto | Stopped])
DRV - [2008/03/22 14:28:25 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2006/09/18 23:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
IE - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\S-1-5-21-631776660-4131456836-3669901470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/07 08:06:21 | 00,000,000 | ---D | M]


O1 HOSTS File: (316746 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10869 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll (Bitdefender)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEShow.exe (BitDefender)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.EXE (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: E&xporter vers Microsoft Excel - E:\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - E:\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\..Trusted Domains: cap-divx.com ([]https in Sites de confiance)
O15 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\..Trusted Domains: gouv.fr ([static.impots] https in Sites de confiance)
O15 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://webscanner.kaspersky.fr/kavwebscan_unicode.cab (Reg Error: Key error.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab (DLM Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/activex/MaConfig_3_5_1_0.cab (HardwareDetection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - C:\Programmes\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 19:01:11 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:12 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:12 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:13 | 00,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:14 | 00,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/06/07 12:57:24 | 00,749,568 | R--- | M] (Codemasters Software Co.) - H:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/05/01 12:02:10 | 00,000,067 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/07/02 19:01:15 | 00,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:16 | 00,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:17 | 00,000,000 | RHSD | M] - K:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:32 | 00,000,000 | RHSD | M] - M:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:33 | 00,000,000 | RHSD | M] - N:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{06d3da6e-33e5-11de-a533-001e8c7c7452}\Shell - "" = AutoRun
O33 - MountPoints2\{a40643c6-4439-11de-ba93-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a40643c6-4439-11de-ba93-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe -- [2007/06/07 12:57:24 | 00,749,568 | R--- | M] (Codemasters Software Co.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/04 08:45:50 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe
[2009/07/03 17:15:49 | 00,001,950 | ---- | C] () -- M:\Documents\cc_20090703_171548.reg
[2009/07/02 20:06:25 | 00,001,218 | ---- | C] () -- M:\Documents\cc_20090702_200623.reg
[2009/07/02 19:01:12 | 00,000,000 | RHSD | C] -- C:\winfile.exe
[2009/07/02 19:01:12 | 00,000,000 | RHSD | C] -- C:\temp2.exe
[2009/07/02 19:01:12 | 00,000,000 | RHSD | C] -- C:\temp1.exe
[2009/07/02 19:01:12 | 00,000,000 | RHSD | C] -- C:\temp.exe
[2009/07/02 19:01:12 | 00,000,000 | RHSD | C] -- C:\ntdelect.com
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\start.exe
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\sqlserv.exe
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\ravmon.log
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\ravmon.exe
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\msvcr71.dll
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\info.exe
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\host.exe
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\copy.exe
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\comment.htt
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\adober.exe
[2009/07/02 18:15:57 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/07/02 18:15:57 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/07/02 18:15:57 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/07/01 23:47:29 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/01 21:47:39 | 00,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/30 21:32:23 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/06/30 07:56:03 | 00,007,062 | ---- | C] () -- M:\Documents\$005bLjava.lang.Object$003b$004078d878d8.pdf
[2009/06/29 20:04:35 | 00,033,886 | ---- | C] () -- M:\Documents\cc_20090629_200431.reg
[2009/06/29 12:40:15 | 00,000,000 | ---D | C] -- C:\Users\Philippe\AppData\Roaming\Bitdefender
[2009/06/29 12:40:13 | 00,002,051 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Internet Security 2008.lnk
[2009/06/29 12:39:54 | 00,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2009/06/29 12:39:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/06/29 08:20:30 | 03,640,754 | -H-- | C] () -- C:\Users\Philippe\AppData\Local\IconCache.db
[2009/06/29 07:52:32 | 00,001,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2009/06/28 22:59:03 | 00,000,000 | ---D | C] -- C:\Users\Philippe\AppData\Roaming\vlc(15)
[2009/06/27 08:12:13 | 00,310,527 | ---- | C] () -- M:\Documents\Espace Demandeurs d'emploi - site pole-emploi_fr.mht
[2009/06/20 16:21:35 | 02,586,112 | ---- | C] () -- M:\Documents\Vacances-fun.pps
[2009/06/20 14:40:05 | 00,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/20 14:35:07 | 00,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/16 08:09:34 | 00,000,000 | ---D | C] -- C:\Users\Philippe\AppData\Local\Codemasters
[2009/06/12 19:07:23 | 00,772,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2009/06/12 19:07:22 | 00,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2009/06/12 19:07:21 | 01,305,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2009/06/12 19:07:21 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpcrt4.dll
[2009/06/12 19:07:20 | 09,234,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/06/12 19:07:20 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/06/12 19:07:19 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/06/12 19:07:18 | 12,454,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/06/12 19:07:18 | 02,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2009/06/12 19:07:18 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/06/12 19:07:18 | 01,484,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/06/12 19:07:18 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/06/12 19:07:18 | 01,146,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/06/12 19:07:18 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/06/12 19:07:18 | 00,457,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2009/06/12 19:07:18 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/06/12 19:07:17 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/06/12 19:07:17 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009/06/12 19:07:17 | 01,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2009/06/12 19:07:17 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/06/12 19:07:17 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2009/06/12 19:07:17 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/06/12 19:07:17 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/06/12 19:07:17 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2009/06/12 19:07:17 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2009/06/12 19:07:17 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/06/12 19:07:17 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2009/06/12 19:07:17 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/06/12 19:07:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2009/06/12 19:07:17 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/06/12 19:07:16 | 02,745,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32k.sys
[2009/06/06 20:35:59 | 02,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2009/06/06 20:35:59 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2009/06/06 20:35:59 | 00,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2009/06/06 20:35:59 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2009/06/06 20:35:58 | 05,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2009/06/06 20:35:58 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2009/06/06 20:35:57 | 00,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2009/06/06 20:35:57 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2009/06/06 20:35:57 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2009/06/06 20:35:57 | 00,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2009/06/06 20:35:57 | 00,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2009/06/06 20:35:57 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2009/06/06 20:35:57 | 00,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2009/06/06 20:35:57 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2009/05/29 23:00:33 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/29 23:00:22 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/01/30 19:16:55 | 00,000,109 | ---- | C] () -- C:\Windows\disney.ini
[2008/12/24 08:42:15 | 00,019,034 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/25 13:37:24 | 00,000,632 | ---- | C] () -- C:\Windows\CoD.INI
[2008/09/15 18:21:19 | 00,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/09/06 14:10:24 | 00,162,432 | ---- | C] () -- C:\Windows\SysWow64\drivers\ithsgt.sys
[2008/09/06 13:21:47 | 00,012,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\lilsgt.sys
[2008/07/13 00:18:25 | 00,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2008/07/13 00:18:25 | 00,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2008/06/12 12:24:41 | 00,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/04/12 16:40:12 | 00,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2008/03/30 09:41:41 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/03/24 20:08:33 | 01,583,338 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/03/24 14:28:24 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008/03/24 14:28:24 | 00,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008/03/23 22:04:35 | 00,002,623 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/03/23 12:55:45 | 00,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008/03/22 15:02:17 | 00,019,410 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/03/22 15:01:06 | 00,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/11/26 22:56:28 | 00,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2006/11/02 14:34:27 | 00,000,254 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 14:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

========== Files - Modified Within 30 Days ==========

[6 C:\Windows\SysNative\*.tmp files]
[2009/07/04 14:15:04 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9494396C-C710-4374-9AE1-AD26617122B5}.job
[2009/07/04 14:13:05 | 00,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin
[2009/07/04 14:11:14 | 00,000,442 | ---- | M] () -- C:\Windows\tasks\Maintenance en 1 clic.job
[2009/07/04 14:11:08 | 00,004,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/04 14:11:07 | 00,004,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/04 14:11:05 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/04 14:11:04 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/04 14:09:49 | 03,640,754 | -H-- | M] () -- C:\Users\Philippe\AppData\Local\IconCache.db
[2009/07/04 08:45:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe
[2009/07/04 07:59:11 | 02,284,806 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2009/07/04 07:59:11 | 01,090,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/07/04 07:59:11 | 00,666,016 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2009/07/04 07:59:11 | 00,577,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/07/04 07:59:11 | 00,005,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/07/03 17:15:53 | 00,001,950 | ---- | M] () -- M:\Documents\cc_20090703_171548.reg
[2009/07/03 06:53:49 | 00,316,746 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2009/07/02 20:06:27 | 00,001,218 | ---- | M] () -- M:\Documents\cc_20090702_200623.reg
[2009/07/02 18:51:56 | 00,101,752 | ---- | M] () -- C:\Users\Philippe\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/02 18:51:28 | 00,377,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/07/02 08:04:09 | 00,000,875 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090703-065349.backup
[2009/07/02 08:03:07 | 00,316,746 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-080409.backup
[2009/07/02 08:01:43 | 00,000,875 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-080307.backup
[2009/07/02 08:01:03 | 00,316,746 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-080143.backup
[2009/07/02 07:59:34 | 00,316,746 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-080103.backup
[2009/07/02 07:58:44 | 00,316,746 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-075934.backup
[2009/07/02 07:56:47 | 00,316,746 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-075844.backup
[2009/07/02 07:55:50 | 00,000,875 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-075647.backup
[2009/07/02 07:54:50 | 00,317,974 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-075550.backup
[2009/07/01 21:47:45 | 00,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2009/07/01 21:47:39 | 00,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/07/01 16:13:36 | 00,227,840 | ---- | M] () -- C:\Users\Philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/01 13:51:54 | 00,317,974 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-075450.backup
[2009/06/30 08:17:43 | 03,739,648 | ---- | M] () -- M:\Documents\Money.mny
[2009/06/30 08:17:43 | 00,646,614 | R--- | M] () -- M:\Documents\Money Sauvegarde.mbf
[2009/06/30 07:56:03 | 00,007,062 | ---- | M] () -- M:\Documents\$005bLjava.lang.Object$003b$004078d878d8.pdf
[2009/06/29 20:04:39 | 00,033,886 | ---- | M] () -- M:\Documents\cc_20090629_200431.reg
[2009/06/29 18:59:47 | 00,202,024 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/06/29 12:40:13 | 00,002,051 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Internet Security 2008.lnk
[2009/06/27 08:12:13 | 00,310,527 | ---- | M] () -- M:\Documents\Espace Demandeurs d'emploi - site pole-emploi_fr.mht
[2009/06/25 22:55:08 | 00,262,144 | ---- | M] () -- C:\Windows\SPInstall.etl
[2009/06/22 17:02:08 | 00,308,427 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090701-135154.backup
[2009/06/20 16:21:35 | 02,586,112 | ---- | M] () -- M:\Documents\Vacances-fun.pps
[2009/06/20 15:47:31 | 00,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/06/20 14:35:07 | 00,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/06/17 11:27:46 | 00,022,040 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/06/14 20:28:08 | 00,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/06/09 17:16:26 | 00,001,356 | ---- | M] () -- C:\Users\Philippe\AppData\Local\d3d9caps.dat
[2009/06/05 18:36:19 | 00,308,398 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090622-170208.backup
[2009/06/04 16:40:00 | 00,508,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
<End>
Corsica58
 
Messages: 12
Inscription: 02 Avr 2009, 11:47

Messagede nickW » 04 Juil 2009, 21:53

Bonsoir,


Je voudrais pouvoir transmettre au développeur de OTL.exe le maximum d'informations à propos du problème rencontré sur ton PC.


Peux-tu regarder dans le dossier C:\Windows\Minidump s'il existe des fichiers Mini******-**.dmp (les ** sont des chiffres) dont les date et heure de création correspondent aux divers "plantages" de OTL (si nécessaire, relancer OTL afin d'obtenir un nouveau fichier Minidump).


Si tu trouves ces fichiers, il faudrait les déposer sur un serveur externe pour que je puisse les récupérer:

Méthode:
*- mettre dans un fichier archive nommé Corsica58.zip les fichiers demandés
*- Aller sur: http://senduit.com/
*- Dans la zone File:, cliquer sur le bouton Parcourir... et aller jusqu'au fichier Corsica58.zip - faire un double clic sur ce fichier
*- Dans la zone Expire in:, dans la liste déroulante, choisir 5 days
*- Cliquer sur le bouton Upload
*- Après le transfert du fichier, il y aura affichage d'une nouvelle page dans laquelle tu trouveras un lien (sous "This is your download URL. It expires in 5 Days.")
Envoyer ce lien en réponse.


Le rapport OTL.txt que tu as envoyé ne montre plus rien.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Corsica58 » 04 Juil 2009, 23:00

Bonsoir tardif

Après avoir pris ton message et tenté d'ouvrir le fiichier Minidump qui en l'occurence ne contenant rien j'ai retenté les manips que tu m'avais commandé et là réussite totale ; je te fais donc parvenir les logs en deux temps premier envoi OTL;text:


OTL logfile created on: 04/07/2009 23:53:15 - Run 1
OTL by OldTimer - Version 3.0.6.4 Folder = C:\Users\Philippe\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 49,47% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 8,79 Gb Free Space | 17,99% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 48,51 Gb Free Space | 99,35% Space Free | Partition Type: NTFS
Drive E: | 82,03 Gb Total Space | 77,18 Gb Free Space | 94,09% Space Free | Partition Type: NTFS
Drive F: | 82,03 Gb Total Space | 65,85 Gb Free Space | 80,28% Space Free | Partition Type: NTFS
Drive G: | 85,20 Gb Total Space | 32,37 Gb Free Space | 37,99% Space Free | Partition Type: NTFS
Drive H: | 5,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 56,87 Gb Total Space | 37,92 Gb Free Space | 66,69% Space Free | Partition Type: NTFS
Drive J: | 86,43 Gb Total Space | 86,34 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive K: | 89,58 Gb Total Space | 89,48 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive M: | 44,39 Gb Total Space | 43,79 Gb Free Space | 98,65% Space Free | Partition Type: NTFS
Drive N: | 46,52 Gb Total Space | 46,42 Gb Free Space | 99,80% Space Free | Partition Type: NTFS

Computer Name: PC-DE-PHILIPPE
Current User Name: Philippe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/01/24 19:53:16 | 00,613,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
PRC - [2009/03/05 17:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- F:\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007/08/28 15:23:16 | 01,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2007/08/23 16:05:18 | 00,045,056 | ---- | M] () -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
PRC - [2007/08/08 10:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008/12/28 15:59:01 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- F:\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/02/19 05:00:00 | 00,077,824 | ---- | M] () -- C:\Program Files\SetPoint\x86\SetPoint32.exe
PRC - [2008/08/02 15:52:12 | 05,484,544 | ---- | M] (http://www.emule-project.net) -- M:\eMule\emule.exe
PRC - [2009/03/08 13:34:00 | 00,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IELowutil.exe
PRC - [2009/03/08 23:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/03/08 23:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/04 08:45:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2007/06/07 01:41:54 | 00,089,088 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters [Auto | Running])
SRV:64bit: - [2009/02/19 01:39:26 | 00,160,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ [On_Demand | Stopped])
SRV:64bit: - [2008/11/18 15:48:16 | 01,711,104 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV [Auto | Running])
SRV:64bit: - [2008/10/31 15:24:30 | 00,236,032 | ---- | M] (S.C. BitDefender S.R.L) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan [On_Demand | Running])
SRV:64bit: - [2008/07/03 22:51:30 | 00,497,920 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\SysNative\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV:64bit: - [2008/05/29 09:28:54 | 00,035,072 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV:64bit: - [2008/08/29 15:47:36 | 01,968,640 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe -- (VSSERV [Auto | Running])
SRV:64bit: - [2008/01/19 10:06:50 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Stopped])
SRV:64bit: - [2008/01/19 10:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV:64bit: - [2007/11/27 16:46:10 | 00,099,840 | ---- | M] (BitDefender) -- C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- (XCOMM [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/29 21:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/29 21:39:56 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/01/19 10:00:14 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/19 10:00:14 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 17:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/02/18 11:40:06 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2007/03/13 02:23:18 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/03/13 02:23:18 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/02/18 11:39:12 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2006/11/02 11:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Running])
SRV - [2009/05/29 17:13:20 | 00,234,864 | ---- | M] (CybelSoft) -- C:\Program Files (x86)\ma-config.com\maconfservice.exe -- (maconfservice [On_Demand | Stopped])
SRV - [2007/08/23 16:05:18 | 00,045,056 | ---- | M] () -- C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe -- (MagicTuneEngine [Auto | Running])
SRV - [2006/11/02 15:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2007/08/08 10:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2009/04/10 23:28:24 | 00,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2007/08/03 13:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/12/28 15:59:01 | 00,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- F:\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Auto | Running])
SRV - [2008/05/04 15:21:17 | 00,087,288 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
SRV - [2008/05/29 09:28:54 | 00,028,416 | ---- | M] (TuneUp Software GmbH) -- C:\Windows\SysWow64\uxtuneup.dll -- (UxTuneUp [Auto | Running])
SRV - [2006/11/02 08:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 08:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2007/08/29 04:44:38 | 00,435,200 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV:64bit: - [2008/10/27 20:29:58 | 00,312,480 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV:64bit: - [2008/06/02 15:15:58 | 00,077,320 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\DRIVERS\bdfndisf.sys -- (Bdfndisf [On_Demand | Running])
DRV:64bit: - [2008/01/07 17:41:20 | 00,234,000 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys -- (bdfsfltr [On_Demand | Running])
DRV:64bit: - [2008/01/25 15:41:04 | 00,169,488 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif [System | Running])
DRV:64bit: - [2009/03/19 16:34:18 | 00,029,544 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV:64bit: - [2006/11/02 07:28:10 | 00,273,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV:64bit: - [2006/02/07 13:53:22 | 00,008,704 | ---- | M] (JMicron ) -- C:\Windows\SysNative\DRIVERS\JGOGO.sys -- (JGOGO [Boot | Stopped])
DRV:64bit: - [2008/02/27 17:48:46 | 00,089,488 | ---- | M] (JMicron Technology Corp.) -- C:\Windows\SysNative\DRIVERS\jraid.sys -- (JRAID [Boot | Running])
DRV:64bit: - [2008/12/19 00:46:36 | 00,035,344 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd [On_Demand | Running])
DRV:64bit: - [2008/12/19 00:47:10 | 00,055,312 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt [On_Demand | Running])
DRV:64bit: - [2008/10/27 20:29:58 | 00,043,168 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV:64bit: - [2008/12/19 00:47:18 | 00,057,872 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt [On_Demand | Running])
DRV:64bit: - [2006/11/01 01:23:42 | 00,015,680 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV:64bit: - [2008/06/27 09:40:36 | 00,399,360 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\DRIVERS\RTL8187.sys -- (RTL8187 [On_Demand | Running])
DRV:64bit: - [2007/04/02 11:56:42 | 00,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys -- (RtlProt [System | Running])
DRV:64bit: - [2009/04/28 13:08:22 | 00,871,408 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV:64bit: - [2009/03/26 15:23:46 | 00,044,544 | ---- | M] (Apple, Inc.) -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64 [On_Demand | Stopped])
DRV:64bit: - [2008/01/19 08:47:12 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV:64bit: - [2009/04/21 10:09:00 | 00,406,528 | ---- | M] (Marvell) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Running])
DRV - [2007/12/18 02:14:12 | 00,014,392 | ---- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys -- (AsIO [System | Running])
DRV - [2009/05/29 17:16:48 | 00,015,872 | ---- | M] (CybelSoft) -- C:\Program Files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64 [On_Demand | Stopped])
DRV - [2008/09/06 14:10:24 | 00,162,432 | ---- | M] () -- C:\Windows\SysWow64\DRIVERS\ithsgt.sys -- (ithsgt [Auto | Stopped])
DRV - [2009/04/28 13:17:33 | 00,012,032 | ---- | M] () -- C:\Windows\SysWow64\DRIVERS\lilsgt.sys -- (lilsgt [Auto | Stopped])
DRV - [2008/03/22 14:28:25 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2006/09/18 23:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
IE - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\S-1-5-21-631776660-4131456836-3669901470-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/07 08:06:21 | 00,000,000 | ---D | M]


O1 HOSTS File: (316746 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10869 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEToolbar.dll (Bitdefender)
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\Antispam32\IEShow.exe (BitDefender)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.EXE (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000..\Run: [SpybotSD TeaTimer] F:\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: E&xporter vers Microsoft Excel - E:\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - E:\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\..Trusted Domains: cap-divx.com ([]https in Sites de confiance)
O15 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\..Trusted Domains: gouv.fr ([static.impots] https in Sites de confiance)
O15 - HKU\S-1-5-21-631776660-4131456836-3669901470-1000\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://webscanner.kaspersky.fr/kavwebscan_unicode.cab (Reg Error: Key error.)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.8.cab (DLM Control)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/activex/MaConfig_3_5_1_0.cab (HardwareDetection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - C:\Programmes\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/02 19:01:11 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:12 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:12 | 00,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:13 | 00,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:14 | 00,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/06/07 12:57:24 | 00,749,568 | R--- | M] (Codemasters Software Co.) - H:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/05/01 12:02:10 | 00,000,067 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2009/07/02 19:01:15 | 00,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:16 | 00,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:17 | 00,000,000 | RHSD | M] - K:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:32 | 00,000,000 | RHSD | M] - M:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 19:01:33 | 00,000,000 | RHSD | M] - N:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{06d3da6e-33e5-11de-a533-001e8c7c7452}\Shell - "" = AutoRun
O33 - MountPoints2\{a40643c6-4439-11de-ba93-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a40643c6-4439-11de-ba93-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe -- [2007/06/07 12:57:24 | 00,749,568 | R--- | M] (Codemasters Software Co.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/r) - File not found
O34 - HKLM BootExecute: (\??\C:) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/07/04 19:15:17 | 00,000,520 | ---- | C] () -- M:\Documents\cc_20090704_191515.reg
[2009/07/04 08:45:50 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe
[2009/07/02 19:01:12 | 00,000,000 | RHSD | C] -- C:\winfile.exe
[2009/07/02 19:01:12 | 00,000,000 | RHSD | C] -- C:\temp2.exe
[2009/07/02 19:01:12 | 00,000,000 | RHSD | C] -- C:\temp1.exe
[2009/07/02 19:01:12 | 00,000,000 | RHSD | C] -- C:\temp.exe
[2009/07/02 19:01:12 | 00,000,000 | RHSD | C] -- C:\ntdelect.com
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\start.exe
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\sqlserv.exe
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\ravmon.log
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\ravmon.exe
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\msvcr71.dll
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\info.exe
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\host.exe
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\copy.exe
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\comment.htt
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/07/02 19:01:11 | 00,000,000 | RHSD | C] -- C:\adober.exe
[2009/07/02 18:15:57 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/07/02 18:15:57 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/07/02 18:15:57 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/07/01 21:47:39 | 00,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/30 21:32:23 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/06/30 07:56:03 | 00,007,062 | ---- | C] () -- M:\Documents\$005bLjava.lang.Object$003b$004078d878d8.pdf
[2009/06/29 12:40:15 | 00,000,000 | ---D | C] -- C:\Users\Philippe\AppData\Roaming\Bitdefender
[2009/06/29 12:40:13 | 00,002,051 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Internet Security 2008.lnk
[2009/06/29 12:39:54 | 00,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2009/06/29 12:39:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2009/06/29 08:20:30 | 03,858,520 | -H-- | C] () -- C:\Users\Philippe\AppData\Local\IconCache.db
[2009/06/29 07:52:32 | 00,001,559 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2009/06/28 22:59:03 | 00,000,000 | ---D | C] -- C:\Users\Philippe\AppData\Roaming\vlc(15)
[2009/06/27 08:12:13 | 00,310,527 | ---- | C] () -- M:\Documents\Espace Demandeurs d'emploi - site pole-emploi_fr.mht
[2009/06/20 16:21:35 | 02,586,112 | ---- | C] () -- M:\Documents\Vacances-fun.pps
[2009/06/20 14:40:05 | 00,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/20 14:35:07 | 00,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/16 08:09:34 | 00,000,000 | ---D | C] -- C:\Users\Philippe\AppData\Local\Codemasters
[2009/06/12 19:07:23 | 00,772,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2009/06/12 19:07:22 | 00,623,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\localspl.dll
[2009/06/12 19:07:21 | 01,305,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2009/06/12 19:07:21 | 00,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpcrt4.dll
[2009/06/12 19:07:20 | 09,234,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/06/12 19:07:20 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/06/12 19:07:19 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/06/12 19:07:18 | 12,454,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/06/12 19:07:18 | 02,332,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2009/06/12 19:07:18 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/06/12 19:07:18 | 01,484,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/06/12 19:07:18 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/06/12 19:07:18 | 01,146,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/06/12 19:07:18 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/06/12 19:07:18 | 00,457,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2009/06/12 19:07:18 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/06/12 19:07:17 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/06/12 19:07:17 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009/06/12 19:07:17 | 01,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2009/06/12 19:07:17 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/06/12 19:07:17 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2009/06/12 19:07:17 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/06/12 19:07:17 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/06/12 19:07:17 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2009/06/12 19:07:17 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2009/06/12 19:07:17 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/06/12 19:07:17 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2009/06/12 19:07:17 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/06/12 19:07:17 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2009/06/12 19:07:17 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/06/12 19:07:16 | 02,745,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32k.sys
[2009/06/06 20:35:59 | 02,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2009/06/06 20:35:59 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2009/06/06 20:35:59 | 00,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2009/06/06 20:35:59 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2009/06/06 20:35:58 | 05,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2009/06/06 20:35:58 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2009/06/06 20:35:57 | 00,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2009/06/06 20:35:57 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2009/06/06 20:35:57 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2009/06/06 20:35:57 | 00,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2009/06/06 20:35:57 | 00,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2009/06/06 20:35:57 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2009/06/06 20:35:57 | 00,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2009/06/06 20:35:57 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2009/05/29 23:00:33 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/05/29 23:00:22 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/01/30 19:16:55 | 00,000,109 | ---- | C] () -- C:\Windows\disney.ini
[2008/12/24 08:42:15 | 00,019,034 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008/10/07 10:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 10:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/09/25 13:37:24 | 00,000,632 | ---- | C] () -- C:\Windows\CoD.INI
[2008/09/15 18:21:19 | 00,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/09/06 14:10:24 | 00,162,432 | ---- | C] () -- C:\Windows\SysWow64\drivers\ithsgt.sys
[2008/09/06 13:21:47 | 00,012,032 | ---- | C] () -- C:\Windows\SysWow64\drivers\lilsgt.sys
[2008/07/13 00:18:25 | 00,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2008/07/13 00:18:25 | 00,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2008/06/12 12:24:41 | 00,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2008/04/12 16:40:12 | 00,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2008/03/30 09:41:41 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/03/24 20:08:33 | 01,583,338 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008/03/24 14:28:24 | 00,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008/03/24 14:28:24 | 00,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008/03/23 22:04:35 | 00,002,623 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/03/23 12:55:45 | 00,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008/03/22 15:02:17 | 00,019,410 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008/03/22 15:01:06 | 00,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007/11/26 22:56:28 | 00,151,415 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2006/11/02 14:34:27 | 00,000,254 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 14:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

========== Files - Modified Within 30 Days ==========

[6 C:\Windows\SysNative\*.tmp files]
[2009/07/04 23:52:27 | 00,081,984 | ---- | M] () -- C:\Windows\SysNative\bdod.bin
[2009/07/04 23:21:12 | 00,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9494396C-C710-4374-9AE1-AD26617122B5}.job
[2009/07/04 23:00:00 | 00,000,442 | ---- | M] () -- C:\Windows\tasks\Maintenance en 1 clic.job
[2009/07/04 21:58:03 | 00,004,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/04 21:58:03 | 00,004,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/04 19:15:19 | 00,000,520 | ---- | M] () -- M:\Documents\cc_20090704_191515.reg
[2009/07/04 18:04:05 | 02,314,858 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2009/07/04 18:04:05 | 00,676,136 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2009/07/04 18:04:04 | 01,099,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/07/04 18:04:04 | 00,586,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/07/04 18:04:04 | 00,005,368 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/07/04 17:58:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/04 17:58:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/04 17:56:55 | 03,858,520 | -H-- | M] () -- C:\Users\Philippe\AppData\Local\IconCache.db
[2009/07/04 17:56:53 | 00,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2009/07/04 17:56:47 | 00,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/07/04 08:45:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Philippe\Desktop\OTL.exe
[2009/07/03 06:53:49 | 00,316,746 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2009/07/02 18:51:56 | 00,101,752 | ---- | M] () -- C:\Users\Philippe\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/02 18:51:28 | 00,377,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/07/02 08:04:09 | 00,000,875 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090703-065349.backup
[2009/07/02 08:03:07 | 00,316,746 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-080409.backup
[2009/07/02 08:01:43 | 00,000,875 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-080307.backup
[2009/07/02 08:01:03 | 00,316,746 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-080143.backup
[2009/07/02 07:59:34 | 00,316,746 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-080103.backup
[2009/07/02 07:58:44 | 00,316,746 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-075934.backup
[2009/07/02 07:56:47 | 00,316,746 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-075844.backup
[2009/07/02 07:55:50 | 00,000,875 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-075647.backup
[2009/07/02 07:54:50 | 00,317,974 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-075550.backup
[2009/07/01 16:13:36 | 00,227,840 | ---- | M] () -- C:\Users\Philippe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/01 13:51:54 | 00,317,974 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090702-075450.backup
[2009/06/30 08:17:43 | 03,739,648 | ---- | M] () -- M:\Documents\Money.mny
[2009/06/30 08:17:43 | 00,646,614 | R--- | M] () -- M:\Documents\Money Sauvegarde.mbf
[2009/06/30 07:56:03 | 00,007,062 | ---- | M] () -- M:\Documents\$005bLjava.lang.Object$003b$004078d878d8.pdf
[2009/06/29 18:59:47 | 00,202,024 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009/06/29 12:40:13 | 00,002,051 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Internet Security 2008.lnk
[2009/06/27 08:12:13 | 00,310,527 | ---- | M] () -- M:\Documents\Espace Demandeurs d'emploi - site pole-emploi_fr.mht
[2009/06/25 22:55:08 | 00,262,144 | ---- | M] () -- C:\Windows\SPInstall.etl
[2009/06/22 17:02:08 | 00,308,427 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090701-135154.backup
[2009/06/20 16:21:35 | 02,586,112 | ---- | M] () -- M:\Documents\Vacances-fun.pps
[2009/06/20 15:47:31 | 00,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/06/20 14:35:07 | 00,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/06/17 11:27:46 | 00,022,040 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/06/14 20:28:08 | 00,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/06/09 17:16:26 | 00,001,356 | ---- | M] () -- C:\Users\Philippe\AppData\Local\d3d9caps.dat
[2009/06/05 18:36:19 | 00,308,398 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20090622-170208.backup

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
<End>
Corsica58
 
Messages: 12
Inscription: 02 Avr 2009, 11:47

Messagede Corsica58 » 04 Juil 2009, 23:02

Second envoi Extras.Txt
OTL Extras logfile created on: 04/07/2009 23:53:15 - Run 1
OTL by OldTimer - Version 3.0.6.4 Folder = C:\Users\Philippe\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 49,47% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 8,79 Gb Free Space | 17,99% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 48,51 Gb Free Space | 99,35% Space Free | Partition Type: NTFS
Drive E: | 82,03 Gb Total Space | 77,18 Gb Free Space | 94,09% Space Free | Partition Type: NTFS
Drive F: | 82,03 Gb Total Space | 65,85 Gb Free Space | 80,28% Space Free | Partition Type: NTFS
Drive G: | 85,20 Gb Total Space | 32,37 Gb Free Space | 37,99% Space Free | Partition Type: NTFS
Drive H: | 5,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 56,87 Gb Total Space | 37,92 Gb Free Space | 66,69% Space Free | Partition Type: NTFS
Drive J: | 86,43 Gb Total Space | 86,34 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive K: | 89,58 Gb Total Space | 89,48 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
Drive M: | 44,39 Gb Total Space | 43,79 Gb Free Space | 98,65% Space Free | Partition Type: NTFS
Drive N: | 46,52 Gb Total Space | 46,42 Gb Free Space | 99,80% Space Free | Partition Type: NTFS

Computer Name: PC-DE-PHILIPPE
Current User Name: Philippe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 88 4D DC 39 3E 92 C8 01 [binary data]
"VistaSp2" = 7F 55 AB F2 A2 E0 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

{112ed534-f5c2-4b36-bd45-200fc6070363} = lport=2869 | protocol=6 | dir=in | app=system |
{2fdade16-d96f-482d-92cf-18ee39f74f6a} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
{5c4a22e8-0045-4432-9406-9475b91b0583} = lport=6004 | protocol=17 | dir=in | app=e:\office12\outlook.exe |
{786a8b68-5797-4cd9-a58e-496ec210b967} = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
{bdaf6aa8-c750-42f5-9966-23b280da8e7c} = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |

========== Vista Active Application Exception List ==========

{016c1b50-049c-4e3f-a2a0-a32c38c26d0d} = protocol=6 | dir=in | app=d:\itunes.exe |
{089bc797-3033-4698-87dc-4719874c687a} = protocol=17 | dir=in | app=k:\jeux\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
{105643d2-e11c-42f7-84a4-722fc4b33c28} = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
{16e01ae5-56db-4eae-a8ca-f3c46e91429a} = protocol=6 | dir=in | app=i:\la bataille pour la terre du milieu ii\game.dat |
{1ba71438-cf79-48e4-899b-b591f1382467} = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
{2cbea825-9d48-419a-baf4-fbf611602d48} = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{58563749-1306-4087-b0a6-736b5bfd0694} = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
{6b5879cd-48e5-4cd2-9f0a-8764697f088c} = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
{76a44795-cf31-43a0-a484-852e42287d05} = protocol=6 | dir=in | app=i:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
{836cbfe9-936c-481b-a6f9-b4c1f42e9583} = protocol=6 | dir=in | app=k:\jeux\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
{88d477f5-e945-4408-b175-1227cebfb60d} = protocol=17 | dir=in | app=i:\la bataille pour la terre du milieu ii\game.dat |
{8cbe82f1-53b3-43bf-89dc-34d420ff5b9c} = protocol=6 | dir=in | app=i:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
{9604f4e6-b453-4549-bed2-a58a95aa13e1} = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
{9cdb5493-ea7c-43c3-9058-ed1df2d8d7ea} = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{adbd5b34-8abd-4eed-bf9a-99d1a3c16f61} = protocol=17 | dir=in | app=c:\program files (x86)\ma-config.com\maconfservice.exe |
{b9903ca8-94b1-44cb-9d6c-6e2bc07734eb} = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
{c6263297-2a7c-40aa-812a-3c3fd5997184} = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
{c916469b-ff69-4072-9826-793ef7bd27a7} = protocol=17 | dir=in | app=k:\jeux\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
{d12fb9bd-2a3e-4bc1-9c85-81833465d091} = protocol=17 | dir=in | app=i:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\xrengine.exe |
{d40f34ca-e00d-4bdc-b31b-3d034c6edfea} = protocol=17 | dir=in | app=d:\itunes.exe |
{ddd805a9-53d4-4c2d-98eb-bac4baacf8a5} = protocol=17 | dir=in | app=i:\program files (x86)\deep silver\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
{df0d6a14-3403-4f7e-9cca-87b47180df1f} = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
{f71baf73-a9cb-4915-a0ba-5bf26e00ffd2} = protocol=6 | dir=in | app=k:\jeux\s.t.a.l.k.e.r. - clear sky\bin\dedicated\xrengine.exe |
{f7374011-02dd-479a-a83e-aa1ede926b23} = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{f7ab5655-dda3-4917-b7d5-cc997d379e0d} = protocol=6 | dir=in | app=c:\program files (x86)\ma-config.com\maconfservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{17E02F38-FF2D-4c3d-83DF-ECE2A1D20A5E}" = AIO_CDB_ToolboxIni64
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{4FD01CB0-EC34-4199-8037-08DE3E64A0A3}" = BitDefender Internet Security 2008
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{AE303591-1BFC-48B3-881B-655298C4EDE0}" = iTunes
"{BA1035C7-14DE-4857-8285-4ACFC74172EC}" = Apple Mobile Device Support
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{059C042E-796A-4ACC-A81A-ECC2010BB78C}" = Windows Live Messenger
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 14
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{422FADA9-FED2-41D7-B5FA-472BB98B7784}" = Petit Larousse 2008
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5A8892A3-36BB-411E-85AA-6AEA544D028B}" = Far Cry (Patch 1.4)
"{5FA88830-5B3D-497B-88B5-8DD82BB7BC74}" = Far Cry (Patch 2)
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C4D4FC0-467B-4BD7-8D11-50E49B2770D2}" = Ma-Config.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Analyseur et SDK MSXML 4.0 SP2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7370DF47-B4F9-4279-BFC3-3F09919F720D}" = Installation Windows Live
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1036}" = Nero 8
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}" = Thrustmaster Force Feedback Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUSR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUSR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUSR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_PROPLUSR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUSR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUSR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{91120000-0011-0000-0000-0000000FF1CE}_PROPLUSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1036-7B44-A91000000001}" = Adobe Reader 9.1.2 - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD3891EA-5731-4AEA-8B9D-D9AE5F92542A}" = HP Print Diagnostic Utility
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{D792A069-B96B-40BA-BCB4-E5651A6E5926}" = Far Cry (Patch 1)
"{DB3A97C0-EEC1-43FE-AB56-E2EA972CF111}" = 1600
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E47BA573-BBC4-40C1-8A7D-B25F2F2B0DAE}" = Far Cry (Patch 1.32)
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Air Combat Simulation
"{EA79DC46-98B0-4A26-A76F-448A032E5E4D}" = 1600Trb
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F69FD33C-8815-46BF-9134-A643DE68F3C0}" = WinFast(R) Display Driver
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FEA5A8ED-93A1-44EE-9A7D-43103DB3F78D}" = 1600_Help
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.0
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"eMule" = eMule
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money
"OpenAL" = OpenAL
"PROPLUSR" = Microsoft Office Professional Plus 2007
"PunkBusterSvc" = PunkBuster Services
"SpywareBlaster_is1" = SpywareBlaster 4.2
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Installation Windows Live
"WinRAR archiver" = Archiveur WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Live Search" = Notification Live Search

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/05/2009 17:05:09 | Computer Name = PC-de-Philippe | Source = Perflib | ID = 1008
Description =

Error - 08/05/2009 01:54:43 | Computer Name = PC-de-Philippe | Source = SideBySide | ID = 16842830
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe ». Erreur dans le fichier de
manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire
à l’application est en conflit avec une autre version de composant déjà active. Les
composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.

Error - 08/05/2009 01:54:43 | Computer Name = PC-de-Philippe | Source = SideBySide | ID = 16842830
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe ». Erreur dans le fichier de
manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire
à l’application est en conflit avec une autre version de composant déjà active. Les
composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.

Error - 08/05/2009 01:54:43 | Computer Name = PC-de-Philippe | Source = SideBySide | ID = 16842830
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe ». Erreur dans le fichier de manifeste
ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application
est en conflit avec une autre version de composant déjà active. Les composants en
conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.

Error - 08/05/2009 01:54:43 | Computer Name = PC-de-Philippe | Source = SideBySide | ID = 16842830
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe ». Erreur dans le fichier de manifeste
ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application
est en conflit avec une autre version de composant déjà active. Les composants en
conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.

Error - 08/05/2009 01:54:44 | Computer Name = PC-de-Philippe | Source = SideBySide | ID = 16842830
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe ». Erreur dans le fichier de manifeste
ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application
est en conflit avec une autre version de composant déjà active. Les composants en
conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 08/05/2009 01:54:44 | Computer Name = PC-de-Philippe | Source = SideBySide | ID = 16842830
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe ». Erreur dans le fichier de manifeste
ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application
est en conflit avec une autre version de composant déjà active. Les composants en
conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 09/05/2009 01:35:44 | Computer Name = PC-de-Philippe | Source = SideBySide | ID = 16842830
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe ». Erreur dans le fichier de
manifeste ou de stratégie «  » à la ligne . Une version de composant nécessaire
à l’application est en conflit avec une autre version de composant déjà active. Les
composants en conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.

Error - 09/05/2009 01:35:44 | Computer Name = PC-de-Philippe | Source = SideBySide | ID = 16842830
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe ». Erreur dans le fichier de manifeste
ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application
est en conflit avec une autre version de composant déjà active. Les composants en
conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.

Error - 09/05/2009 01:35:45 | Computer Name = PC-de-Philippe | Source = SideBySide | ID = 16842830
Description = La création du contexte d’activation a échoué pour « C:\Program Files
(x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe ». Erreur dans le fichier de manifeste
ou de stratégie «  » à la ligne . Une version de composant nécessaire à l’application
est en conflit avec une autre version de composant déjà active. Les composants en
conflit sont : Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Composant
2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

[ Media Center Events ]
Error - 17/04/2008 13:46:14 | Computer Name = PC-de-Philippe | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete : échec du téléchargement du package
MCESpotlight.

[ OSession Events ]
Error - 25/05/2009 01:50:27 | Computer Name = PC-de-Philippe | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/07/2009 08:11:13 | Computer Name = PC-de-Philippe | Source = Service Control Manager | ID = 7000
Description =

Error - 04/07/2009 08:11:14 | Computer Name = PC-de-Philippe | Source = Service Control Manager | ID = 7000
Description =

Error - 04/07/2009 08:11:26 | Computer Name = PC-de-Philippe | Source = Service Control Manager | ID = 7000
Description =

Error - 04/07/2009 11:58:14 | Computer Name = PC-de-Philippe | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\DRIVERS\ithsgt.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 04/07/2009 11:58:14 | Computer Name = PC-de-Philippe | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\DRIVERS\lilsgt.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 04/07/2009 11:58:16 | Computer Name = PC-de-Philippe | Source = Service Control Manager | ID = 7000
Description =

Error - 04/07/2009 11:58:16 | Computer Name = PC-de-Philippe | Source = Service Control Manager | ID = 7000
Description =

Error - 04/07/2009 11:58:16 | Computer Name = PC-de-Philippe | Source = Service Control Manager | ID = 7000
Description =

Error - 04/07/2009 11:58:31 | Computer Name = PC-de-Philippe | Source = Service Control Manager | ID = 7000
Description =

Error - 04/07/2009 17:13:25 | Computer Name = PC-de-Philippe | Source = yukonx64 | ID = 458845
Description = MAC FIFO status 1


<End>
Corsica58
 
Messages: 12
Inscription: 02 Avr 2009, 11:47

Messagede Corsica58 » 06 Juil 2009, 11:20

Bonjour

Toujours pas de réponse suite à la transmission de mes deux logs OTL ?

Merco
Corsica58
 
Messages: 12
Inscription: 02 Avr 2009, 11:47

Messagede nickW » 07 Juil 2009, 00:25

Bonsoir,

Le second log (Extras) montre seulement que deux pilotes sont incompatibles avec la version du système (64bit): ithsgt et lilsgt.
Je n'ai pas trouvé de renseignements concluants sur ces deux pilotes.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede Corsica58 » 07 Juil 2009, 06:57

Bonjour Nickw

Merci à toi pour l'analyse des logs ; tu conclues donc à la disparition de toute trace d'infection mais deux pilotes semblent incompatibles avec le système ? est ce irréversible où est ce que je peux y remédier ?
Merci encore pour ta disponibilité et ton efficacité !
Corsica58
 
Messages: 12
Inscription: 02 Avr 2009, 11:47


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 43 invités