demande d'analyse de log

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

demande d'analyse de log

Messagede boyboy-_^ » 14 Aoû 2010, 20:58

Bonjour,
J'ai récupérer l'ordinateur portable de ma sœur qui a certainement été infecté et je fais maintenant appel à votre aide car après l'avoir passé au crible par l'antivirus et spybot je n'ai rien trouvé...

Signe d'infection :
- Sous vista, l'écran devient noir pendant plusieurs seconde puis l'image réapparait.
- Lorsqu'on utilise la roulette de défilement, seulement 1cm en haut et 1 cm en bas défile. Le reste de l'écran est figé. Il faut réduire la fenêtre et la rouvrir pour que la fenêtre sois lisible.
- idem pour les photos.
- ralentissement du système.

Merci de votre aide.
boyboy-_^
 
Messages: 14
Inscription: 30 Nov 2009, 23:03

Messagede boyboy-_^ » 14 Aoû 2010, 20:59

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4427

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

14/08/2010 21:54:24
mbam-log-2010-08-14 (21-54-24).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 136514
Temps écoulé: 6 minute(s), 31 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
boyboy-_^
 
Messages: 14
Inscription: 30 Nov 2009, 23:03

Messagede boyboy-_^ » 14 Aoû 2010, 20:59

OTL logfile created on: 14/08/2010 16:44:25 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Marlène\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,73 Gb Total Space | 9,16 Gb Free Space | 6,37% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 20,04 Gb Free Space | 13,44% Space Free | Partition Type: NTFS
Drive E: | 5,32 Gb Total Space | 1,28 Gb Free Space | 24,12% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-MARLÈNE
Current User Name: Marlène
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/14 16:14:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Marlène\Desktop\OTL.exe
PRC - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/24 12:50:51 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/12/04 13:39:50 | 000,046,704 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


========== Modules (SafeList) ==========

MOD - [2010/08/14 16:14:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Marlène\Desktop\OTL.exe
MOD - [2009/09/25 04:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/04/11 08:28:24 | 000,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009/04/11 08:28:23 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009/04/11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009/04/11 08:28:22 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009/04/11 08:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/04/11 08:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/04/11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 09:36:40 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2008/01/19 09:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/19 09:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008/01/19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2006/11/02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/02 16:09:44 | 000,444,288 | ---- | M] (Canal+ Distribution) [Disabled | Stopped] -- C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe -- (Service CANALPLAY)
SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/21 14:33:58 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/13 23:18:12 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/05/13 16:47:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/06/20 13:08:08 | 000,065,536 | ---- | M] (France Telecom SA) [Disabled | Stopped] -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2008/03/22 23:44:03 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [Disabled | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/12/20 11:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007/10/15 17:45:12 | 000,181,312 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe -- (ScsiAccess)
SRV - [2006/11/24 16:34:20 | 000,118,877 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/24 16:34:16 | 000,270,431 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/06/26 10:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2005/04/04 19:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/11/25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/05/11 10:11:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 06:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Pilote USB audio (WDM)
DRV - [2009/03/30 10:32:47 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:34:33 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/05/02 10:58:14 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/02/28 21:37:53 | 000,715,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/01/19 06:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Pilote de la connexion réseau Intel(R)
DRV - [2006/12/18 23:31:46 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2006/12/18 23:31:46 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2006/12/07 06:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/28 22:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2006/11/28 22:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/11/21 14:54:08 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/21 14:54:08 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/21 14:54:06 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/19 13:32:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/16 11:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/16 06:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/16 04:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/15 07:24:00 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/09 11:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Pilote de carte réseau Intel(R)
DRV - [2006/11/02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 09:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/19 04:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 13:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/10/14 13:36:36 | 000,032,256 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yuanmodbda2.sys -- (MODBDA2)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 10:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/06/02 20:28:38 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005/02/09 13:59:00 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-855578019-2022893321-3212055799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-855578019-2022893321-3212055799-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-855578019-2022893321-3212055799-1000\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll ()
IE - HKU\S-1-5-21-855578019-2022893321-3212055799-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-855578019-2022893321-3212055799-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.2.106
FF - prefs.js..extensions.enabledItems: {B922D405-6D13-4A2B-AE89-08A030DA4402}:1.1
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100314
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.90
FF - prefs.js..keyword.URL: "http://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 14:43:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 14:43:33 | 000,000,000 | ---D | M]

[2009/04/05 15:53:11 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\mozilla\Extensions
[2009/04/05 15:53:11 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010/08/14 12:44:47 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\cmdl5t78.default\extensions
[2010/04/11 12:04:20 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\cmdl5t78.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2009/09/03 09:57:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\cmdl5t78.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/11 12:04:20 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\cmdl5t78.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/04/11 12:04:10 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\cmdl5t78.default\extensions\nasanightlaunch@example.com
[2010/07/20 15:24:16 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\cmdl5t78.default\extensions\toolbar@ask.com
[2010/04/11 12:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marlène\AppData\Roaming\mozilla\Firefox\Profiles\cmdl5t78.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/08/14 12:44:47 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/31 15:43:03 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\mozilla firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009/07/31 15:43:07 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\search@searchsettings.com
[2009/11/19 23:54:15 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/11/19 23:54:15 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2009/11/19 23:54:15 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/11/19 23:54:15 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/11/19 23:54:15 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/08/14 01:31:03 | 000,317,652 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10897 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-855578019-2022893321-3212055799-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-855578019-2022893321-3212055799-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-855578019-2022893321-3212055799-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-855578019-2022893321-3212055799-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Marlène\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: canalplay.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: canalplusactive.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-855578019-2022893321-3212055799-1000\..Trusted Domains: atmo-rhonealpes.org ([ssl] https in Trusted sites)
O15 - HKU\S-1-5-21-855578019-2022893321-3212055799-1000\..Trusted Domains: canalplay.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-855578019-2022893321-3212055799-1000\..Trusted Domains: canalplusactive.com ([]* in Trusted sites)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mypix.com/fr/fr/importer/new ... oader5.cab (Image Uploader Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messenger ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} https://www.vm-wl.com/DownloadManager/R ... ownMan.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Marlène\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marlène\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/28 23:11:21 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{658a6b5a-3a42-11de-8e9d-001a6b208035}\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{658a6b5a-3a42-11de-8e9d-001a6b208035}\Shell\Shell00\Command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{658a6b5a-3a42-11de-8e9d-001a6b208035}\Shell\Shell01\Command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{658a6b5a-3a42-11de-8e9d-001a6b208035}\Shell\Shell02\Command - "" = G:\Autorun.exe -- File not found
O33 - MountPoints2\{9997ab71-4dbe-11de-a5a9-001a6b208035}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found
O33 - MountPoints2\{bdecaff9-a3a2-11dd-9120-001a6b208035}\Shell - "" = AutoRun
O33 - MountPoints2\{bdecaff9-a3a2-11dd-9120-001a6b208035}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c978704d-065c-11dd-9091-001a6b208035}\Shell - "" = AutoRun
O33 - MountPoints2\{c978704d-065c-11dd-9091-001a6b208035}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ef8d0380-ea4d-11dd-9bf1-001a6b208035}\Shell\AutoRun\command - "" = fooool.exe
O33 - MountPoints2\{ef8d0380-ea4d-11dd-9bf1-001a6b208035}\Shell\explore\Command - "" = fooool.exe
O33 - MountPoints2\{ef8d0380-ea4d-11dd-9bf1-001a6b208035}\Shell\open\Command - "" = fooool.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/08/14 16:17:20 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/14 16:16:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/14 16:13:59 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Marlène\Desktop\OTL.exe
[2010/08/14 13:11:35 | 000,000,000 | ---D | C] -- C:\Users\Marlène\AppData\Roaming\Malwarebytes
[2010/08/14 13:11:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/14 13:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/14 13:11:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/14 13:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/14 13:07:48 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marlène\Desktop\malwarebytes-anti-malware_malwarebytes_anti-malware_1.46_francais_215092.exe
[2010/08/11 00:13:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/11 00:13:29 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/11 00:13:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/11 00:13:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/11 00:13:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/11 00:13:25 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/11 00:13:25 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/11 00:13:25 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/11 00:13:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/11 00:13:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/11 00:13:25 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/11 00:13:25 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/11 00:13:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/11 00:13:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/11 00:13:24 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/11 00:13:20 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/11 00:12:59 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/11 00:12:50 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/11 00:11:55 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/11 00:11:54 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/04 14:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\Betclic Poker.fr
[2010/07/20 15:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\BeClean
[2010/07/19 23:05:13 | 000,000,000 | ---D | C] -- C:\Users\Marlène\Desktop\Nouveau dossier
[2004/11/24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll

========== Files - Modified Within 30 Days ==========

[2010/08/14 16:46:05 | 007,864,320 | ---- | M] () -- C:\Users\Marlène\ntuser.dat
[2010/08/14 16:45:25 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CEDB0EA-24C5-449C-B8DC-791E78BA9B82}.job
[2010/08/14 16:36:39 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/14 16:36:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/14 16:35:49 | 000,095,369 | ---- | M] () -- C:\Users\Marlène\AppData\Roaming\nvModes.001
[2010/08/14 16:33:58 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/08/14 16:33:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/14 16:33:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/14 16:33:00 | 2145,443,840 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/14 16:31:40 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/14 16:31:35 | 000,524,288 | -HS- | M] () -- C:\Users\Marlène\NTUSER.DAT{1846f127-f857-11dc-85e4-001a6b208035}.TMContainer00000000000000000001.regtrans-ms
[2010/08/14 16:31:35 | 000,065,536 | -HS- | M] () -- C:\Users\Marlène\NTUSER.DAT{1846f127-f857-11dc-85e4-001a6b208035}.TM.blf
[2010/08/14 16:31:34 | 006,291,456 | -H-- | M] () -- C:\Users\Marlène\AppData\Local\IconCache.db
[2010/08/14 16:16:26 | 000,000,915 | ---- | M] () -- C:\Users\Marlène\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/14 16:16:22 | 000,000,735 | ---- | M] () -- C:\Users\Marlène\Desktop\NTREGOPT.lnk
[2010/08/14 16:16:22 | 000,000,716 | ---- | M] () -- C:\Users\Marlène\Desktop\ERUNT.lnk
[2010/08/14 16:14:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Marlène\Desktop\OTL.exe
[2010/08/14 13:11:24 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/14 13:07:49 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marlène\Desktop\malwarebytes-anti-malware_malwarebytes_anti-malware_1.46_francais_215092.exe
[2010/08/11 08:35:34 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010/08/11 08:35:33 | 000,000,680 | ---- | M] () -- C:\Users\Marlène\AppData\Local\d3d9caps.dat
[2010/08/11 03:27:17 | 001,040,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/10 21:56:02 | 000,148,992 | ---- | M] () -- C:\Users\Marlène\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/08 23:30:04 | 000,876,389 | ---- | M] () -- C:\Users\Marlène\Desktop\photo yoyo.docx
[2010/08/08 20:51:18 | 000,095,369 | ---- | M] () -- C:\Users\Marlène\AppData\Roaming\nvModes.dat
[2010/08/08 20:07:28 | 000,000,036 | ---- | M] () -- C:\Users\Marlène\AppData\Local\housecall.guid.cache
[2010/08/04 16:40:20 | 000,001,107 | ---- | M] () -- C:\Windows\win.ini
[2010/08/04 14:18:26 | 000,001,774 | ---- | M] () -- C:\Users\Public\Desktop\Betclic Poker.fr.lnk
[2010/07/27 20:34:22 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/07/26 21:22:20 | 000,158,499 | ---- | M] () -- C:\Users\Marlène\Desktop\P1020139.JPG
[2010/07/23 18:14:56 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\Maintenance en 1 clic.job
[2010/07/22 22:48:35 | 001,503,662 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/22 22:48:35 | 000,681,798 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/07/22 22:48:35 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/22 22:48:35 | 000,127,504 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/07/22 22:48:35 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/21 14:23:44 | 000,774,418 | ---- | M] () -- C:\Users\Marlène\Desktop\P1150553.JPG
[2010/07/20 20:42:40 | 000,049,280 | ---- | M] () -- C:\Users\Marlène\Desktop\yoyo.jpg
[2010/07/20 15:04:22 | 000,000,820 | ---- | M] () -- C:\Users\Marlène\Desktop\BeClean.lnk
[2010/07/18 19:29:50 | 000,714,789 | ---- | M] () -- C:\Users\Marlène\Desktop\P1150537.JPG
[2010/07/18 19:29:38 | 000,790,469 | ---- | M] () -- C:\Users\Marlène\Desktop\P1150534.JPG

========== Files Created - No Company Name ==========

[2010/08/14 16:16:26 | 000,000,915 | ---- | C] () -- C:\Users\Marlène\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/08/14 16:16:22 | 000,000,735 | ---- | C] () -- C:\Users\Marlène\Desktop\NTREGOPT.lnk
[2010/08/14 16:16:22 | 000,000,716 | ---- | C] () -- C:\Users\Marlène\Desktop\ERUNT.lnk
[2010/08/14 13:11:24 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/08 20:07:28 | 000,000,036 | ---- | C] () -- C:\Users\Marlène\AppData\Local\housecall.guid.cache
[2010/08/04 14:18:26 | 000,001,774 | ---- | C] () -- C:\Users\Public\Desktop\Betclic Poker.fr.lnk
[2010/07/26 21:29:26 | 000,403,410 | ---- | C] () -- C:\Users\Marlène\Desktop\P1100755.JPG
[2010/07/26 21:21:48 | 000,158,499 | ---- | C] () -- C:\Users\Marlène\Desktop\P1020139.JPG
[2010/07/26 21:07:56 | 000,790,469 | ---- | C] () -- C:\Users\Marlène\Desktop\P1150534.JPG
[2010/07/26 21:07:44 | 000,714,789 | ---- | C] () -- C:\Users\Marlène\Desktop\P1150537.JPG
[2010/07/26 21:07:19 | 000,774,418 | ---- | C] () -- C:\Users\Marlène\Desktop\P1150553.JPG
[2010/07/20 20:43:18 | 000,049,280 | ---- | C] () -- C:\Users\Marlène\Desktop\yoyo.jpg
[2010/07/20 15:04:22 | 000,000,820 | ---- | C] () -- C:\Users\Marlène\Desktop\BeClean.lnk
[2010/06/08 19:16:25 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/12/28 00:22:41 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2009/09/11 06:49:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/31 15:42:03 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/04/02 22:38:36 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/04/02 22:38:32 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/04/02 22:38:32 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/02 22:38:30 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/04/02 22:38:30 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/02/29 14:35:39 | 000,086,016 | ---- | C] () -- C:\Windows\System32\DVResampleru.dll
[2008/02/28 23:29:12 | 000,194,248 | ---- | C] () -- C:\Windows\System32\LTRFD13n.DLL
[2008/02/28 23:11:14 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2008/02/28 23:11:14 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2008/02/28 23:11:14 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2008/02/28 23:11:14 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2008/02/28 23:11:14 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2008/02/04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2007/06/21 15:12:12 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2007/06/20 11:07:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007/06/20 11:07:48 | 000,471,552 | ---- | C] () -- C:\Windows\System32\Smab.dll
[2007/06/17 11:47:08 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2007/03/27 09:15:19 | 000,715,248 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2006/11/29 09:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 18:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 00:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 00:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/08 06:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/12/20 19:24:03 | 001,663,068 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2004/10/12 08:40:58 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2004/10/12 08:39:48 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2004/10/12 08:39:08 | 000,110,592 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2004/10/09 08:40:16 | 000,454,144 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2004/10/05 10:16:08 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2004/10/03 19:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/04/02 22:46:14 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\Broad Intelligence
[2010/06/08 19:16:37 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\Canneverbe Limited
[2008/02/28 22:22:33 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\DAEMON Tools
[2009/07/23 15:15:44 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\DNA
[2007/06/17 11:41:28 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\Netscape
[2009/04/02 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\OpenCandy
[2007/03/29 20:40:17 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\Opera
[2007/06/17 11:40:11 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\Photodex
[2007/03/22 15:30:50 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\Quark
[2008/03/22 23:44:22 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\TuneUp Software
[2010/06/22 13:20:29 | 000,000,000 | ---D | M] -- C:\Users\Marlène\AppData\Roaming\uTorrent
[2010/07/23 18:14:56 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\Maintenance en 1 clic.job
[2010/08/14 16:31:42 | 000,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/14 16:45:25 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CEDB0EA-24C5-449C-B8DC-791E78BA9B82}.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

<MD5>
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/14 04:08:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/14 04:08:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/14 04:08:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

<MD5>
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

<MD5>
[2008/01/19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

<MD5>
[2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

<MD5>
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

<MD5>
[2008/01/19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

<systemroot>

<systemroot>
[2009/04/11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

<systemroot>
<End>
boyboy-_^
 
Messages: 14
Inscription: 30 Nov 2009, 23:03

Messagede boyboy-_^ » 14 Aoû 2010, 21:00

OTL Extras logfile created on: 14/08/2010 16:44:25 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Marlène\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143,73 Gb Total Space | 9,16 Gb Free Space | 6,37% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 20,04 Gb Free Space | 13,44% Space Free | Partition Type: NTFS
Drive E: | 5,32 Gb Total Space | 1,28 Gb Free Space | 24,12% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-DE-MARLÈNE
Current User Name: Marlène
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-855578019-2022893321-3212055799-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-855578019-2022893321-3212055799-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe" = C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{577F985D-C1DF-4603-AEC5-38C3CFD7E2EE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7E1DE1AE-6C45-4F22-A074-7A5802AFB7AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C3EFE55A-788F-48F5-A572-D96DB409C332}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{009EDB12-E508-451D-B882-EE00ABE52986}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{079C8991-879E-472D-83D3-0B26AA95E49F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0811AA08-D272-4AB8-87EB-2329FB6A03C1}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe |
"{099DF574-EC17-48F3-9051-43C912B96727}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BA5CB7F-0C67-47F5-884D-73DAB689BFAF}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\pmsregisterfile.exe |
"{2BDF0D35-24D7-479B-99C6-DFA45E64B027}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2DDFC844-DFCA-4249-8281-51962BA04EC0}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3F90D802-1ACE-4C75-9C40-93CF781CA616}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\pmsregisterfile.exe |
"{57E8E52D-2D6F-4859-B0B2-BAABA48FCBA8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5C0D3DD8-0138-4391-BFD2-350E91CFB53D}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\studio.exe |
"{5DDF0F5B-C0CB-4DAF-802C-AAB4FAE4A2EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{64173529-28D1-49A7-A5C6-4E966F114103}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\umi.exe |
"{6BC66887-A74B-47C3-BC7C-8378A4F64A3A}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{705B04B7-9966-46E8-85D1-9D3981D023A6}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe |
"{7A660B3B-F761-49BE-837E-5B30826FCDE5}" = protocol=17 | dir=in | app=h:\emule0.49c\emule0.49c\emule.exe |
"{8E260837-93CC-4F1B-93AE-C70C8B4849E0}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{8FCE5B1F-7750-4354-AB63-8F4F446E0DE3}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{9A1DF506-567B-407A-8363-93A7D9E6BA77}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9A651A86-56CC-4762-B314-D2DDB3B36AA7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9B1C1AA9-85BC-4529-9A0E-50A228ABA338}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{A341B4DA-5A2A-4E10-899E-4521CC649445}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{A813B29D-D5BF-4C8D-B799-8D1BF8E5FC53}" = protocol=6 | dir=in | app=h:\emule0.49c\emule0.49c\emule.exe |
"{AAACBC2B-4D2E-4A01-A2FE-D4489AF6094B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B46C7BE5-4EA2-4A67-AADF-389B8DC1917A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B62282DB-62DE-48A2-A5C3-2C0A8362F17B}" = protocol=6 | dir=in | app=c:\program files\lecteur canalplay\canalplayer.exe |
"{BA8F6CA3-1658-4E56-A7BD-543FEF066B7A}" = protocol=17 | dir=in | app=c:\program files\lecteur canalplay\canalplayer.exe |
"{BD1E72A1-50A2-4E88-9F99-634AA678E149}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\studio.exe |
"{CEF55390-FFB9-4775-A44F-BCE154C5851C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E443FDF6-5D3D-46E1-AC58-1846F76E0E34}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\rm.exe |
"{EB716B97-419C-45E3-BF2D-FA8473FDF163}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\rm.exe |
"{F4F9DE91-C632-45C9-BA80-AC17767FAD4A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F625F2B8-9DB9-4CF1-9CE4-FD7C9E1A5A85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA07FA9E-2704-4941-AF24-F21BCA4C9431}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\umi.exe |
"TCP Query User{04D68D23-0215-4B1A-BF4E-06AECF3522E8}C:\users\marlène\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\marlène\program files\dna\btdna.exe |
"TCP Query User{084F124D-B006-46ED-96D7-B0115F469CEE}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{5106D5D2-6C8B-4B6D-AB2D-5FC100493529}C:\users\marlène\appdata\local\temp\7zo9d62.tmp\emule.exe" = protocol=6 | dir=in | app=c:\users\marlène\appdata\local\temp\7zo9d62.tmp\emule.exe |
"TCP Query User{81B42FC1-5424-43AA-B4F4-47CC00283D17}C:\program files\pinnacle\studio 10\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 10\programs\studio.exe |
"TCP Query User{C6C2B6E7-FF2C-463E-81CF-055AD6C0D092}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D1EF6CD8-C1EC-4F53-BB83-A1AE171FE11A}C:\program files\pando networks\pando\pando.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\pando\pando.exe |
"TCP Query User{E504990E-36E6-4F4E-AABF-7309115483B6}C:\users\marlène\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\marlène\program files\dna\btdna.exe |
"TCP Query User{F9897E9A-17A8-491E-B5F7-86CA00944048}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{14BEB826-966E-4B29-B172-BD9DAFEC6E45}C:\users\marlène\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\marlène\program files\dna\btdna.exe |
"UDP Query User{4286D234-E28F-41EF-A528-DA1D93C4EB19}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{7611015F-ED3C-45C8-9804-A5508ED1A471}C:\users\marlène\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\marlène\program files\dna\btdna.exe |
"UDP Query User{7A20D018-9272-4552-A49F-BF03E57DE51A}C:\users\marlène\appdata\local\temp\7zo9d62.tmp\emule.exe" = protocol=17 | dir=in | app=c:\users\marlène\appdata\local\temp\7zo9d62.tmp\emule.exe |
"UDP Query User{BD2B0B99-BC8E-4822-B8A1-379DA66BA3B7}C:\program files\pinnacle\studio 10\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 10\programs\studio.exe |
"UDP Query User{BF81DB11-56F7-4F47-A10E-6885BB180939}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{C368D6CA-5EAE-4229-ADD1-3EE06105DA8F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C64F3568-5F7C-4DDD-A5A2-D07DC8532C1C}C:\program files\pando networks\pando\pando.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\pando\pando.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0721913a-0591-42e0-a3c8-f2d04bf68a0d}" = Nero 9 Lite
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{17342E3B-0818-4A6F-BFF8-99476605ADD6}" = livebox
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Outil de téléchargement Windows Live
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{32A3A4F4-B792-11D6-A78A-00B0D0150150}" = J2SE Development Kit 5.0 Update 15
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CB05291-F546-458E-A796-B5BCF5A3CDC4}" = Studio 10
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3E3A110A-7FAE-4DC0-8E39-BAFFE89724B6}" = HP User Guide 0049
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{46ABBC54-1872-4AA3-95E2-F2C063A63F31}" = Installation Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1
"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}" = Adobe Premiere Elements 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}" = Microsoft Works
"{6EACDDF4-4220-49A3-9204-984C86852C3D}" = Adobe Premiere Elements 3.0 Templates
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770F1BEC-2871-4E70-B837-FB8525FFA3B1}" = Windows Live Messenger
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.3100
"{AA9D879B-0F98-4059-85A5-D05718A1D6F7}" = Creative ZEN V Series
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1036-7B44-A80000000002}" = Adobe Reader 8 - Français
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DC53BB56-FBB5-47BE-B342-E43CC83C0ECF}" = Sony Vegas 6.0c
"{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}" = Assistant de connexion Windows Live
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E9E37358-E3E1-47BA-9E21-375EF3616BC9}" = Lecteur CANALPLAY 2.5
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.1
"{FF1482CF-D19B-44DD-B887-9698CB51DFD5}" = Studio 10.8 Patch
"{ORAHSS}.UninstallSuite" = Orange - Logiciels Internet
"7-Zip" = 7-Zip 4.42
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BeClean_is1" = BeClean
"Betclic Poker.fr" = Betclic Poker.fr (Remove Only)
"CCleaner" = CCleaner (remove only)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = Soft Data Fax Modem with SmartCP
"Creative Audio Pack" = Pack audio Creative
"Creative Removable Disk Manager" = Gestionnaire de disques amovible Creative
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ERUNT_is1" = ERUNT 1.1j
"Hollywood FX for Studio" = Pinnacle Hollywood FX for Studio
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"MediaCoder" = MediaCoder 0.7.0-rc1
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"nbi-nb-base-6.0.1.1.200801291616" = NetBeans IDE 6.0.1
"NVIDIA Drivers" = NVIDIA Drivers
"Photodex Presenter" = Photodex Presenter
"PokerStars" = PokerStars
"PremElem30" = Adobe Premiere Elements 3.0
"PROPLUS" = Microsoft Office Professional Plus 2007
"ProShow Producer" = ProShow Producer
"QuicktimeAlt_is1" = QuickTime Alternative 1.78
"SC Video Cut and Split_is1" = SC Video Cut and Split 2.3.0.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SysInfo" = Creative System Information
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Winamax_is1" = Winamax
"WinLiveSuite_Wave3" = Installation Windows Live
"XP Codec Pack" = XP Codec Pack
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-855578019-2022893321-3212055799-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/07/2010 12:27:27 | Computer Name = PC-de-Marlène | Source = MsiInstaller | ID = 11706
Description =

Error - 03/07/2010 02:05:04 | Computer Name = PC-de-Marlène | Source = MsiInstaller | ID = 11706
Description =

Error - 04/07/2010 14:41:02 | Computer Name = PC-de-Marlène | Source = MsiInstaller | ID = 11706
Description =

Error - 07/07/2010 20:41:52 | Computer Name = PC-de-Marlène | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 8.0.6001.18928, horodatage
0x4bdfa327, module défaillant Flash10c.ocx, version 10.0.32.18, horodatage 0x4a613d79,
code d’exception 0xc0000005, décalage d’erreur 0x00250a4a, ID du processus 0x660,
heure de début de l’application 0x01cb1e2f10ceeda0.

Error - 07/07/2010 20:42:17 | Computer Name = PC-de-Marlène | Source = Application Hang | ID = 1002
Description = Le programme iexplore.exe version 8.0.6001.18928 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans l’application Rapports
et solutions aux problèmes du Panneau de configuration. ID de processus : 504 Heure
de début : 01cb1e2f100e1e40 Heure de fin : 7

Error - 10/07/2010 14:45:30 | Computer Name = PC-de-Marlène | Source = MsiInstaller | ID = 11706
Description =

Error - 10/07/2010 14:55:03 | Computer Name = PC-de-Marlène | Source = MsiInstaller | ID = 11706
Description =

Error - 11/07/2010 02:15:00 | Computer Name = PC-de-Marlène | Source = MsiInstaller | ID = 11706
Description =

Error - 11/07/2010 02:40:47 | Computer Name = PC-de-Marlène | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/07/2010 03:05:00 | Computer Name = PC-de-Marlène | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 03/05/2008 00:00:28 | Computer Name = PC-de-Marlène | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x800705AA

[ OSession Events ]
Error - 23/04/2007 07:49:16 | Computer Name = PC-de-Marlène | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1809
seconds with 1740 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 14/08/2010 05:56:43 | Computer Name = PC-de-Marlène | Source = Service Control Manager | ID = 7000
Description =

Error - 14/08/2010 05:57:19 | Computer Name = PC-de-Marlène | Source = Dhcp | ID = 1000
Description = Votre ordinateur a perdu le bail de son adresse IP 192.168.1.3 sur
la carte réseau d'adresse réseau 0019D26EC1D3.

Error - 14/08/2010 05:57:33 | Computer Name = PC-de-Marlène | Source = Dhcp | ID = 1001
Description = Le réseau n'a attribué aucune adresse à votre ordinateur (par le serveur
DHCP) pour la carte réseau avec l'adresse réseau 0019D26EC1D3. Il s'est produit
l'erreur suivante : %%258. Votre ordinateur va continuer à essayer d'obtenir sa
propre adresse auprès du serveur d'adresse réseau (DHCP).

Error - 14/08/2010 07:07:26 | Computer Name = PC-de-Marlène | Source = disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.

Error - 14/08/2010 07:07:30 | Computer Name = PC-de-Marlène | Source = disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.

Error - 14/08/2010 10:01:10 | Computer Name = PC-de-Marlène | Source = EventLog | ID = 6008
Description = L'arrêt système précédant à 15:13:56 le 14/08/2010 n'était pas prévu.

Error - 14/08/2010 10:02:16 | Computer Name = PC-de-Marlène | Source = Service Control Manager | ID = 7000
Description =

Error - 14/08/2010 10:35:12 | Computer Name = PC-de-Marlène | Source = Service Control Manager | ID = 7000
Description =

Error - 14/08/2010 10:47:47 | Computer Name = PC-de-Marlène | Source = disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.

Error - 14/08/2010 10:47:52 | Computer Name = PC-de-Marlène | Source = disk | ID = 262151
Description = Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.


<End>
boyboy-_^
 
Messages: 14
Inscription: 30 Nov 2009, 23:03

Messagede nickW » 16 Aoû 2010, 00:35

Bonsoir,

Remarque:
Un message de l'Observateur d'événements est inquiétant:
Le périphérique \Device\Harddisk0\DR0 comporte un bloc défectueux.



Nouvelle analyse:


Étape 1: Pas de processus de contrôle d'intégrité
Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant TeaTimer. Fermer Spybot-S&D.
Faire redémarrer le PC.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand et comment le faire).


Étape 2: Toolbar-S&D (de la Team IDN), téléchargement
Télécharger Toolbar-S&D via un clic droit sur l'un des liens ci-dessous:
http://eric71.geekstogo.com/tools/ToolBarSD.exe
http://eric.71.mespages.googlepages.com/ToolBarSD.exe
Enregistrer le fichier sur le Bureau.


Étape 3: Désactivation des programmes de sécurité résidents
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 4: Toolbar-S&D (de la Team IDN), option 1: Recherche
Faire un double clic sur ToolBarSD.exe situé sur le Bureau pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Lorsque la recherche est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 5: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de ToolBar S&D (contenu du fichier SystemDrive\TB.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede boyboy-_^ » 24 Aoû 2010, 12:30

Bonjour,
Alors je ne sais pas si cela vient de l'infection mais l'ordinateur portable ne s'allume plus...
Enfin si, mais il reste sur un écran noir. C'est une série HP Pavilion dv9 et apparemment beaucoup de modèle ont eut se problème.

Symptôme : écran noir au démarrage et pas de lancement sur windows.
Pas d'accès au BIOS.

J'ai testé d'amorcer ubuntu avec liveCD mais au chargement de ubuntu, l'écran affiche des rayure et l'appareil ne répond plus.

Je ne vois pas grand chose a faire mise à part de jeter l'appareil à la déchèterie :shock: .
Je vais surement mettre la carte mère au four, apparemment après 5 min de chauffage à 180°C elle peut refonctionnée.

Merci de votre aide en tout cas
et si vous avez des solutions n'hésiter pas même cela ne dépend plus de votre ressort
Amicalement
boyboy-_^
 
Messages: 14
Inscription: 30 Nov 2009, 23:03

Messagede nickW » 26 Aoû 2010, 00:52

Bonsoir,

Un problème matériel est en effet reconnu par HP:

http://h10025.www1.hp.com/ewfrf/wc/docu ... =c01115889

Mais je ne pense pas que ce portable soit encore sous garantie (même prolongée de 24 mois).


... Le PC était infecté.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede boyboy-_^ » 06 Sep 2010, 10:07

Bonjour,
alors j'ai complètement démonté l'ordinateur, sortie la carte mère de sa cage :Mouaaarrrrffffffff: en ayant pris soin d'enlever le processeur et tous les plastiques qui la protège et la passée au four 2 fois 160°C de chaque coté.... :shock:

Résultat pas de réaction au remontage.

Finalement je l'ai confié a un collègue qui lui la passé au four a 175°C avec un peu de pâte thermique et BINCO

L'ordinateur remarche, je ne sais pour combien de temps mais je vous renvoi le rapport d'analyse dans la foulée.
boyboy-_^
 
Messages: 14
Inscription: 30 Nov 2009, 23:03

Messagede nickW » 10 Sep 2010, 23:57

Bonsoir,

Bientôt le navarin de disque dur et la potée de clé USB.

Image

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede boyboy-_^ » 12 Sep 2010, 14:03

Bonjour,
oui c'est presque ça, un diner presque parfait de carte graphique ! ^^

Par contre, mon collègue a dû faire une recherche et destruction de logiciel malveillant (je ne lui ai pas préciser de ne rien toucher.... ) donc je ne sais si cela compromet la suite de la désinfection sur le forum...

En attendant, Voici le rapport toolbarsd


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz )
BIOS : Ver 1.00PARTTBLv
USER : Marlène ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:143 Go (Free:63 Go)
D:\ (Local Disk) - NTFS - Total:149 Go (Free:71 Go)
E:\ (Local Disk) - NTFS - Total:5 Go (Free:1 Go)
F:\ (CD or DVD)
H:\ (USB) - FAT32 - Total:3927 Mo (Free:3 Go)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 12/09/2010|14:52 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.fr/"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Local Page"="C:\\Windows\\System32\\blank.htm"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\MARLNE~1\Desktop\ZIC TONTON\sons\- eminem feat dr dre & 50 cent - crack a bottle.mp3


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 12/09/2010|14:48 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 12/09/2010|14:53 - Option : [1]

-----------\\ Fin du rapport a 14:53:25,01
boyboy-_^
 
Messages: 14
Inscription: 30 Nov 2009, 23:03


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 54 invités

cron