résultat des rapports d'analyse - pour pc piraté par keylogg

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede statue0065 » 11 Déc 2010, 09:40

Je désinstalle avast, pour le hide je ne sais pas où le trouver? peux tu m'aider?merci
statue0065
 
Messages: 43
Inscription: 10 Déc 2010, 02:25

Messagede statue0065 » 11 Déc 2010, 09:52

C est fait, je pense avoir réussi à désinstaller ce que l'internaute de l'autre forum m avait fait télécharger. Je n'irai pls sur l'autre forum, je comprends bien.

Par contre, maintenant quelle est la 2nde étape?

Ah j'ai failli oublié, mozilla firefoxx ne fonctionne plus... Je suis sous internet explorer.

Pour l'antivirus, rien à remarquer, il est actif c'est tout (niveau vraiment débutante, tous ces trucs info qu'il faut savoir, pas mon truc...)

merci.
statue0065
 
Messages: 43
Inscription: 10 Déc 2010, 02:25

Messagede nickW » 11 Déc 2010, 19:41

Bonsoir,

1/ Dans Firefox, sais-tu ce qu'est l'extension "Is Cool"?


2/ Trojan Remover n'est pas un programme gratuit.
L'as-tu acheté?




3/ Premiers nettoyages


Étape 1: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Tous les programmes---->Accessoires---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
FF - prefs.js..extensions.enabledItems: support@super-hide-ip.com:1.0
FF - prefs.js..network.proxy.ftp: "69.164.204.168"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "69.164.204.168"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "69.164.204.168"
FF - prefs.js..network.proxy.http_port: 3128

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: statue0065.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image AVG 8.5 & 9: lancer AVG, double clic sur le composant "Bouclier résident", décocher "Bouclier résident actif"


Étape 3: OTL (de OldTimer), correction

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 5: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection. Firefox est-il utilisable?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede statue0065 » 12 Déc 2010, 11:55

Bonjour,

Je vais faire ces manipulations en rentrant chez moi vers 16H. Et te tiendrais au courant de toutes les anomalies que je verrais sur mon pc même le plus petit détails qui cloche.

J'avais oublié de préciser qu'il est plus que probable que mon réseau (je sais pas si il y a un terme bien précis pour ça) avait sûrement été piraté, car pour le compte facebook, je recevais des notifications par mail à chacune des mes connections et il y a quelqu'un qui se connectait à 2h 4h etc... du matin mais c'est mon adresse ip qui était indiqué dans les messages. Ce n'était évidemment pas moi. C'est pour ça que j'ai demandé à mon fournisseur pour changer la clé réseau.

J'en ai parlé au service informatique de mon boulot, et ne savait pas trop comment faire, un ami est donc venu avec sa clé pour m'installer avg et le hide et remove trojan. C'est sûr, ça sert peut être à rien d'installer pleins de trucs mais n'étant pas une pro, ça rassure (tout du moins dans mon cas) sur le coup...

Oustpro, un autre logiciel que j'avais installé, avait indiqué un truc du genre "un hôte (avec adresse ip) a essayé de rentrer ou d'écouter un port (je sais plus trop quoi ni lequel) " mais ne l'avait pas bloqué.

Par contre je ne sais vraiment comment faire fonctionner tout ça, et ne suis même pas sûre d'avoir réussi à tout désinstaller.

En attendant de pouvoir faire ces manips sur mon micro, pouvez vous me dire si d'une j'ai bien fait en changeant la clé? et si mon pc présente des traces de piratage ou autre svp?

On m'a parlé aussi du formatage? c'est quoi exactement et serait ce utile dans mon cas?

Je sais ça fait beaucoup de questions, mais je panique un peu quand même... je ramène souvent du boulot chez moi. Ces dossiers sur lesquels je travaille sont quand même "confidentiels".

Merci pour votre réponse,

Et effectivement : affaire à suivre....
statue0065
 
Messages: 43
Inscription: 10 Déc 2010, 02:25

Messagede statue0065 » 12 Déc 2010, 18:42

Voici le premier fichier :

All processes killed
Error: Unable to interpret <rien > in the current context!
========== OTL ==========
Prefs.js: support@super-hide-ip.com:1.0 removed from extensions.enabledItems
Prefs.js: "69.164.204.168" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "69.164.204.168" removed from network.proxy.gopher
Prefs.js: 3128 removed from network.proxy.gopher_port
Prefs.js: "69.164.204.168" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: vivi
->Temp folder emptied: 195896818 bytes
->Temporary Internet Files folder emptied: 31655519 bytes
->Java cache emptied: 127927773 bytes
->FireFox cache emptied: 57922858 bytes
->Flash cache emptied: 3293 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18945790 bytes
RecycleBin emptied: 3841892 bytes

Total Files Cleaned = 416,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 12122010_181118

Files\Folders moved on Reboot...
C:\Users\vivi\AppData\Local\Temp\ehmsas.txt moved successfully.
File\Folder C:\Users\vivi\AppData\Local\Temp\~DF6029.tmp not found!
File\Folder C:\Users\vivi\AppData\Local\Temp\~DF6034.tmp not found!
File\Folder C:\Users\vivi\AppData\Local\Temp\~DFF77F.tmp not found!
File\Folder C:\Users\vivi\AppData\Local\Temp\~DFF79A.tmp not found!
File\Folder C:\Users\vivi\AppData\Local\Temp\~DFF7B8.tmp not found!
File\Folder C:\Users\vivi\AppData\Local\Temp\~DFF7BD.tmp not found!
File\Folder C:\Users\vivi\AppData\Local\Temp\~DFF801.tmp not found!
File\Folder C:\Users\vivi\AppData\Local\Temp\~DFF809.tmp not found!
C:\Users\vivi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Q0VQD967\assiste_com_free_fr[1].htm moved successfully.
C:\Users\vivi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...
statue0065
 
Messages: 43
Inscription: 10 Déc 2010, 02:25

Messagede statue0065 » 12 Déc 2010, 18:46

le 2nd rapport :

OTL logfile created on: 10/12/2010 19:38:01 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\vivi\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 013,00 Mb Total Physical Memory | 190,00 Mb Available Physical Memory | 19,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106,70 Gb Total Space | 78,74 Gb Free Space | 73,79% Space Free | Partition Type: NTFS
Drive D: | 5,09 Gb Total Space | 1,21 Gb Free Space | 23,83% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: vivi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/10 18:49:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\vivi\Downloads\OTL.exe
PRC - [2010/12/10 17:22:32 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/10 17:22:22 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/12/10 17:22:20 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/12/10 17:22:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/12/10 17:21:56 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
PRC - [2010/12/10 17:21:55 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/10 17:21:00 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/12/10 17:20:52 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/12/10 17:20:51 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/12/10 17:20:48 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/12/10 17:20:38 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/12/10 14:39:27 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe
PRC - [2010/12/10 11:57:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/10 11:57:35 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/27 09:20:10 | 003,804,912 | ---- | M] (SuperHideIP.Com) -- C:\Program Files\SuperHideIP\SuperHideIP.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/09/29 17:15:02 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/08/19 10:31:42 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:31:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2006/11/02 10:24:10 | 000,491,606 | ---- | M] () -- C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
PRC - [2005/07/12 18:54:32 | 000,278,528 | ---- | M] () -- C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
PRC - [2004/06/09 14:37:02 | 000,040,960 | ---- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXE


========== Modules (SafeList) ==========

MOD - [2010/12/10 18:49:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\vivi\Downloads\OTL.exe
MOD - [2010/12/10 17:22:21 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
MOD - [2010/09/20 10:25:01 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msshsq.dll
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2009/09/29 19:34:56 | 000,241,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\PortableDeviceApi.dll
MOD - [2009/09/29 17:49:05 | 002,386,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMVCORE.DLL
MOD - [2009/09/29 17:00:59 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WindowsCodecs.dll
MOD - [2008/11/27 05:35:06 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll
MOD - [2008/01/19 08:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\rsaenh.dll
MOD - [2008/01/19 08:36:58 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WMASF.DLL
MOD - [2008/01/19 08:36:40 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\thumbcache.dll
MOD - [2008/01/19 08:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\SLC.dll
MOD - [2008/01/19 08:35:58 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntlanman.dll
MOD - [2008/01/19 08:35:37 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\networkexplorer.dll
MOD - [2008/01/19 08:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\duser.dll
MOD - [2008/01/19 08:34:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cscapi.dll
MOD - [2008/01/19 08:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\actxprxy.dll
MOD - [2006/11/02 13:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\IconCodecService.dll
MOD - [2006/11/02 13:34:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\davclnt.dll
MOD - [2006/11/02 10:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drprov.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/12/10 17:22:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/12/10 17:21:55 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/10 17:21:00 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/12/10 17:20:52 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006/06/26 09:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\DRIVERS\afw.sys -- (afw)
DRV - [2010/12/10 17:22:29 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/10 17:22:20 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/12/10 17:21:59 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/12/10 17:21:58 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2010/12/10 17:21:58 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2010/12/10 17:21:58 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2010/12/10 17:21:06 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/12/10 17:20:51 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/12/10 17:20:40 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2006/11/30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/17 17:20:26 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/11/17 17:20:26 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/15 07:24:00 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/09 10:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Pilote de carte réseau Intel(R)
DRV - [2006/11/06 11:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/06 11:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/02 15:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 12:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 12:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 12:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/26 00:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/02/26 15:25:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbVM31b.sys -- (ZSMC301b)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2549409942-649879418-3700690813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKU\S-1-5-21-2549409942-649879418-3700690813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2549409942-649879418-3700690813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2549409942-649879418-3700690813-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2549409942-649879418-3700690813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2549409942-649879418-3700690813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=69.164.204.168:3128;ftp=69.164.204.168:3128;https=69.164.204.168:3128;

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"
FF - prefs.js..extensions.enabledItems: {636fae0b-69b4-4324-9fea-80fc7fb887dc}:1.300.306
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: support@super-hide-ip.com:1.0
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=61101&p="
FF - prefs.js..network.proxy.ftp: "69.164.204.168"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "69.164.204.168"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "69.164.204.168"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=61101&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/12/10 17:42:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/12/10 17:27:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 11:57:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 11:57:45 | 000,000,000 | ---D | M]

[2009/11/04 20:43:13 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\mozilla\Extensions
[2010/12/10 18:16:15 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\mozilla\Firefox\Profiles\5lkcum6r.default\extensions
[2010/04/27 18:37:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\vivi\AppData\Roaming\mozilla\Firefox\Profiles\5lkcum6r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/13 17:29:56 | 000,000,000 | ---D | M] (Is Cool) -- C:\Users\vivi\AppData\Roaming\mozilla\Firefox\Profiles\5lkcum6r.default\extensions\{636fae0b-69b4-4324-9fea-80fc7fb887dc}
[2010/12/10 18:16:02 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\mozilla\Firefox\Profiles\5lkcum6r.default\extensions\support@super-hide-ip.com
[2010/07/17 20:57:15 | 000,001,741 | ---- | M] () -- C:\Users\vivi\AppData\Roaming\Mozilla\FireFox\Profiles\5lkcum6r.default\searchplugins\search-the-web.xml
[2009/11/15 15:41:16 | 000,003,729 | ---- | M] () -- C:\Users\vivi\AppData\Roaming\Mozilla\FireFox\Profiles\5lkcum6r.default\searchplugins\Searcheo.xml
[2010/10/04 18:24:34 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/10/22 05:18:36 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/10/22 05:18:36 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/10/22 05:18:36 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/10/22 05:18:36 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/10/22 05:18:36 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM_STI.EXE (BIGDOG)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2549409942-649879418-3700690813-1000..\Run: [] F:\Super Hide IP 3.0.6.2 + Crack\Super Hide IP 3.0.6.2\Crack\SuperHideIP.exe File not found
O4 - HKU\S-1-5-21-2549409942-649879418-3700690813-1000..\Run: [ISUSPM Startup] C:\Programmes\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - Startup: C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2549409942-649879418-3700690813-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/10 19:00:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/10 19:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/10 18:23:18 | 000,000,000 | ---D | C] -- C:\Users\vivi\Documents\Simply Super Software
[2010/12/10 18:22:44 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010/12/10 18:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/12/10 18:22:38 | 000,000,000 | ---D | C] -- C:\Users\vivi\AppData\Roaming\Simply Super Software
[2010/12/10 18:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/12/10 18:14:14 | 000,000,000 | ---D | C] -- C:\Users\vivi\AppData\Roaming\SuperHideIP
[2010/12/10 18:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperHideIP
[2010/12/10 18:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\SuperHideIP
[2010/12/10 18:11:55 | 000,000,000 | ---D | C] -- C:\Users\vivi\AppData\Roaming\F__Super Hide IP 3.0.6.2 + Crack_Super Hide IP 3.0.6.2_Crack_SuperHideIP.exe
[2010/12/10 18:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\F__Super Hide IP 3.0.6.2 + Crack_Super Hide IP 3.0.6.2_Crack_SuperHideIP.exe
[2010/12/10 17:59:39 | 000,000,000 | ---D | C] -- C:\Users\vivi\AppData\Local\AVG Security Toolbar
[2010/12/10 17:22:21 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/12/10 17:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/12/10 14:14:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/12/10 14:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/12/10 14:12:37 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/12/10 14:12:36 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/12/10 14:12:33 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/12/10 14:12:32 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/12/10 14:12:28 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/12/10 14:10:04 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/12/10 14:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/12/10 14:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/12/09 21:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\SEAF
[2010/12/08 23:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/11/28 18:10:28 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/11/28 18:10:28 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/11/28 18:10:27 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/11/28 18:10:27 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/11/28 18:10:25 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/11/28 18:09:17 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/28 18:09:16 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

========== Files - Modified Within 30 Days ==========

[2010/12/10 19:51:44 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{37A44AF2-3AC5-449A-ACDC-850441E40271}.job
[2010/12/10 19:43:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/10 19:43:26 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/10 19:00:25 | 000,000,913 | ---- | M] () -- C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/10 19:00:20 | 000,000,733 | ---- | M] () -- C:\Users\vivi\Desktop\NTREGOPT.lnk
[2010/12/10 19:00:20 | 000,000,714 | ---- | M] () -- C:\Users\vivi\Desktop\ERUNT.lnk
[2010/12/10 18:58:12 | 000,000,541 | ---- | M] () -- C:\Users\vivi\Desktop\erunt-loc_fr.zip - Raccourci.lnk
[2010/12/10 18:58:06 | 000,000,584 | ---- | M] () -- C:\Users\vivi\Desktop\erunt-setup.exe - Raccourci.lnk
[2010/12/10 18:50:20 | 000,000,538 | ---- | M] () -- C:\Users\vivi\Desktop\OTL.exe - Raccourci.lnk
[2010/12/10 18:28:54 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/12/10 18:14:04 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\Super Hide IP.lnk
[2010/12/10 17:46:33 | 000,000,150 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/12/10 17:42:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/10 17:42:32 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/10 17:29:02 | 000,638,975 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/12/10 17:22:29 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/12/10 17:22:21 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/12/10 17:22:20 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/12/10 17:21:59 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/12/10 17:21:33 | 068,781,423 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/12/10 17:21:06 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/12/10 17:20:51 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/12/10 17:20:45 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/12/10 17:20:45 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/12/10 17:20:40 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/12/10 17:00:03 | 000,001,057 | ---- | M] () -- C:\Users\vivi\Desktop\Revo Uninstaller.lnk
[2010/12/10 14:15:00 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/12/10 14:14:59 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/12/10 14:14:21 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/12/10 14:01:29 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/12/10 14:01:29 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/10 14:01:29 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/12/10 14:01:29 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/10 01:29:20 | 000,000,036 | ---- | M] () -- C:\Users\vivi\AppData\Local\housecall.guid.cache
[2010/12/09 00:03:43 | 000,022,730 | ---- | M] () -- C:\Users\vivi\Documents\cc_20101209_000327.reg
[2010/12/08 23:28:44 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/28 18:10:29 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/11/28 18:10:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2010/12/10 19:00:25 | 000,000,913 | ---- | C] () -- C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/10 19:00:20 | 000,000,733 | ---- | C] () -- C:\Users\vivi\Desktop\NTREGOPT.lnk
[2010/12/10 19:00:20 | 000,000,714 | ---- | C] () -- C:\Users\vivi\Desktop\ERUNT.lnk
[2010/12/10 18:58:12 | 000,000,541 | ---- | C] () -- C:\Users\vivi\Desktop\erunt-loc_fr.zip - Raccourci.lnk
[2010/12/10 18:58:06 | 000,000,584 | ---- | C] () -- C:\Users\vivi\Desktop\erunt-setup.exe - Raccourci.lnk
[2010/12/10 18:50:20 | 000,000,538 | ---- | C] () -- C:\Users\vivi\Desktop\OTL.exe - Raccourci.lnk
[2010/12/10 18:28:54 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/12/10 18:22:45 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/12/10 18:22:44 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/12/10 18:22:44 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/12/10 18:22:44 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/12/10 18:14:04 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Super Hide IP.lnk
[2010/12/10 17:00:03 | 000,001,057 | ---- | C] () -- C:\Users\vivi\Desktop\Revo Uninstaller.lnk
[2010/12/10 16:37:42 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/10 14:15:00 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/12/10 14:14:59 | 000,638,975 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/12/10 14:14:59 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/12/10 14:14:21 | 068,781,423 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/12/10 14:14:21 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/12/10 14:14:21 | 000,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/12/10 14:14:21 | 000,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/12/10 01:29:20 | 000,000,036 | ---- | C] () -- C:\Users\vivi\AppData\Local\housecall.guid.cache
[2010/12/09 00:03:35 | 000,022,730 | ---- | C] () -- C:\Users\vivi\Documents\cc_20101209_000327.reg
[2010/12/08 23:28:44 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/28 18:10:29 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/08/05 16:36:36 | 000,069,632 | ---- | C] () -- C:\Windows\System32\MobOlExt.dll
[2010/02/01 18:31:40 | 000,004,892 | ---- | C] () -- C:\Users\vivi\AppData\Local\d3d9caps.dat
[2009/10/02 13:14:38 | 000,007,680 | ---- | C] () -- C:\Users\vivi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 00:05:51 | 000,000,000 | ---- | C] () -- C:\Users\vivi\AppData\Local\QSwitch.txt
[2009/09/26 00:05:51 | 000,000,000 | ---- | C] () -- C:\Users\vivi\AppData\Local\DSwitch.txt
[2009/09/26 00:05:51 | 000,000,000 | ---- | C] () -- C:\Users\vivi\AppData\Local\AtStart.txt
[2006/11/29 08:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 12:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 10:05:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/06 10:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 10:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/18 23:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/18 23:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

========== LOP Check ==========

[2010/12/10 18:11:55 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\F__Super Hide IP 3.0.6.2 + Crack_Super Hide IP 3.0.6.2_Crack_SuperHideIP.exe
[2009/11/15 15:41:16 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\Icones
[2009/11/04 21:57:47 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\OpenOffice.org
[2010/12/10 18:22:38 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\Simply Super Software
[2010/12/10 18:14:14 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\SuperHideIP
[2010/12/10 17:40:52 | 000,032,562 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/12/10 19:51:44 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{37A44AF2-3AC5-449A-ACDC-850441E40271}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\drivers\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009/09/29 17:18:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009/09/29 17:18:10 | 000,021,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/09/29 17:18:10 | 000,021,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) Unable to obtain MD5 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\System32\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\System32\scecli.dll
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtrans.dll
[2008/01/19 08:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\rsaenh.dll
[2008/01/19 08:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
statue0065
 
Messages: 43
Inscription: 10 Déc 2010, 02:25

Messagede statue0065 » 12 Déc 2010, 18:58

Pour ce qui concerne les anomalies :

il y a deux jours environ, je ne pouvais plus utiliser la touche arobase, maintenant celle-ci fonctionne.
le pc et lent,
mozilla ne fonctionnait plus, je viens à l'instant de réessayer, c'est un peu long mais il refonctionne, par contre un autre onglet s'ouvre, voici le message :
"Logging you in, you will now be redirected back to isCool!

If you are not redirected, please follow these steps

* Go to the front page of isCool
* Click on the login link within the toolbar.

If you are still having problems, please make sure you are on a cookie enabled browser."

Is cool, c'est un (programme?, application?) de facebook, pour gagner des points, des images etc...
par contre je ne comprends pas que ce message s'affiche... je ne me rappelle pas avoir installé quoi que ce soit du nom de is cool.

Au démarrage du pc, je me suis aussi rendue compte que ERUNT affichait un messag d'erreur en anglais, je ne sais pas comment le copier...

Je manque certainement de clarté dans mes réponses, qui sont souvent incomplètes (d'où tous les messages postés ci-dessus)
Si tu as besoin d'avoir des informatons supplémentaires, dis le moi.
J'ai hâte de savoir, tout du moins d'être rassurée sur l'état du pc.
Merci encore.
statue0065
 
Messages: 43
Inscription: 10 Déc 2010, 02:25

Messagede nickW » 13 Déc 2010, 00:51

Bonsoir,


1/ Dans les extensions de Firefox (Menu Outils ----> Modules complémentaires ----> Extensions), descendre jusqu'à Is Cool et cliquer sur le bouton Désactiver.


2/ Le rapport d'analyse OTL que tu as envoyé est celui de vendredi dernier.

Il faut en re-créer un nouveau en suivant l'Étape 5: OTL (de OldTimer), analyse rapide ci-dessus et envoyer ce nouveau rapport OTL.Txt.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede statue0065 » 13 Déc 2010, 07:57

Bonjour, voici le rapport :


OTL logfile created on: 13/12/2010 07:41:00 - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\vivi\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1 013,00 Mb Total Physical Memory | 144,00 Mb Available Physical Memory | 14,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 51,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106,70 Gb Total Space | 77,19 Gb Free Space | 72,34% Space Free | Partition Type: NTFS
Drive D: | 5,09 Gb Total Space | 1,21 Gb Free Space | 23,83% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: vivi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/12/10 18:49:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\vivi\Downloads\OTL.exe
PRC - [2010/12/10 17:22:32 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/10 17:22:22 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/12/10 17:22:20 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/12/10 17:22:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/12/10 17:21:56 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
PRC - [2010/12/10 17:21:55 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/10 17:21:00 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/12/10 17:20:52 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/12/10 17:20:51 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/12/10 17:20:48 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/12/10 17:20:38 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/12/10 11:57:35 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/08 05:25:50 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe
PRC - [2010/01/11 15:21:52 | 000,490,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/29 17:15:02 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/08/19 10:31:42 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:31:40 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2006/11/02 10:24:10 | 000,491,606 | ---- | M] () -- C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
PRC - [2005/07/12 18:54:32 | 000,278,528 | ---- | M] () -- C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
PRC - [2004/06/09 14:37:02 | 000,040,960 | ---- | M] (BIGDOG) -- C:\WINDOWS\VM_STI.EXE


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/12/10 18:49:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\vivi\Downloads\OTL.exe
MOD - [2010/12/10 17:22:21 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
MOD - [2010/08/31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2010/12/10 17:22:09 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/12/10 17:21:55 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/10 17:21:00 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/12/10 17:20:52 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/10/06 11:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006/06/26 09:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\SandBox.sys -- (SandBox)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\DRIVERS\afw.sys -- (afw)
DRV - [2010/12/10 17:22:29 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/10 17:22:20 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/12/10 17:21:59 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/12/10 17:21:58 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2010/12/10 17:21:58 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2010/12/10 17:21:58 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2010/12/10 17:21:06 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2010/12/10 17:20:51 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/12/10 17:20:40 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2006/11/30 10:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/17 17:20:26 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/11/17 17:20:26 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/15 07:24:00 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/09 10:02:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Pilote de carte réseau Intel(R)
DRV - [2006/11/06 11:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/06 11:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/02 15:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 12:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 12:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 12:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/26 00:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 09:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/02/26 15:25:52 | 000,091,527 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbVM31b.sys -- (ZSMC301b)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"
FF - prefs.js..keyword.URL: "http://search.freecause.com/search?fr=freecause&ourmark=3&type=61101&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/12/10 17:42:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/12/10 17:27:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 11:57:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 11:57:45 | 000,000,000 | ---D | M]

[2009/11/04 20:43:13 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\mozilla\Extensions
[2010/12/13 07:35:56 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\mozilla\Firefox\Profiles\5lkcum6r.default\extensions
[2010/04/27 18:37:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\vivi\AppData\Roaming\mozilla\Firefox\Profiles\5lkcum6r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/13 17:29:56 | 000,000,000 | ---D | M] (Is Cool) -- C:\Users\vivi\AppData\Roaming\mozilla\Firefox\Profiles\5lkcum6r.default\extensions\{636fae0b-69b4-4324-9fea-80fc7fb887dc}
[2010/12/10 18:16:02 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\mozilla\Firefox\Profiles\5lkcum6r.default\extensions\support@super-hide-ip.com
[2010/12/12 18:53:20 | 000,001,734 | ---- | M] () -- C:\Users\vivi\AppData\Roaming\Mozilla\FireFox\Profiles\5lkcum6r.default\searchplugins\search-the-web.xml
[2009/11/15 15:41:16 | 000,003,729 | ---- | M] () -- C:\Users\vivi\AppData\Roaming\Mozilla\FireFox\Profiles\5lkcum6r.default\searchplugins\Searcheo.xml
[2010/10/04 18:24:34 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/10/22 05:18:36 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/10/22 05:18:36 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/10/22 05:18:36 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/10/22 05:18:36 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/10/22 05:18:36 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BigDogPath] C:\Windows\VM_STI.EXE (BIGDOG)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] F:\Super Hide IP 3.0.6.2 + Crack\Super Hide IP 3.0.6.2\Crack\SuperHideIP.exe File not found
O4 - HKCU..\Run: [ISUSPM Startup] C:\Programmes\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - Startup: C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img33.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/12/12 18:11:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/12/12 17:58:09 | 000,000,000 | ---D | C] -- C:\Users\vivi\AppData\Roaming\AVG9
[2010/12/10 19:00:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/10 19:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/12/10 18:23:18 | 000,000,000 | ---D | C] -- C:\Users\vivi\Documents\Simply Super Software
[2010/12/10 18:14:14 | 000,000,000 | ---D | C] -- C:\Users\vivi\AppData\Roaming\SuperHideIP
[2010/12/10 18:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SuperHideIP
[2010/12/10 18:11:55 | 000,000,000 | ---D | C] -- C:\Users\vivi\AppData\Roaming\F__Super Hide IP 3.0.6.2 + Crack_Super Hide IP 3.0.6.2_Crack_SuperHideIP.exe
[2010/12/10 18:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\F__Super Hide IP 3.0.6.2 + Crack_Super Hide IP 3.0.6.2_Crack_SuperHideIP.exe
[2010/12/10 17:59:39 | 000,000,000 | ---D | C] -- C:\Users\vivi\AppData\Local\AVG Security Toolbar
[2010/12/10 17:22:21 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/12/10 17:00:00 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/12/10 14:14:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/12/10 14:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/12/10 14:12:37 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/12/10 14:12:36 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/12/10 14:12:33 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/12/10 14:12:32 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/12/10 14:12:28 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/12/10 14:10:04 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/12/10 14:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/12/10 14:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/12/09 21:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\SEAF
[2010/12/08 23:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/12/13 07:46:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{37A44AF2-3AC5-449A-ACDC-850441E40271}.job
[2010/12/13 07:39:35 | 068,866,313 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/12/13 07:33:27 | 000,000,150 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/12/13 07:31:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/13 07:31:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/13 07:31:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/13 07:31:11 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/10 19:00:25 | 000,000,913 | ---- | M] () -- C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/10 19:00:20 | 000,000,733 | ---- | M] () -- C:\Users\vivi\Desktop\NTREGOPT.lnk
[2010/12/10 19:00:20 | 000,000,714 | ---- | M] () -- C:\Users\vivi\Desktop\ERUNT.lnk
[2010/12/10 18:58:12 | 000,000,541 | ---- | M] () -- C:\Users\vivi\Desktop\erunt-loc_fr.zip - Raccourci.lnk
[2010/12/10 18:58:06 | 000,000,584 | ---- | M] () -- C:\Users\vivi\Desktop\erunt-setup.exe - Raccourci.lnk
[2010/12/10 18:50:20 | 000,000,538 | ---- | M] () -- C:\Users\vivi\Desktop\OTL.exe - Raccourci.lnk
[2010/12/10 17:29:02 | 000,638,975 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/12/10 17:22:29 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/12/10 17:22:21 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/12/10 17:22:20 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/12/10 17:21:59 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/12/10 17:21:06 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/12/10 17:20:51 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/12/10 17:20:45 | 000,492,629 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/12/10 17:20:45 | 000,142,495 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/12/10 17:20:40 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/12/10 17:00:03 | 000,001,057 | ---- | M] () -- C:\Users\vivi\Desktop\Revo Uninstaller.lnk
[2010/12/10 14:15:00 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/12/10 14:14:59 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/12/10 14:14:21 | 006,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/12/10 14:01:29 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/12/10 14:01:29 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/10 14:01:29 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/12/10 14:01:29 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/10 01:29:20 | 000,000,036 | ---- | M] () -- C:\Users\vivi\AppData\Local\housecall.guid.cache
[2010/12/09 00:03:43 | 000,022,730 | ---- | M] () -- C:\Users\vivi\Documents\cc_20101209_000327.reg
[2010/12/08 23:28:44 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/28 18:10:25 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/12/10 19:00:25 | 000,000,913 | ---- | C] () -- C:\Users\vivi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/12/10 19:00:20 | 000,000,733 | ---- | C] () -- C:\Users\vivi\Desktop\NTREGOPT.lnk
[2010/12/10 19:00:20 | 000,000,714 | ---- | C] () -- C:\Users\vivi\Desktop\ERUNT.lnk
[2010/12/10 18:58:12 | 000,000,541 | ---- | C] () -- C:\Users\vivi\Desktop\erunt-loc_fr.zip - Raccourci.lnk
[2010/12/10 18:58:06 | 000,000,584 | ---- | C] () -- C:\Users\vivi\Desktop\erunt-setup.exe - Raccourci.lnk
[2010/12/10 18:50:20 | 000,000,538 | ---- | C] () -- C:\Users\vivi\Desktop\OTL.exe - Raccourci.lnk
[2010/12/10 17:00:03 | 000,001,057 | ---- | C] () -- C:\Users\vivi\Desktop\Revo Uninstaller.lnk
[2010/12/10 16:37:42 | 1063,378,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/10 14:15:00 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/12/10 14:14:59 | 000,638,975 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/12/10 14:14:59 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/12/10 14:14:21 | 068,866,313 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/12/10 14:14:21 | 006,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2010/12/10 14:14:21 | 000,492,629 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2010/12/10 14:14:21 | 000,142,495 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2010/12/10 01:29:20 | 000,000,036 | ---- | C] () -- C:\Users\vivi\AppData\Local\housecall.guid.cache
[2010/12/09 00:03:35 | 000,022,730 | ---- | C] () -- C:\Users\vivi\Documents\cc_20101209_000327.reg
[2010/12/08 23:28:44 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010/08/05 16:36:36 | 000,069,632 | ---- | C] () -- C:\Windows\System32\MobOlExt.dll
[2010/02/01 18:31:40 | 000,004,892 | ---- | C] () -- C:\Users\vivi\AppData\Local\d3d9caps.dat
[2009/10/02 13:14:38 | 000,007,680 | ---- | C] () -- C:\Users\vivi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 00:05:51 | 000,000,000 | ---- | C] () -- C:\Users\vivi\AppData\Local\QSwitch.txt
[2009/09/26 00:05:51 | 000,000,000 | ---- | C] () -- C:\Users\vivi\AppData\Local\DSwitch.txt
[2009/09/26 00:05:51 | 000,000,000 | ---- | C] () -- C:\Users\vivi\AppData\Local\AtStart.txt
[2006/11/29 08:32:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 12:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 10:05:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/06 10:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 10:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/18 23:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/18 23:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/12/12 17:58:10 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\AVG9
[2010/12/10 18:11:55 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\F__Super Hide IP 3.0.6.2 + Crack_Super Hide IP 3.0.6.2_Crack_SuperHideIP.exe
[2009/11/15 15:41:16 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\Icones
[2009/11/04 21:57:47 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\OpenOffice.org
[2010/12/10 18:14:14 | 000,000,000 | ---D | M] -- C:\Users\vivi\AppData\Roaming\SuperHideIP
[2010/12/13 00:00:16 | 000,032,562 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2010/12/13 07:46:20 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{37A44AF2-3AC5-449A-ACDC-850441E40271}.job

[color=#E56717]========== Purity Check ==========[/color]



< End of report >
statue0065
 
Messages: 43
Inscription: 10 Déc 2010, 02:25

Messagede statue0065 » 13 Déc 2010, 18:56

Bonsoir,

J'ai posté les rapports demandés, je souhaiterai savoir si effectivement un "keylogger" est présent sur l'ordinateur, pouvez-vous me répondre s'il vous plait?

merci d'avance.
statue0065
 
Messages: 43
Inscription: 10 Déc 2010, 02:25

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 25 invités